# [Busec] busec tomorrow and workshop on Friday

Leonid Reyzin reyzin at cs.bu.edu
Tue May 5 17:04:16 EDT 2015

A reminder that tomorrow (Wednesday) we have a presentation from Ryo
Nishimaki on cryptographic watermarking of programs, followed, as usual, by
lunch and discussion (title and abstract below).

Also, this Friday a joint workshop BU / MIT Lincoln Lab workshop on secure
cloud computing and storage will feature Nikos Triandopolous, Nabil Schear,
Mayank Varia, Alina Oprea, and Kevin Hamlen (free registration required
http://www.bu.edu/hic/research/bu-mit-ll/bumit-ll-cybersecurity-workshop-series/bumitll-secure-cloud-workshop/
).

Leo

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

*******

Title:  Watermarking Cryptographic Programs Against Arbitrary Removal
Strategies
Speaker: Ryo Nishimaki (NTT and Northeastern University)
Wednesday May 6, 10am, the Hariri Seminar room

Abstract: A watermarking scheme for programs embeds some information called
a mark into a program while preserving its functionality. No adversary can
remove the mark without damaging the functionality of the program. In this
work, we study the problem of watermarking various cryptographic programs
such as pseudorandom function (PRF) evaluation, decryption, and signing.
For example, given a PRF key $K$, we create a marked program
$\widetilde{C}$ that evaluates the PRF $F(K,\cdot)$. An adversary that gets
$\widetilde{C}$ cannot come up with any program $C^*$ in which the mark is
removed but which still evaluates the PRF correctly on even a small
fraction of the inputs.
The work of Barak et al. (CRYPTO'01 and J.ACM, 59(2)) shows that, assuming
indistinguishability obfuscation (iO), such watermarking is impossible if
the marked program $\widetilde{C}$ evaluates the original program with
perfect correctness. In this work we show that, assuming iO, such
watermarking is possible if the marked program $\widetilde{C}$ is allowed
to err with even a negligible probability, which would be undetectable to
the user.

We construct such a watermarking scheme with a secret-marking key used to
embed marks in programs, and a public-detection key that allows anyone to
detect marks in programs. For our security definition, we assume that the

We emphasize that our security notion of watermark non-removability
considers arbitrary adversarial strategies to modify the marked program --
for example, an adversary could obfuscate the marked program and this
should not remove the mark. This is in contrast to the prior works, such as
that of Nishimaki (EUROCRYPT '13), which only consider restricted removal
strategies that preserve the original structure of the marked program
(e.g., as a vector of group elements), but do not provide security against
arbitrary strategies.

Joint work with Daniel Wichs. Available at http://eprint.iacr.org/2015/344.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20150505/b7b80aff/attachment.html>