The workshop will cover recent advances in the theory and practice of cryptographic tools for the Cloud, how Cloud Computing changed the rules of the game in the last years, and what the new challenges for privacy and security are.
Registration is mandatory.
Michel Abdalla, Hoeteck Wee, and Michele Minelli
Secure multi-party computation (MPC) provides a way for two (or more) parties to compute a function that depends on inputs from both parties, while keeping their inputs private. A general solution to this problem have been known since Yao's pioneering work on garbled circuits in the 1980s, but only recently has it become conceivable to use this approach in real systems. Over the past decade, the costs of executing MPC protocols have dropped by about 7 orders of magnitude, but real-world deployments remain rare, and mostly unsatisfying. In this talk, I’ll provide a brief introduction to MPC and summarize some of the work our group has done to make secure computation scalable, efficient, and accessible. I’ll describe some attempts to build interesting practical systems with MPC including an ongoing effort to develop a decentralized certificate authority that can produce signed certificates without ever exposing the private signing key. Finally, I’ll discuss the remaining impediments that are holding back MPC from being widely used in practice.
(joint work with Mihir Bellare and Alessandra Scafuro)
Motivated by the subversion of “trusted” public parameters in mass-surveillance activities, we study the security of non-interactive zero-knowledge (NIZK) proofs in the presence of a maliciously chosen common reference string. We first provide definitions for subversion-resistant soundness, witness indistinguishability and zero knowledge. We show that certain combinations of goals are unachievable but for all other combinations we give constructions that achieve them.
We then turn to zk-SNARKs (succinct non-interactive arguments of knowledge), which are computationally sound NIZK systems with short and efficiently verifiable proofs, used e.g. in cryptocurrencies such as Zcash. We show that under plausible hardness assumptions, many zk-SNARK schemes proposed in the literature can be made subversion-zero-knowledge at very little cost.
Energy and power efficiency is an extremely important optimization goal when implementing applications on any digital platform. This is important for light-weight InternetOfThings devices as well as high end servers and cloud computing. The first one requires a long battery life, the second one needs to reduce the cost of cooling (and the electricity bill).
The energy and power optimization also holds for the implementation of cryptographic algorithms. Our goal is to build devices that can perform the mathematically demanding cryptographic operations in an efficient way. At the same time, we request that the implementations are also secure against a wide range of physical attacks, including side-channel attacks. Unfortunately countermeasures to side-channel attacks impose an extra cost.
This presentation will focus on the implementation aspects of cryptographic operations and how to balance the computation requirements with the resource constraints. These concepts will be illustrated with the design of several cryptographic co-processors, secret key, public key and new generation of post-quantum secure algorithms.
In the utopic world of whitebox cryptomania, cryptographic programs can be freely executed, copied and shared without endangering their inner secret keys, as breaking them requires intractable computational efforts. Once again, constructive cryptography has prevailed over cryptanalysis thanks to reductionist proofs and tamper-resistant cryptographic software has suddenly become a reality. This talk explores the side effects of this parallel universe on cryptographic constructions - good and bad alike - and what they potentially mean for the security of the Cloud.
In this talk, we'll take a look at how Property Preserving Encryption (PPE) schemes can be used to store data in encrypted form at cloud service providers while still allowing various forms of search queries to be carried out against the data. We'll explain why some of the currently deployed schemes provide insufficient security in practice, and discuss methods by which security can be enhanced whilst preserving search capabilities.
Searchable encryption is a very appealing concept to store data on an untrusted server, so as to keep search functionalities while ensuring privacy of both the queries and the data.
Many different solutions emerged, differing on their security and on their efficiency, originating both from the industry and the academia. Actually, these past few years, searchable encryption has actually been a very hot topic, a lot of work on new constructions or new attacks has been done.
In this presentation, I will try to give an insight on the big challenges of searchable encryption, and explain why the compromise between security and performance is the core problem in this area.
To do so, I will talk about lower bounds, recent attacks and constructions, and ongoing work, both theoretical and practical. This will give you a glimpse at the variety of techniques and tools that can be applied to searchable encryption, and at how wide this topic can be, ranging from theoretical computer science, to systems design.
Finally, I will conclude by describing some exciting open problems on searchable encryption, again both theoretical and practical.
Functional encryption (FE) is an extremely powerful cryptographic mechanism that lets an authorized entity compute on encrypted data, and learn the results in the clear. However, all current cryptographic instantiations for general FE are too impractical to be implemented. We build Iron, a practical and usable FE system using Intel’s recent Software Guard Extensions (SGX). We show that Iron can be applied to complex functionalities, and even for simple functions, outperforms the best known cryptographic schemes. We argue security by modeling FE in the context of hardware elements, and prove that Iron satisfies the security model.
Joint work with: Ben A Fisch, Dhinakaran Vinayagamurthy, Dan Boneh