[Busec] busec this week: Zahra Jafargholi (Wed 9:30am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Feb 10 18:22:21 EST 2015

We have two interesting crypto talks coming up.  At tomorrow's seminar,
Zahra Jafargholi from Northeastern will talk about non-malleable codes. The
following week, Raphael Bost from DGA MI/Université de Rennes 1 will tell
us about machine learning over encrypted data.  Lunch will be provided and
abstracts are below.

Also, don't forget to save the date for Crypto Day at MSR on Friday
February 20.


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


Tamper Detection and Continuous Non-Malleable Codes
Speaker: Zahra Jafargholi.  NEU.
Wednesday February 11, 2015,  9:30-11:00am
Hariri Seminar Room, 111 Cummington St, Boston.

Abstract: We consider a public and keyless code $(\Enc,\Dec)$ which is used
to encode a message $m$ and derive a codeword $c = \Enc(m)$. The codeword
can be adversarially tampered via a function $f \in \F$ from some tampering
function family $\F$, resulting in a tampered value $c' = f(c)$. We study
the different types of security guarantees that can be achieved in this
scenario for different families $\F$ of tampering attacks.

Firstly, we initiate the general study of tamper-detection codes, which
must detect that tampering occurred and output $\Dec(c') = \bot$. We show
that such codes exist for any family of functions $\F$ over $n$ bit
codewords, as long as $|\F| < 2^{2^n}$ is sufficiently smaller than the set
of all possible functions, and the functions $f \in \F$ are further
restricted in two ways: (1) they can only have a few fixed points $x$ such
that $f(x)=x$, (2) they must have high entropy of $f(x)$ over a random $x$.
Such codes can also be made efficient when $|\F| = 2^{\poly(n)}$. For
example, $\F$ can be the family of all low-degree polynomials excluding
constant and identity polynomials. Such tamper-detection codes generalize
the algebraic manipulation detection (AMD) codes of Cramer et al.

Next, we revisit non-malleable codes, which were introduced by Dziembowski,
Pietrzak and Wichs (ICS '10) and require that $\Dec(c')$ either decodes to
the original message $m$, or to some unrelated value (possibly $\bot$) that
doesn't provide any information about $m$. We give a modular construction
of non-malleable codes by combining tamper-detection codes and
leakage-resilient codes. This gives an alternate proof of the existence of
non-malleable codes with optimal rate for any family $\F$ of size $|\F| <
2^{2^n}$, as well as efficient constructions for families of size $|\F| =

Finally, we initiate the general study of continuous non-malleable codes,
which provide a non-malleability guarantee against an attacker that can
tamper a codeword multiple times. We define several variants of the problem
depending on: (I) whether tampering is persistent and each successive
attack modifies the codeword that has been modified by previous attacks, or
whether tampering is non-persistent and is always applied to the original
codeword, (II) whether we can self-destruct and stop the experiment if a
tampered codeword is ever detected to be invalid or whether the attacker
can always tamper more. In the case of persistent tampering and
self-destruct (weakest case), we get a broad existence results, essentially
matching what's known for standard non-malleable codes. In the case of
non-persistent tampering and no self-destruct (strongest case), we must
further restrict the tampering functions to have few fixed points and high
entropy. The two intermediate cases correspond to requiring only one of the
above two restrictions.

These results have applications in cryptography to related-key attack (RKA)
security and to protecting devices against tampering attacks without
requiring state or randomness.

Joint work with Daniel Wichs.


Title: Machine Learning Classification over Encrypted Data
Speaker: Raphael Bost.  DGA MI/Université de Rennes 1.
Wednesday February 18, 2015.  9:30-11:00am
Hariri Seminar Room, 111 Cummington St. Boston, MA

Abstract:  Machine learning classification is used in numerous settings
nowadays, such as medical or genomics predictions, spam detection, face
recognition, and financial predictions. Due to privacy concerns, in some of
these applications, it is important that the data and the classifier remain

In this work, we construct three major classification protocols that
satisfy this privacy constraint: hyperplane decision, Naïve Bayes, and
decision trees. We also enable these protocols to be combined. At the basis
of these constructions is a new library of building blocks for constructing
classifiers securely; we demonstrate that this library can be used to
construct other classifiers as well, such as a multiplexer and a face
detection classifier.

We implemented and evaluated our library and classifiers. Our protocols are
efficient, taking milliseconds to a few seconds to perform a classification
when running on real medical datasets.
Joint work with Raluca Ada Popa, Stephen Tu and Shafi Goldwasser which will
appear in NDSS'15.


Please save the date: the next Charles River Crypto Day will be on Friday,
Feb 20 at Microsoft Research (One Memorial Drive, Cambridge, MA). The
program will be announced soon.

- Daniel, Nir, Vinod, Yael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20150210/86b280ae/attachment.html>

More information about the Busec mailing list