>> Upcoming:

Title:

Proof-of-Stake for Blockchain

Speaker:

Dr. Chaya Ganesh
Post-doctoral Researcher, Department of Computer Science, Aarhus University, Denmark

Date:

26 and 28 th February, 2019

Time:

3:30 - 5 pm

Abstract:

The talk will include issues with PoW, introduce PoS as an alternative, discuss basic structure of PoS class of protocols, and describe the Ouroboros Genesis protocol. Additionally, certain efficient ZK techniques, Ouroboros Praos proof-of-stake protocol, private lotteries and private Ouroboros Praos will be presented.


Biography of the speaker:

Chaya Ganesh is a post-doctoral researcher at the Aarhus Crypto group. She graduated with a PhD from the Courant Institute of Mathematical Sciences, New York University under the supervision of Prof. Yevgeniy Dodis. Chaya has worked on zero knowledge proofs, secure computation and consensus protocols during doctoral studies. She is currently working on efficient ZK proofs, blockchain style consensus protocols and maintains broad interest in theoretical and applied Cryptography.


read more ...

>> Past:

Title:

Proofs of Replicated Storage Without Timing Assumptions

Speaker:

Dr. Chaya Ganesh
Post-doctoral Researcher, Department of Computer Science, Aarhus University, Denmark

Date:

22nd November, 2018

Time:

11:00 am

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

In this work we provide a formal treatment of proof of replicated storage, a novel cryptographic primitive recently proposed in the context of a novel cryptocurrency, namely Filecoin. In a nutshell, proofs of replicated storage is a solution to the following problem: A user stores a file m on n different servers to ensure that the file will be available even if some of the servers fail. Using proof of retrievability, the user could check that every server is indeed storing the file. However, what if the servers collude and, in order to save on resources, decide to only store one copy of the file? A proof of replicated storage guarantees that, unless the server is indeed storing n copies of the file, the user will not accept the proof. While some candidate proofs of replicated storage have already been proposed, their soundness relies on timing assumptions, that is, the user must reject the proof if the prover does not reply within a certain time-bound. In this paper we provide the first construction of a proof of replication which does not rely on any timing assumptions. This is joint work with Ivan Damgård and Claudio Orlandi.


Biography of the speaker:

Chaya Ganesh is a post-doctoral researcher at the Aarhus Crypto group. She graduated with a PhD from the Courant Institute of Mathematical Sciences, New York University under the supervision of Prof. Yevgeniy Dodis. Chaya has worked on zero knowledge proofs, secure computation and consensus protocols during doctoral studies. She is currently working on efficient ZK proofs, blockchain style consensus protocols and maintains broad interest in theoretical and applied Cryptography.


read more ...

Title:

LevioSA: Lightweight Secure Arithmetic Computation

Speaker:

Muthuramakrishnan Venkitasubramaniam
Professor, Dept of Computer Science, University of Rochester, USA

Date:

15th November, 2018

Time:

04:00 pm

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

We study the problem of secure two-party computation of arithmetic circuits. This problem is motivated by privacy-preserving numerical computations, such as ones arising in the context of machine learning training and classification. Recent works on the problem have mainly focused on passively secure protocols, whose security holds against passive (``semi-honest'') parties but may completely break down in the presence of active (``malicious'') parties who can deviate from the protocol. In this work, we design, optimize, and implement an actively secure protocol for secure two-party arithmetic computation. A distinctive feature of our protocol is that it can make a fully modular black-box use of any passively secure implementation of oblivious linear function evaluation (OLE). OLE is a commonly used primitive for secure arithmetic computation, analogously to the role of oblivious transfer in secure Boolean computation. For typical circuits, our protocol requires roughly 4 invocations of passively secure OLE per multiplication gate. This significantly improves over the recent TinyOLE protocol (Döttling et al., ACM CCS 2017), which requires 22 invocations of actively secure OLE in general, or 44 invocations of a specific code-based passively secure OLE. We showcase the efficiency of our protocol by applying it to standard benchmarks. Our protocol can be applied for a securely outsourcing neural network classification system. This is the first actively secure implementation of its kind, strengthening the passive security provided by recent related works (Mohassel and Zhang, IEEE S&P 2017; Juvekar et al., USENIX 2018).


Biography of the speaker:

Muthu Venkitasubramaniam is an Associate Professor at the University of Rochester. He received his BTech degree in computer science from the Indian Institute of Technology, Madras in 2004. He attended Cornell University, where he worked with Rafael Pass receiving his Ph.D. in computer science in 2011. Before arriving at the University of Rochester, he spent a year at the Courant Institute of Mathematical Sciences (NYU) as a postdoctoral researcher supported by the Computing Innovation Fellowship. Muthu's interests are in the theory and practice of Cryptography and Network Security. He is a recipient of the Google Faculty Research award and his work on "L-Diversity: Privacy beyond K-Anonymity" received the ICDE 2017 Influential Paper Award.


read more ...

Title:

Result Pattern Hiding Searchable Encryption for Conjunctive Queries

Speaker:

Debdeep Mukhopadhyay
Professor, Dept of Computer Science and Engineering, Indian Institute of Technology Kharagpur

Date:

22nd October, 2018

Time:

02:30 pm

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to another (untrusted) party in a private manner, while maintaining the ability to selectively search over it. In Crypto 2013, Cash et al. proposed Oblivious Cross-Tags (OXT) - an efficient SSE protocol with support for conjunctive keyword search in a single-writer single-reader framework. While the OXT protocol offers high performance by adopting a number of specialised data-structures, it also trades-off security by leaking ‘partial’ database information to the server. Recent attacks have exploited similar partial information leakage to breach database confidentiality. Consequently, it is an open problem to design SSE protocols for conjunctive keyword search that plug such leakages while retaining comparable efficiency. In this work, we propose a new SSE protocol, called Hidden CrossTags (HXT), that removes ‘Keyword Pair Result Pattern’ (KPRP) leakage for conjunctive keyword search. We avoid this leakage by adopting symmetric-key Hidden Vector Encryption (SHVE) and probabilistic (Bloom filter) indexing into the HXT protocol. A central contribution of this work is the proposal of a ‘lightweight’ SHVE scheme that only uses efficient symmetric-key building blocks~(entirely avoiding elliptic curve-based operations), is amenable to parallel implementations, and achieves simulation-security against a single challenge ciphertext query and unbounded many secret-key queries. Adopting this efficient SHVE scheme, the overall practical storage and computational overheads of HXT over OXT are relatively small (no more than 10%), while providing a higher level of security. In this talk, I will briefly illustrate the ‘Keyword Pair Result Pattern’ (KPRP) leakage in the original OXT protocol, and discuss potential confidentiality breaches due to such leakages. Next, I will show how our HXT protocol plugs this leakage using SHVE and Bloom filters. I will provide a short description of our SHVE construction and compare its performance with that of existing bilinear map-based HVE schemes. Finally, I will present a case-study illustrating the performance and efficiency of our HXT protocol (in terms of storage requirements, pre-processing overhead and query delay) on actual datasets from Wikimedia Downloads. I shall conclude the talk with a proposal for a highly scalable framework for parallelized SSE implementation using hardware based crypto-accelerators, interfaced with a software based control unit and a memory controller unit.


Biography of the speaker:

Debdeep Mukhopadhyay is currently a full Professor at the Department of Computer Science and Engineering, IIT-Kharagpur, India. At IIT Kharagpur he initiated the Secured Embedded Architecture Laboratory (SEAL), with a focus on Embedded Security and Side Channel Attacks. Prior to this he worked as Associate Professor at IIT Kharagpur, visiting scientist at NTU Singapore, a visiting Associate Professor of NYU-Shanghai, Assistant Professor at IIT-Madras, and as Visiting Researcher at NYU Tandon-School-of-Engineering, USA. He holds a PhD, an MS, and a B. Tech from IIT Kharagpur, India. Dr. Mukhopadhyay's research interests are Cryptography, Hardware Security, and VLSI. His books include Fault Tolerant Architectures for Cryptography and Hardware Security (Springer), Cryptography and Network Security (Mc Graw Hills), Hardware Security: Design, Threats, and Safeguards (CRC Press), and Timing Channels in Cryptography (Springer). He has written more than 150 papers in peer-reviewed conferences and journals and has collaborated with several Indian and Foreign Organizations. He has been in the program committee of several top International conferences and is an Associate Editor of the International Association of Cryptologic Research (IACR) Transactions of CHES, Journal of Hardware and Systems Security, Journal of Cryptographic Engineering, Springer and ACM Transactions on Embedded Computing Systems. He has given several invited talks in industry and academia, including tutorial talks at premier conferences like CHES, WIFS, VLSID. Dr. Mukhopadhyay is the recipient of the Swarnajayanti DST Fellowship 2015-16, Young Scientist award from the Indian National Science Academy, the Young Engineer award from the Indian National Academy of Engineers, and is a Young Associate of the Indian Academy of Science. He was also awarded the Outstanding Young Faculty fellowship in 2011 from IIT Kharagpur, and the Techno-Inventor Best PhD award by the Indian Semiconductor Association. He has recently incubated a start-up on Hardware Security, ESP Pvt Ltd at IIT Kharagpur.


read more ...

Title:

Actively Secure Garbled Circuits with Constant Communication Overhead in the Plain Model

Speaker:

Dr. Carmit Hazay
Senior Lecturer, Computer Engineering Department, Bar-Ilan University, Israel

Date:

15th November, 2017

Time:

11:00 am

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

We consider the problem of constant-round secure two-party computation in the presence of active (malicious) adversaries. We present the first protocol that has only a constant multiplicative communication overhead compared to Yao's protocol for passive adversaries and can be implemented in the plain model by only making a black-box use of (parallel) oblivious transfer and a pseudo-random generator. This improves over the polylogarithmic overhead of the previous best protocol. A similar result could previously be obtained only in an amortized setting, using preprocessing, or by assuming bit-oblivious-transfer as an ideal primitive that has a constant cost. We present two variants of this result, one which is aimed at minimizing the number of oblivious transfers and another which is aimed at optimizing concrete efficiency. Our protocols are based on a novel combination of previous techniques together with a new efficient protocol to certify that pairs of strings transmitted via oblivious transfer satisfy a global relation. The communication complexity of the second variant of our protocol can beat the best previous protocols even for realistic values of the circuit size and the security parameter. This variant is particularly attractive in the offline-online setting, where the online cost is dominated by a single evaluation of an authenticated garbled circuit, and can also be made non-interactive using the Fiat-Shamir heuristic. This is a joint work with Yuval Ishai and Muthuramakrishnan Venkitasubramaniam.


Biography of the speaker:

Carmit Hazay is a Senior Lecturer in the Computer Engineering Department, Bar-Ilan University, Israel. In 2009 she completed her Ph.D. studies at Bar-Ilan University and started her post-doctoral training at Weizmann Institute of Science and IDC (2009-2010) and at Aarhus University, Denmark (2010-2012). She joined the Faculty of Engineering at Bar-Ilan University in October 2012.

read more ...