[Busec] BUsec this week: Adam ONeill (Monday 10am)

Sharon Goldberg goldbe at cs.bu.edu
Sun Feb 24 19:37:08 EST 2013

Hi all,

Just a reminder that in seminar tomorrow at 10AM, Adam O'Neill will be
talking about enhanced chosen-ciphertext security.   The following
Monday, Valerio Pastro from Aarhus will be talking about multiparty
computation and
somewhat homomorphic encryption.


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list:  http://cs-mailman.bu.edu/mailman/listinfo/busec
How to get to BU from MIT:  Try the CT2 bus or MIT's "Boston Daytime
Shuttle" http://web.mit.edu/facilities/transportation/shuttles/daytime_boston.html


Title: Enhanced Chosen-Ciphertext Security and Applications
Speaker: Adam ONeill. BU.
Date: Monday Feb 25, 10AM, MCS137

Recently, there has been interest in randomness-recovering public-key
encryption (RR-PKE) (see, e.g., Peikert and Waters, STOC'08), where a
receiver efficiently recovers not only the message but also the
*random coins* of a sender.  We contend that for applications of
RR-PKE, the standard definition of chosen-ciphertext security (CCA)
should be amended so that the adversary gets access not only to a
decryption oracle but also a *randomness recovery* oracle, a new
notion we call enhanced chosen-ciphertext (ECCA) security.

We show that ECCA-secure RR-PKE can be constructed from adaptive
trapdoor functions (ATDFs), as defined and realized by Kiltz et al.
(EUROCRYPT 2010).  Previously, Kiltz et al. showed how to construct
standard CCA-secure PKE from ATDFs, but their construction turns out
to be insufficient for ECCA security.  Our construction crucially uses
the notion of *detectable* CCA security, recently introduced by
Hohenberger et al. (EUROCRYPT '12).  In fact, we show that a form of
ECCA-secure RR-PKE is *equivalent* both to ATDFs and to an extension
called tag-based ATDFs, meaning that ATDFs and tag-based ATDFs are
themselves equivalent, resolving an open question of Kiltz et al.

We then show that ECCA-secure RR-PKE can be used to securely realize
an approach to public-key encryption with non-interactive opening
(PKENO) originally suggested by Damg{\aa}rd and Thorbek (EUROCRYPT
2007).  PKENO, which allows a receiver to non-interactively prove that
a ciphertext decrypts to a claimed message, has widespread
applications to secure multiparty computation. We obtain new and
practical PKENO schemes quite different from those in prior work.

Joint work with Dana Dachman-Soled, Georg Fuchsbauer, and Payman Mohassel.


Title: Multiparty Computation from Somewhat Homomorphic Encryption
(aka The SPDZ protocol)
Speaker: Valerio Pastro. Aarhus.
When:  Monday March 4, 10AM.  MCS137.

Abstract: We propose a general multiparty computation protocol secure
against an active adversary corrupting up to $n-1$ of the $n$ players.
The protocol  may be used to compute securely arithmetic circuits over
any finite field  $\F_{p^k}$. Our protocol consists of a preprocessing
phase that is both independent of the function to be computed and of
the inputs, and a much more efficient online phase where the actual
computation takes place. The online phase is unconditionally secure
and has total computational (and communication) complexity linear in
$n$, the number of players, where earlier work was quadratic in $n$.
Hence, the work done by each player in the online phase is independent
of $n$ and moreover is only a small constant factor larger than what
one would need to compute the circuit in the clear. It is the first
protocol in the preprocessing model with these properties. We show a
lower bound implying that for computation in large fields, our
protocol is optimal. In practice, for 3 players, a secure 64-bit
multiplication can be done in 0.05 ms. Our preprocessing is based on a
somewhat homomorphic cryptosystem. We extend a scheme by Brakerski et
al., so that we can perform distributed decryption and handle many
values in parallel in one ciphertext. The computational complexity of
our preprocessing phase is dominated by the public-key operations, we
need $O(n^2/s)$ operations per secure multiplication where $s$ is a
parameter that increases with the security parameter of the
cryptosystem. Earlier work in this model needed $\Omega(n^2)$
operations. In practice, the preprocessing prepares a secure 64-bit
multiplication for 3 players in about 13 ms, which is 2-3 order of
magnitude faster than the best previous results.

Joint work with: Ivan Damgaard, Nigel Smart, Sarah Zakarias


Boston Freedom in Online Communications Day (BFOC)

The Internet offers great promise for improving the communication
capabilities of citizens, but our increasing dependence on networked
communications also makes it easier for organizations and governments
to control, monitor, and block communications.  The growing trend
toward blocking, tampering, or otherwise restricting communications on
the Internet calls for improved techniques both for monitoring the
state of restrictions on Internet content and communications, in order
to inform users, and for circumventing attempts to censor, degrade, or
otherwise tamper with Internet communications.

Many researchers and practitioners in the Boston area are engaged in
studying, detecting, or circumventing practices that inhibit free and
open communications on the Internet. Building on the success of many
recent Boston and NYC “Days” (e.g. this, this and this), the main
purposes of BFOC is to encourage collaboration between local
researchers and practitioners in technology, law, and policy that are
working in this area. The overall structure of the day will involve
longer ”keynote” talks by invited speakers, with a short talks session
and a poster session.  Confirmed speakers include:
 Andrew Lewman, Executive Director, The Tor Project.
 Hans Klein, Georgia Tech School of Public Policy.
 And more to be added in the coming days.

Date / Location
 BFOC 2013 will be held at Boston University on Friday, March 8, 2013
from 10:00 a.m. to 5:00 p.m.

Registration / Call for Presentations
 Attendance is free, but registration is required for planning
purposes. Register now!

For short talks and posters, send an email to bfoc at cs.bu.edu by
Thursday, February 21 2013, including a brief (<300 word) description
of your work, along with an indication of a preference for the work to
be presented as a short talk or a poster, or be considered for both.
We will select a number of short talks and put together a poster

Organizing Information
 BFOC 2013 is generously hosted by the Hariri Institute and the Center
for Reliable Information Systems and Cyber Security at Boston
University. The organizing committee is Sharon Goldberg (Boston
University) and Nick Feamster (Georgia Tech).

Sharon Goldberg
Computer Science, Boston University

More information about the Busec mailing list