[Busec] BUsec this week: Yevgeniy Dodis (Monday 10AM)

Sharon Goldberg goldbe at cs.bu.edu
Mon Mar 18 00:39:20 EDT 2013


A reminder for tomorrow's seminar with Yevgeniy Dodis, from NYU
10AM in MCS137.  Lunch will be provided as usual. See you tomorrow,


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list:  http://cs-mailman.bu.edu/mailman/listinfo/busec
How to get to BU from MIT:  Try the CT2 bus or MIT's "Boston Daytime
Shuttle" http://web.mit.edu/facilities/transportation/shuttles/daytime_boston.html


Title: Overcoming Weak Expectations
Speaker: Yevgeniy Dodis, New York University
March 18, 10AM.  MCS137

Recently, there has been renewed interest in basing cryptographic
 primitives on weak secrets, where the only information about the
 secret is some non-trivial amount of (min-)entropy. From a formal
 point of view, such results require to upper bound the expectation of
 some function f(X), where X is a weak source in question. We show an
 elementary inequality which essentially upper bounds such "weak
 expectation" by two terms, the first of which is *independent* of f,
 while the second only depends on the variance of f under the *uniform*
 distribution. Quite remarkably, as relatively simple corollaries of
 this elementary inequality, we obtain some "unexpected" results, in
 several cases noticeably simplifying/improving prior techniques for
 the same problem. Examples include non-malleable extractors,
 leakage-resilient symmetric encryption, seed-dependent condensers,
 improved entropy loss for the leftover hash lemma, and alternative to
 the dense model theorem.


Title: Shielding circuits with groups
Speaker: Eric Miles, NEU.
March 25. 10AM.  MCS137.

Traditionally, cryptography models an adversary as having only
input/output access to a given algorithm. A recent line of work known
as leakage-resistant cryptography additionally gives the adversary the
output of a computationally limited leakage function applied to the
algorithm's internal state (e.g. to the wires of a circuit
implementing the algorithm).  A general goal in this area is to
compile any circuit into a new "shielded" circuit that remains secure
under these attacks.

 In this work we give a new such compiler, producing shielded circuits
that withstand leakage from virtually any class of functions against
which average-case lower bounds are known, recovering and extending
previous results.  Specifically, our circuits derive their security
from the hardness of computing iterated products over the alternating
group A_5.  We also conjecture that our circuits withstand NC^1
leakage if NC^1 is not equal to L. We build on previous constructions
by Ishai et al. [Crypto ’03] and Faust et al. [Eurocrypt ’10], and
also use and extend the relationship between group theory and
computation first established by Barrington [STOC '86]. In particular
we exploit properties of the alternating group beyond what is
sufficient for Barrington's theorem.

This is joint work with Emanuele Viola.

Sharon Goldberg
Computer Science, Boston University

Sharon Goldberg
Computer Science, Boston University

More information about the Busec mailing list