January 9 No talk (Real World Crypto Workshop)
January 16 Succinct Functional Encryption and Applications
Speaker: Raluca Ada Popa (MIT)
Abstract: Functional encryption is a powerful primitive: given an encryption Enc(x) of a value x and a secret key sk_f corresponding to a circuit f, it enables efficient computation of f(x) without revealing any additional information about x. Constructing functional encryption schemes with succinct ciphertexts that guarantee security for even a single secret key sk_f (for a general function f) is an important open problem with far reaching applications, which this paper addresses.
Our main result is a functional encryption scheme for any general function f of depth d, with succinct ciphertexts whose size grows with the depth d rather than the size of the circuit for f. We prove the security of our construction based on the intractability of the learning with error (LWE) problem. More generally, we show how to construct a functional encryption scheme from any attribute-based encryption scheme and fully homomorphic encryption scheme.
We demonstrate the power of this result by using it to construct a reusable circuit garbling scheme with input and circuit privacy: an open problem that was studied extensively by the cryptographic community during the past 30 years since Yao's introduction of a one-time circuit garbling method in the mid 80's. Our scheme also leads to a new paradigm for general function obfuscation which we call token-based obfuscation. Furthermore, we show applications of our scheme to fully homomorphic encryption for Turing machines where the homomorphic evaluation runs in input-specific time rather than worst case time, and to publicly verifiable and secret delegation.
Joint work with: Shafi Goldwasser, Yael Kalai, Vinod Vaikuntanathan, and Nickolai Zeldovich
January 23 Organizational meeting
Organizational meeting: Sign up to give a talk!
January 30 Secure File Systems
Speaker: Ali Mashtizadeh
Abstract: Modern users want instant access to their data on any machine they log into, offline access when they are traveling, and file history to access accidentally deleted or damaged data. We built Ori, a file system that supports all these use cases, showing how a single file system can be suitable for multiple different configurations: as a general purpose local file system, as a distributed one, and as one that supports versioning. The key insight is that version control and network file systems go hand in hand: replication and versioning are needed for offline use and later merging/conflict resolution, and network file system-like mechanisms to instantly access remote files are needed to make general use practical. The latter is achieved through InstaClone, a novel mechanism introduced by Ori. Ori runs on Mac OS, Linux, and FreeBSD, and show a small overhead when used as a general purpose file system, while bringing the benefits of versioning and instant remote access to all files.
February 6 EyeQ — Protecting your Network Performance
Speaker: Vimal Jeyakumar
Abstract: Today, a datacentre infrastructure provider (e.g. Amazon AWS, Windows Azure) hosts diverse applications and not all of them can be trusted. While "virtualisation" has made significant advances in isolating CPU performance, there's little to no protection for network bandwidth. Contention occurring at timescales of a few milliseconds, invisible on human timescales, can degrade long term performance.
This talk is about one practical approach to "virtualise" network bandwidth even in the presence of adversarial traffic patterns.
February 13 IFC and Browser Security
Speaker: Edward Yang
Abstract: To ensure the confidentiality and integrity of web content, modern web browsers enforce isolation between content and scripts from different domains with the same-origin policy. However, many web applications require cross-origin sharing of code and data. This conflict between isolation and sharing has led to an ad hoc implementation of the SOP that has proven vulnerable to such attacks as cross-site scripting, cross-site request forgery, and browser privacy leaks. In this talk, we argue that information flow control (IFC) subsumes same-origin policy. We'll show how to express existing browser policies in IFC and show that IFC can also help developers build complex sites such as mashups, which are notoriously difficult to implement securely under the SOP.
February 20 Escaping the Panopticon: Imagining a Truly Decentralized Web
Speaker: Amit Levy
Abstract: Most internet services (e-mail, web applications, instant messaging, VOIP, VPN) have become dominated by centralized providers. Correspondingly, a lot of research on secure systems now starts with a cloud centric viewpoint. This adversely affects users choice, privacy, and identity ownership. We believe that the centralized approach deployed today is fundamentally at odds with solving many of these issues and that a distributed solution should be purused to restore much of the original promise of the Internet. This solution should take the form a new ”platform” for developers and users, but one that is open and devoid a single corporate owner. The convergence of improvements in network bandwidth, IPv6 and hardware costs make this a viable solution today.
February 27 A Learning Theoretic Approach to Non-Interactive Database Privacy
Speaker: Eric Lam
Summary: I will present some of the results and techniques employed in the STOC 2008 paper by Blum, et al. Given a database containing sensitive information, the authors applied learning theory to create a synthetic database that can answer queries from a given concept class while providing non-trivial utility for each of the queries, and preserving privacy. This paper circumvented some earlier negative results which state that a privacy-preserving database access mechanism cannot answer more than a sublinear number of queries accurately, by only guaranteeing usefulness for queries in restricted classes.
I will also present some of the critiques by healthcare professionals on the application of differential privacy mechanisms to release sensitive healthcare data.
March 13 Key Updatable Encryption
Speaker: Hart Montgomery
Summary: Key updatable encryption is a tool that is extremely useful for modern cloud computing. In this talk, I'll explain how key updatable encryption works and why it is necessary and then give some examples of key updatable encryption schemes. I will explain how to build key updatable encryption schemes through a very useful primitive which we call a key homomorphic pseudorandom function and then give some insight on the technical details as to how these functions work.
This talk is based mostly on a joint work with Dan Boneh, Kevin Lewi, and Ananth Raghunathan.
March 20 AES in the Browser using WebGL
Speaker: Okke Schrijvers
Abstract: In this talk we discuss a way of exploiting the graphics framework WebGL to do general purpose computation on the GPU (Graphics Processing Unit) through browser code. We start with a basic discussion on graphics programming on the GPU and see how we can use this knowledge to run algorithms on the GPU that have nothing to do with graphics. This leads us to a framework called GPGPU which stands for General Purpose computation on a Graphics Processing Unit. We also identify the challenges one has to deal with when formulating an algorithm in the GPGPU framework. Next, we formulate the problem of performing AES encryption as a GPGPU problem. This poses a number of problems: how can we make the data available on the GPU, how do we subdivide the algorithm so that we can reuse code on the GPU, and how can we perform bitwise operations like XORs or shifts. We address these problems and give an implementation.
Finally, we present running time results of the code running on different OSes with different browsers and compare it to the SJCL JavaScript implementation. While our code is faster than other browser-based implementation, we do not yet fully utilize the power of the GPU. We end with identifying a number of potential causes for this and potential solutions to these problems.