[Busec] BUsec this week: Alessandra Scafuro (Wed 9:45am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Jan 21 12:59:42 EST 2014

Welcome back!  Our first seminar of the semester will be on tomorrow -- but
we will start *early* at 9:45am -- with a talk about universal
composability and PUFs by Alessandra Scafuro from UCLA. The following
Wednesday, Shai Halevi will talk about two-round secure MPC from
indistinguishability obfuscation.

If BU is closed for a snow day, the seminar will be cancelled; otherwise,
see you tomorrow,


 BUsec Calendar:  http://www.bu.edu/cs/busec/
 BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec
 How to get to BU from MIT: The CT2 bus or MIT's "Boston Daytime Shuttle"

Universally Composable Secure Computation with PUFs
Alessandra Scafuro. UCLA.
Wed, January 22, 9:45am – 11:00am

A PUF [Pappu01] is a physical device, that when stimulated, it magically
produces an output which is "unpredictable"?.  In particular a PUF does not
keep state, and does not have secrets to be protected (in contrast with
tamper-proof hardware, for example). As such, PUFs are naturally very
appealing for cryptographic applications.

Universal Composition [Can01] is a security notion that provides strong
security guarantees: a protocol that is Universally Composable (UC) remains
secure even when is run concurrently with any other (possibly insecure)
protocol.  Sadly, UC-security is impossible to achieve in the plain-model.
Consequently, UC-secure protocols proposed in literature are either based
on trusted setups (e.g., the CRS model) or  physical assumptions (e.g.,
tamper-proof hardware model).

A natural question is: can we achieve UC-security using PUFs?

A positive answer was given in [BFSK11] by Bruzska et al. They propose a
way to model PUFs in the UC-framework, and they show unconditional
UC-secure protocols in such model.  However, this model might be a bit too
optimistic as it assumes that even an adversary plays with honestly
generated PUFs. A perhaps more natural model is to assume that only honest
parties use honest PUFs, while  malicious parties can play with arbitrarily
malicious hardware (as long as it "looks like" a PUF).

In this talk -- after having introduced you to the magic behind  PUFs'
behavior -- I will discuss an extension of BFK11 model, called Malicious
PUF model (that we introduced in [OSVW13]) and prove that UC-security is
still achievable, using computational assumptions. Moreover, if we restrict
ourself to the commitment functionality, I will show (maybe only mention)
that we can even obtain unconditional security [DS13].


Two-round secure MPC from Indistinguishability Obfuscation
Shai Halevi. IBM.
Wed, January 29, 10:00am – 11:30am
MCS137 (map)

One fundamental complexity measure of an MPC protocol is its *round
complexity*. Asharov et al. recently constructed the first three-round
protocol for general MPC in the CRS model. Here, we show how to achieve
this result with only two rounds. We obtain UC security with abort against
static malicious adversaries, and fairness if there is an honest majority.
Additionally the communication in our protocol is only proportional to the
input and output size of the function being evaluated and independent of
its circuit size. Our main tool is indistinguishability obfuscation, for
which a candidate construction was
recently proposed by Garg et al.

The technical tools that we develop in this work also imply virtual black
box obfuscation of a new primitive that we call a *dynamic point function*.
This primitive may be of independent interest.

Joint work with Sanjam Garg, Craig Gentry, and Mariana Raykova


Regularity of Lossy Exponentiation and Applications.
Adam Smith.  Penn State.
Wed, February 5, 10am – 11:30am

Sharon Goldberg
Computer Science, Boston University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20140121/aa4f3024/attachment.html>

More information about the Busec mailing list