January 15, 2020 Two-Party Klepto-Cleansing
Speaker: Kamil Kluczniak
Abstract: It is nothing new to say that software and hardware manufacturers implement backdoors into their end products. In this talk, I will give a brief overview of the problems of rooting out subliminal channels from implementations of probabilistic cryptographic functionalities. I will also discuss a simple generic methodology for rooting out subliminal channels that potentially subverted hardware tokens might inject into the randomness of standard cryptographic functionalities.
January 22, 2020 Single Secret Leader Election
Speaker: Saba Eskandarian
Abstract: In a Single Secret Leader Election (SSLE), a group of participants aim to randomly choose exactly one leader from the group with the restriction that the identity of the leader will be known to the chosen leader and nobody else. At a later time, the elected leader should be able to publicly reveal her identity and prove that she has won the election. The election process itself should work properly even if many registered users are passive and do not send any messages. Among the many applications of SSLEs, their potential for enabling more efficient proof-of-stake based cryptocurrencies have recently received increased attention. This paper formally defines SSLE schemes and presents three constructions that provide varying security and performance properties. First, as an existence argument, we show how to realize an ideal SSLE using indistinguishability obfuscation. Next, we show how to build SSLE from low-depth threshold fully homomorphic encryption (TFHE) via a construction which can be instantiated with a circuit of multiplicative depth as low as 10, for realistically-sized secret leader elections. Finally, we show a practical scheme relying on DDH that achieves a slightly relaxed notion of security but which boastsextremely lightweight computational requirements.
Joint work with: Dan Boneh, Lucjan Hanzlik, and Nicola Greco
Paper: ePrint 2020/025
January 29, 2020 Analyzing and Verifying Browser Code
Speaker: Fraser Brown
Abstract: This talk will address two topics related to web browser security. First, it will describe an approach for scaling symbolic execution to find bugs in web browsers. Then it will focus on verifying a browser component, an optimization pass that takes place in Firefox's just-in-time JavaScript compiler (JIT).
February 05, 2020 Winkle: Foiling Long-Range Attacks in Proof-of-Stake Systems
Speaker: Valeria Nikolaenko (Calibra Crypto-Research Team)
Abstract: The talk will describe Winkle - a mechanism that protects any validator-based byzantine fault tolerant consensus mechanisms, such as those used in modern Proof-of-Stake blockchains, against long-range attacks where old validators’ signature keys get compromised. Winkle is a decentralized secondary layer of client-based validation, where clients’ coins vote to confirm check-points. I will explain why under plausible and flexible security assumptions about clients the confirmed checkpoints can not be equivocated. I will discuss how client key rotation increases security, how to accommodate for coins’ minting and how delegation allows for faster checkpoints. I will show our evaluations of check-point latency using Bitcoin and Ethereum transaction data, with and without delegation of stake.
Paper: ePrint 2019/1440
February 12, 2020 Advances in constructing universal updatable zk-SNARKs
Speaker: Ariel Gabizon
Abstract: We give some background on zk-SNARK constructions from the last few years, and highlight the practical importance of a universal and updatable setup procedure (a notion that will be explained). We then sketch ideas from recent SNARK constructions that satisfy this property.
February 19, 2020 Stanford Blockchain Conference
Venue: Arrillaga Alumni Center (326 Galvez St), Stanford University
Registration: Attendance is free, but please register if you plan to attend
February 26, 2020 Automatically Eliminating Speculative Leaks With BLADE
Speaker: Marco Vassena (CISPA)
Abstract: We introduce BLADE, a new approach to automatically and efficiently synthesizing provably correct repairs for transient execution vulnerabilities like Spectre. BLADE is built on the insight that to stop speculative execution attacks, it suffices to cut the dataflow from expressions that speculatively introduce secrets (sources) to those that leak them through the cache (sinks), rather than prohibiting speculation altogether. We formalize this insight in a static type system that (1) types each expression as either transient, i.e., possibly containing speculative secrets or as being stable, and (2) prohibits speculative leaks by requiring that all sink expressions are stable. We introduce protect, a new abstract primitive for fine grained speculation control that can be implemented via existing architectural mechanisms, and show how our type system can automatically synthesize a minimal number of protect calls needed to ensure the program is secure. We evaluate BLADE by using it to repair several verified, yet vulnerable WebAssembly implementations of cryptographic primitives. BLADE can fix existing programs that leak via speculation automatically, without user intervention, and efficiently using two orders of magnitude fewer fences than would be added by existing compilers, thereby and ensuring security with minimal performance overhead.
March 04, 2020 Improving Speed and Security in Updatable Encryption Schemes
Speaker: Saba Eskandarian
Abstract: An updatable encryption scheme is a symmetric-key encryption scheme that supports key-rotation on ciphertexts. A server that hosts a user's encrypted data can use a user-provided update token to rotate the key under which the data is encrypted while not learning any information about the underlying data. This work's contributions are threefold. First, we introduce new definitions for updatable encryption (in the ciphertext-dependent setting) that capture desirable security properties not covered in prior work. Next, we construct two new updatable encryption schemes. The first construction relies only on symmetric cryptographic primitives but only supports a bounded number of key rotations. The second supports a (nearly) unbounded number of updates and relies on almost key-homomorphic PRFs. We construct an efficient almost key-homomorphic PRF from the Ring Learning with Errors (RLWE) assumption to concretely instantiate our second construction. Finally, we implement both constructions and compare their performance to prior work. Our RLWE-based construction outperforms an existing updatable encryption scheme based on the hardness of DDH in elliptic-curve groups by over 200x in speed. Our construction based only on symmetric primitives has the highest encryption throughput, approaching the performance of AES, and the highest decryption throughput on ciphertexts that were re-encrypted fewer than fifty times, at which point the RLWE construction dominates.
Joint work with: Dan Boneh, Sam Kim, and Maurice Shih
Paper: ePrint 2020/222
March 11, 2020 TBA
Speaker: Marco Patrignani