>> Upcoming:


>> Past:

Title:

Law and Algorithms: A Cryptographic Lens

Speaker:

Dr. Ran Canetti
IACR Fellow, Boston University

Date:

23rd January, 2020

Time:

4 - 5 pm

Venue:

Faculty Hall, Indian Institute of Science

Abstract:

Computer Science has had a complex relationship with Law since its early days. On the one hand, the disciplines are similar in that they both have deep theoretical roots and at the same time are all-encompassing and very applied. On the other hand, one discipline is founded on mathematics, while the other is purely humanistic in nature. Traditionally, the main points of contact between the discipline were centered around intellectual property for algorithms (software and hardware), and regulating the use and sale of products that include encryption algorithms. Recently, however, many more meeting points have emerged, including (but certainly not limited to) regulating the use of statistical risk-assessment and prediction algorithms; Applying traditionally-humanistic concepts such as privacy, bias, transparency, or individuality, to algorithms; Adjudicating and balancing the protection, sharing, and confinement of data; Determining algorithmic intent, awareness, and liability in automated contracts. Furthermore, cryptographic thinking and tools such as computation over encrypted data, multiparty computation, and zero-knowledge proofs emerge as game-changers in various realistic legal scenarios. This talk is a personal account of the emerging landscape of “Law and Algorithms”, shaped by my interactions with Law scholars and fellow Computer Scientists in the past few years. Three classes co-taught to a mixed audience of CS and Law students, where we tried to build bridges between the disciplines, were particularly influential, and also provide starting points for exciting new research. The classes were co-taught with Daniela Caruso, Aloni Cohen, Stacey Dogan, Cynthia Dwork, Ahmed Ghappour, Shafi Goldwasser, Martha Minow, Frank Partnoy, Pat Williams.


Biography of the speaker:

Ran Canetti is a professor of Computer Science and the director of the center for Reliable Information System and Cyber Security at Boston University. He is also a Fellow of the International Association for Cryptologic Research, an incumbent of the RSA Award in Mathematics 2018. Canetti graduated from the Weizmann Institute of Science in 1996, was a researcher at IBM Watson Research Center, and a professor of Computer Science at Tel Aviv University.


Canetti’s research interests span multiple aspects of cryptography and information security, with emphasis on the design, analysis and use of cryptographic protocols. Recently he has been interested in finding common ground for Law and Cryptography to collaborate towards enabling a better future for society.


read more ...

Title:

Secure Multiparty Computation

Speaker:

Dr. Yuval Ishai
Abraham Tulin Professor of Computer Science, Technion - Israel Institute of Technology

Date:

17th January, 2020

Time:

4 - 5 pm

Venue:

Faculty Hall, Indian Institute of Science

Abstract:

How can sensitive data be processed without introducing a single point of failure? How can several parties perform a joint computation on their secret inputs, say add them up or compute some other statistics, without revealing any additional information to each other except the desired output?


Secure multiparty computation is a powerful cryptographic tool for solving this kind of problem. The talk will give an overview of research in the area, covering classical results, connections with other problems, current research directions, and remaining challenges.


Biography of the speaker:

Yuval Ishai is presently a chaired professor of Computer Science at the Technion, Israel. He received his PhD at the Technion, served as a postdoctoral researcher at DIMACS Center, AT&T Labs Research and Princeton University, and spent two extended sabbaticals at UCLA. Yuval’s research focuses mostly on cryptography and its interactions with computational complexity theory. His works were recognized by the FOCS 2004, Crypto 2007, and Crypto 2016 Best Paper Awards and the SIAM Outstanding Paper Prize. He chaired the Theory of Cryptography and Eurocrypt conferences and was inducted as an IACR Fellow in 2018.


read more ...

Title:

Minicrypt Primitives with Algebraic Structure

Speaker:

Dr. Sikhar Patranabis
Research Associate, Dept. of CSA, IISc

Date:

29th October, 2019

Time:

4 - 5 pm

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

Algebraic structure lies at the heart of much of Cryptomania as we know it. An interesting question is the following: instead of building (Cryptomania) primitives from concrete assumptions, can we build them from simple Minicrypt primitives endowed with additional algebraic structure? In this work, we affirmatively answer this question by adding algebraic structure to the following Minicrypt primitives: one-way functions, weak unpredictable functions and weak pseudorandom functions. The algebraic structure that we consider is group homomorphism over the input/output spaces of these primitives. We show that these structured primitives can be used to construct several Cryptomania primitives in a generic manner. A few examples of such primitives include hash encryption, hinting PRGs, lossy trapdoor functions and maliciously secure OT/MPC in the plain/CRS model.


Our results make it substantially easier to show the feasibility of building many cryptosystems from novel assumptions in the future. In particular, we show how to realize any CDH/DDH-based protocol with certain properties in a generic manner from input-homomorphic weak unpredictable/pseudorandom functions, and hence, from any concrete assumption that implies the existence of these structured primitives. Our results also allow us to categorize many cryptographic protocols based on which structured Minicrypt primitive implies them. In particular, endowing Minicrypt primitives with increasingly richer algebraic structure allows us to gradually build a wider class of cryptoprimitives. This seemingly provides a hierarchical classification of many Cryptomania primitives based on the "amount" of structure inherently necessary for realizing them.


Biography of the speaker:

Sikhar Patranabis received his PhD in Computer Science with a specialization in cryptography from IIT Kharagpur, India. His research interests span all aspects of cryptography, with special focus on cryptographic complexity, encrypted analytics, and the design and implementation of real world cryptographic protocols. Sikhar is currently visiting the CrIS Lab as a research associate, hosted by Dr. Arpita Patra. He will be joining as a postdoctoral researcher in the Applied Cryptography group at ETH Zürich, hosted by Dr. Kenny Paterson. Sikhar was an IBM PhD fellow for the academic sessions 2016-17 and 2017-18. Prior to joining the PhD program, he completed his B.Tech from IIT Kharagpur, where he was the recipient of the President of India gold medal.


read more ...

Title:

Proof-of-Stake for Blockchain

Speaker:

Dr. Chaya Ganesh
Post-doctoral Researcher, Department of Computer Science, Aarhus University, Denmark

Date:

26th and 28th February, 2019

Time:

3:30 - 5 pm

Abstract:

The talk will include issues with PoW, introduce PoS as an alternative, discuss basic structure of PoS class of protocols, and describe the Ouroboros Genesis protocol. Additionally, certain efficient ZK techniques, Ouroboros Praos proof-of-stake protocol, private lotteries and private Ouroboros Praos will be presented.


Biography of the speaker:

Chaya Ganesh is a post-doctoral researcher at the Aarhus Crypto group. She graduated with a PhD from the Courant Institute of Mathematical Sciences, New York University under the supervision of Prof. Yevgeniy Dodis. Chaya has worked on zero knowledge proofs, secure computation and consensus protocols during doctoral studies. She is currently working on efficient ZK proofs, blockchain style consensus protocols and maintains broad interest in theoretical and applied Cryptography.


read more ...

Title:

Proofs of Replicated Storage Without Timing Assumptions

Speaker:

Dr. Chaya Ganesh
Post-doctoral Researcher, Department of Computer Science, Aarhus University, Denmark

Date:

22nd November, 2018

Time:

11:00 am

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

In this work we provide a formal treatment of proof of replicated storage, a novel cryptographic primitive recently proposed in the context of a novel cryptocurrency, namely Filecoin. In a nutshell, proofs of replicated storage is a solution to the following problem: A user stores a file m on n different servers to ensure that the file will be available even if some of the servers fail. Using proof of retrievability, the user could check that every server is indeed storing the file. However, what if the servers collude and, in order to save on resources, decide to only store one copy of the file? A proof of replicated storage guarantees that, unless the server is indeed storing n copies of the file, the user will not accept the proof. While some candidate proofs of replicated storage have already been proposed, their soundness relies on timing assumptions, that is, the user must reject the proof if the prover does not reply within a certain time-bound. In this paper we provide the first construction of a proof of replication which does not rely on any timing assumptions. This is joint work with Ivan Damgård and Claudio Orlandi.


Biography of the speaker:

Chaya Ganesh is a post-doctoral researcher at the Aarhus Crypto group. She graduated with a PhD from the Courant Institute of Mathematical Sciences, New York University under the supervision of Prof. Yevgeniy Dodis. Chaya has worked on zero knowledge proofs, secure computation and consensus protocols during doctoral studies. She is currently working on efficient ZK proofs, blockchain style consensus protocols and maintains broad interest in theoretical and applied Cryptography.


read more ...

Title:

LevioSA: Lightweight Secure Arithmetic Computation

Speaker:

Muthuramakrishnan Venkitasubramaniam
Professor, Dept of Computer Science, University of Rochester, USA

Date:

15th November, 2018

Time:

04:00 pm

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

We study the problem of secure two-party computation of arithmetic circuits. This problem is motivated by privacy-preserving numerical computations, such as ones arising in the context of machine learning training and classification. Recent works on the problem have mainly focused on passively secure protocols, whose security holds against passive (``semi-honest'') parties but may completely break down in the presence of active (``malicious'') parties who can deviate from the protocol. In this work, we design, optimize, and implement an actively secure protocol for secure two-party arithmetic computation. A distinctive feature of our protocol is that it can make a fully modular black-box use of any passively secure implementation of oblivious linear function evaluation (OLE). OLE is a commonly used primitive for secure arithmetic computation, analogously to the role of oblivious transfer in secure Boolean computation. For typical circuits, our protocol requires roughly 4 invocations of passively secure OLE per multiplication gate. This significantly improves over the recent TinyOLE protocol (Döttling et al., ACM CCS 2017), which requires 22 invocations of actively secure OLE in general, or 44 invocations of a specific code-based passively secure OLE. We showcase the efficiency of our protocol by applying it to standard benchmarks. Our protocol can be applied for a securely outsourcing neural network classification system. This is the first actively secure implementation of its kind, strengthening the passive security provided by recent related works (Mohassel and Zhang, IEEE S&P 2017; Juvekar et al., USENIX 2018).


Biography of the speaker:

Muthu Venkitasubramaniam is an Associate Professor at the University of Rochester. He received his BTech degree in computer science from the Indian Institute of Technology, Madras in 2004. He attended Cornell University, where he worked with Rafael Pass receiving his Ph.D. in computer science in 2011. Before arriving at the University of Rochester, he spent a year at the Courant Institute of Mathematical Sciences (NYU) as a postdoctoral researcher supported by the Computing Innovation Fellowship. Muthu's interests are in the theory and practice of Cryptography and Network Security. He is a recipient of the Google Faculty Research award and his work on "L-Diversity: Privacy beyond K-Anonymity" received the ICDE 2017 Influential Paper Award.


read more ...

Title:

Result Pattern Hiding Searchable Encryption for Conjunctive Queries

Speaker:

Debdeep Mukhopadhyay
Professor, Dept of Computer Science and Engineering, Indian Institute of Technology Kharagpur

Date:

22nd October, 2018

Time:

02:30 pm

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to another (untrusted) party in a private manner, while maintaining the ability to selectively search over it. In Crypto 2013, Cash et al. proposed Oblivious Cross-Tags (OXT) - an efficient SSE protocol with support for conjunctive keyword search in a single-writer single-reader framework. While the OXT protocol offers high performance by adopting a number of specialised data-structures, it also trades-off security by leaking ‘partial’ database information to the server. Recent attacks have exploited similar partial information leakage to breach database confidentiality. Consequently, it is an open problem to design SSE protocols for conjunctive keyword search that plug such leakages while retaining comparable efficiency. In this work, we propose a new SSE protocol, called Hidden CrossTags (HXT), that removes ‘Keyword Pair Result Pattern’ (KPRP) leakage for conjunctive keyword search. We avoid this leakage by adopting symmetric-key Hidden Vector Encryption (SHVE) and probabilistic (Bloom filter) indexing into the HXT protocol. A central contribution of this work is the proposal of a ‘lightweight’ SHVE scheme that only uses efficient symmetric-key building blocks~(entirely avoiding elliptic curve-based operations), is amenable to parallel implementations, and achieves simulation-security against a single challenge ciphertext query and unbounded many secret-key queries. Adopting this efficient SHVE scheme, the overall practical storage and computational overheads of HXT over OXT are relatively small (no more than 10%), while providing a higher level of security. In this talk, I will briefly illustrate the ‘Keyword Pair Result Pattern’ (KPRP) leakage in the original OXT protocol, and discuss potential confidentiality breaches due to such leakages. Next, I will show how our HXT protocol plugs this leakage using SHVE and Bloom filters. I will provide a short description of our SHVE construction and compare its performance with that of existing bilinear map-based HVE schemes. Finally, I will present a case-study illustrating the performance and efficiency of our HXT protocol (in terms of storage requirements, pre-processing overhead and query delay) on actual datasets from Wikimedia Downloads. I shall conclude the talk with a proposal for a highly scalable framework for parallelized SSE implementation using hardware based crypto-accelerators, interfaced with a software based control unit and a memory controller unit.


Biography of the speaker:

Debdeep Mukhopadhyay is currently a full Professor at the Department of Computer Science and Engineering, IIT-Kharagpur, India. At IIT Kharagpur he initiated the Secured Embedded Architecture Laboratory (SEAL), with a focus on Embedded Security and Side Channel Attacks. Prior to this he worked as Associate Professor at IIT Kharagpur, visiting scientist at NTU Singapore, a visiting Associate Professor of NYU-Shanghai, Assistant Professor at IIT-Madras, and as Visiting Researcher at NYU Tandon-School-of-Engineering, USA. He holds a PhD, an MS, and a B. Tech from IIT Kharagpur, India. Dr. Mukhopadhyay's research interests are Cryptography, Hardware Security, and VLSI. His books include Fault Tolerant Architectures for Cryptography and Hardware Security (Springer), Cryptography and Network Security (Mc Graw Hills), Hardware Security: Design, Threats, and Safeguards (CRC Press), and Timing Channels in Cryptography (Springer). He has written more than 150 papers in peer-reviewed conferences and journals and has collaborated with several Indian and Foreign Organizations. He has been in the program committee of several top International conferences and is an Associate Editor of the International Association of Cryptologic Research (IACR) Transactions of CHES, Journal of Hardware and Systems Security, Journal of Cryptographic Engineering, Springer and ACM Transactions on Embedded Computing Systems. He has given several invited talks in industry and academia, including tutorial talks at premier conferences like CHES, WIFS, VLSID. Dr. Mukhopadhyay is the recipient of the Swarnajayanti DST Fellowship 2015-16, Young Scientist award from the Indian National Science Academy, the Young Engineer award from the Indian National Academy of Engineers, and is a Young Associate of the Indian Academy of Science. He was also awarded the Outstanding Young Faculty fellowship in 2011 from IIT Kharagpur, and the Techno-Inventor Best PhD award by the Indian Semiconductor Association. He has recently incubated a start-up on Hardware Security, ESP Pvt Ltd at IIT Kharagpur.


read more ...

Title:

Actively Secure Garbled Circuits with Constant Communication Overhead in the Plain Model

Speaker:

Dr. Carmit Hazay
Senior Lecturer, Computer Engineering Department, Bar-Ilan University, Israel

Date:

15th November, 2017

Time:

11:00 am

Venue:

CSA Seminar Hall (Room No. 254, First Floor)

Abstract:

We consider the problem of constant-round secure two-party computation in the presence of active (malicious) adversaries. We present the first protocol that has only a constant multiplicative communication overhead compared to Yao's protocol for passive adversaries and can be implemented in the plain model by only making a black-box use of (parallel) oblivious transfer and a pseudo-random generator. This improves over the polylogarithmic overhead of the previous best protocol. A similar result could previously be obtained only in an amortized setting, using preprocessing, or by assuming bit-oblivious-transfer as an ideal primitive that has a constant cost. We present two variants of this result, one which is aimed at minimizing the number of oblivious transfers and another which is aimed at optimizing concrete efficiency. Our protocols are based on a novel combination of previous techniques together with a new efficient protocol to certify that pairs of strings transmitted via oblivious transfer satisfy a global relation. The communication complexity of the second variant of our protocol can beat the best previous protocols even for realistic values of the circuit size and the security parameter. This variant is particularly attractive in the offline-online setting, where the online cost is dominated by a single evaluation of an authenticated garbled circuit, and can also be made non-interactive using the Fiat-Shamir heuristic. This is a joint work with Yuval Ishai and Muthuramakrishnan Venkitasubramaniam.


Biography of the speaker:

Carmit Hazay is a Senior Lecturer in the Computer Engineering Department, Bar-Ilan University, Israel. In 2009 she completed her Ph.D. studies at Bar-Ilan University and started her post-doctoral training at Weizmann Institute of Science and IDC (2009-2010) and at Aarhus University, Denmark (2010-2012). She joined the Faculty of Engineering at Bar-Ilan University in October 2012.

read more ...