[Busec] busec this week: Daniel Apon (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Oct 25 02:06:50 EDT 2016


We continue to have weekly busec talks. This week, Daniel Apon from UMD
will talk about deniable attribute-based encryption.  The following week,
Luke Valenta from UPenn will talk about factoring 512-bit RSA keys. And the
week after that, George Bissias from UMass Amherst will talk about Bitcoin
security.

All talks on Wednesdays at 10am with lunch to follow. See you there!

Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/
The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

******
Deniable Attribute Based Encryption for Branching Programs from LWE
Speaker: Daniel Apon (UMD)
Wednesday October 26, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

Deniable encryption (Canetti et al. CRYPTO '97) is an intriguing
primitive that provides a security guarantee against not only
eavesdropping attacks as required by semantic security, but also stronger
coercion attacks performed after the fact. The concept of deniability has
later demonstrated useful and powerful in many other contexts, such as
leakage resilience, adaptive security of protocols, and security against
selective opening attacks. Despite its conceptual usefulness, our
understanding of how to construct deniable primitives under standard
assumptions is restricted.

In particular from standard lattice assumptions, i.e. Learning with Errors
(LWE),
we have only flexibly and non-negligible advantage deniable
public-key encryption schemes, whereas with the much stronger assumption
of indistinguishable obfuscation, we can obtain at least fully sender-
deniable PKE and computation. How to achieve deniability for other
more advanced encryption schemes under standard assumptions remains
an interesting open question.

In this work, we construct a flexibly bi-deniable Attribute-Based
Encryption (ABE) scheme for all polynomial-size Branching Programs from
LWE. Our techniques involve new ways of manipulating Gaussian noise
that may be of independent interest, and lead to a significantly sharper
analysis of noise growth in Dual Regev type encryption schemes.We hope
these ideas give insight into achieving deniability and related properties
for further, advanced cryptographic systems from lattice assumptions.

Joint work with Xiong Fan (Cornell) and Feng-Hao Liu (Florida Atlantic).

*****

Factoring As A Service
Speaker: Luke Valenta (UPenn)
Wednesday Nov 2, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)


The difficulty of integer factorization is fundamental to modern
cryptographic security using RSA encryption and signatures.  Although a
512-bit RSA modulus was first factored in 1999, 512-bit RSA remains
surprisingly common in practice across many cryptographic protocols.
Popular understanding of the difficulty of 512-bit factorization does not
seem to have kept pace with developments in computing power.  In this
paper, we optimize the CADO-NFS and Msieve implementations of the number
field sieve for use on the Amazon Elastic Compute Cloud platform, allowing
a non-expert to factor 512-bit RSA public keys in under four hours for
$75.  We go on to survey the RSA key sizes used in popular protocols,
finding hundreds or thousands of deployed 512-bit RSA keys in DNSSEC,
HTTPS, IMAP, POP3, SMTP, DKIM, SSH, and PGP.

*******
Double-Spend Attack Analysis and an Improved Network Architecture for
Bitcoin
George Bissias. (UMass)
Wednesday Nov 9, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

We contribute two complementary analyses to increase Bitcoin’s security,
efficiency, and transparency. First, we present a novel economic evaluation
of the double-spend attack with and without a contemporaneous eclipse
attack. We derive and validate a mathematical model focused on the value of
transactions that can be secured. Our model quantifies the importance of
each factor that determines the attack’s success. Our model also quantifies
the threat posed by eclipse-based double-spend attacks.

Second, we design and evaluate a replacement for Bitcoin’s inefficient,
opaque network architecture comprised of a high-degree, random graph of
peers. In our approach, called Canary, peers submit transactions directly
to miners, who announce new blocks and transactions via self-managed,
one-way trees of peers. Canary uses byte-efficient status report messages
that, like canaries in a coal mine, allow peers to detect both malicious
miners and eclipse attacks almost immediately. Canary’s structured topology
reduces total overhead traffic significantly, e.g., to about 30% of the
cost of the current topology.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20161025/f5290cc9/attachment.html>


More information about the Busec mailing list