[Busec] busec tomorrow! Ranjit Kumaresan (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Sep 20 18:32:17 EDT 2016


Hi everyone,

Join us next tomorrow for the first busec seminar of the year. Ranjit will
tell us about privacy-preserving smart contracts and their relationship to
Bitcoin. As usual, lunch follows seminar.

The following week, our own Omer Paneth defends his PhD thesis on code
obfuscation, and the week after that, Leo Reyzin will tell us about his new
work on memory-hard hash functions. Hope to see you all!

Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

******

Privacy-Preserving Smart Contracts
Speaker: Ranjit Kumaresan, MIT
Time: September 21, 2016, 10-11:30am
Place: Hariri Seminar Room at 111 Cummington St, Boston MA

Abstract:
Cryptographic technologies such as encryption and authentication provide
stability to modern electronic commerce. Recent technologies such as
Bitcoin  have the potential to further enhance the way we conduct
electronic commerce. In this talk, I will describe my work in developing a
robust theory of privacy-preserving contracts that are self-enforcing and
do not require third-party intervention. Starting from Bitcoin-inspired
abstractions, the theory enables building provably secure and scalable
applications on top of cryptocurrencies.

*****

PhD Thesis Defense! (Code Obfuscation)
Speaker: Omer Paneth, BU
Time: September 28, 2016, 10-11:30am
Place: Hariri Seminar Room at 111 Cummington St, Boston MA

Abstract:Code is said to be obfuscated if it is intentionally difficult for
humans to understand. Obfuscation is often used to conceal sensitive
implementation details such as proprietary algorithms or licensing
mechanisms.

A general-purpose obfuscator is a compiler that obfuscates arbitrary code
(in some particular language) without altering the code's functionality.
Ideally, the obfuscated code would hide any information about the original
code that cannot be obtained by simply executing it.

The potential applications of general-purpose obfuscators extend beyond
software protection. For example, in computational complexity theory,
obfuscation is used to establish the intractability of a range of
computational problems. Obfuscation is also a powerful tool in
cryptography, enabling a variety of advanced applications.

The possibility of general-purpose obfuscation was put into question by
Barak et al. [CRYPTO 01], who proved that such obfuscation cannot have
ideal security. Nevertheless, they leave open the possibility of
obfuscation with weaker security properties, which may be sufficient for
many applications. Recently, Garg et al. [FOCS~13] suggested a candidate
construction for general-purpose obfuscation conjectured to satisfy these
security properties.

In this thesis we study the feasibility and applicability of different
notions of secure obfuscation.

In terms of applicability, we prove that finding a Nash equilibrium of a
game is intractable, based on a weak notion of obfuscation known as
indistinguishability obfuscation.

In terms of feasibility, we focus on a variant of the Garg at el.
obfuscator that is based on a recent construction of cryptographic
multilinear maps [Garg et al. EUROCRYPT 13]. We reduce the security of the
obfuscator to that of the underlying multilinear maps. Our first reduction
considers obfuscation and multilinear maps with ideal security.

We then study a useful strengthening of indistinguishability obfuscation
known as virtual-grey-box obfuscation. We identify security properties of
multilinear maps that are necessary and sufficient for this notion.

Finally, we explore the possibility of basing obfuscation on weaker
primitives. We show that obfuscation is impossible even based on ideal
random oracles.

*****
On the Memory-Hardness of scrypt
Speaker: Leonid Reyzin, BU
Time: October 5, 2016, 10-11:30am
Place: Hariri Seminar Room at 111 Cummington St, Boston MA

The key derivation function scrypt (Percival, 2009) is defined as the
result of n steps, where each step consists of selecting one or two
previously computed values (the selection depends on the values themselves)
and hashing them. It is conjectured that this function is memory-hard.

We show that indeed scrypt is maximally memory-hard in the parallel random
oracle model. Specifically, we show that the product of memory and time
used during the computation of scrypt must be Theta(n^2). Moreover, even if
the amount of memory used fluctuates during the computation, we show that
the sum of memory usage over time (a.k.a. "cumulative memory complexity"
introduced by Alwen and Serbinenko in 2015) is Theta(n^2). This suggests
that computation of multiple instances of scrypt cannot be improved via
amortization. Our result holds even if the adversary is allowed to make an
unlimited number of parallel random oracle queries at each step.

Previous work (Alwen, Chen, Kamath, Kolmogorov, Pietrzak, Tessaro 2016)
showed a lower bound of Omega( n^2 / log^2 n) on the memory complexity of
scrypt in more restricted models, where the adversary was assumed to store
only random oracle outputs or specific functions of them. Our result
improves the bound quantitatively by eliminating the log^2 n factor and
qualitatively by allowing arbitrary storage by the adversary.

Joint work with Joel Alwen, Binyi Chen, Krzysztof Pietrzak, and Stefano
Tessaro.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20160920/4350d1b6/attachment.html>


More information about the Busec mailing list