Past Cryptography Seminar

11 October 2017
Peter Campbell

Identity-based cryptography can be useful in situations where a full-scale public-key infrastructure is impractical.  Original identity-based proposals relied on elliptic curve pairings and so are vulnerable to quantum computers.  I will describe some on-going work to design a post-quantum identity-based encryption scheme using ideas from Ring Learning with Errors. Our scheme has the advantage that it can be extended to the hierarchical setting for more flexible key management.

  • Cryptography Seminar
21 June 2017

In this lecture, we present  practical and provably
secure (authenticated) key exchange protocol and password
authenticated key exchange protocol, which are based on the
learning with errors problems. These protocols are conceptually
simple and have strong provable security properties.
This type of new constructions were started in 2011-2012.
These protocols are shown indeed practical.  We will explain
that all the existing LWE based key exchanges are variants
of this fundamental design.  In addition, we will explain
some issues with key reuse and how to use the signal function
invented for KE for authentication schemes.

  • Cryptography Seminar
7 June 2017
Jan Camenisch

Direct Anonymous Attestation (DAA) is a protocol that allows a security chip embedded in a platform such as laptop to authenticate itself as a genuine chip.  Different authentications are not linkeable, thus the protocol protects the privacy of the platform. The first DAA protocol was proposed by Brickell, Chen, and Camenisch and was standardized in 2004 by the Trusted Computing Group (TCG). Implementations of this protocols were rather slow because it is based on RSA. Later, alternative and faster protocols were proposed based on elliptic curves. Recently the specification by the TCG was updated to allow for DAA protocols based on elliptic curves. Unfortunately, the new standard does not allow for provably secure DAA protocols. In this talk, we will review some of the history of DAA and  then discuss the latest protocols, security models, and finally a provably secure realization of DAA based on elliptic curves.

  • Cryptography Seminar
31 May 2017
Olivier Blazy

Hash Proof Systems or Smooth Projective Hash Functions (SPHFs) are a
form of implicit arguments introduced by Cramer and Shoup at
Eurocrypt’02. They have found many applications since then, in
particular for authenticated key exchange or honest-verifier
zero-knowledge proofs. While they are relatively well understood in
group settings, they seem painful to construct directly in the lattice
Only one construction of an SPHF over lattices has been proposed, by
Katz and Vaikuntanathan at Asiacrypt’09. But this construction has an
important drawback: it only works for an ad-hoc language of ciphertexts.
Concretely, the corresponding decryption procedure needs to be tweaked,
now requiring q many trapdoor inversion attempts, where q is the modulus
of the underlying Learning With Error (LWE) problem.
Using harmonic analysis, we explain the source of this limitation, and
propose a way around it. We show how to construct SPHFs for standard
languages of LWE ciphertexts, and explicit our construction over a
tag-CCA2 encryption scheme à la Micciancio-Peikert (Eurocrypt’12).

If there is enough time, we will conclude with applications of these
SPHFs to password-authenticated key exchange, honest-verifier
zero-knowledge and a variant of witness encryption.

  • Cryptography Seminar
3 May 2017

In this talk, I’ll share the progress that we have made in the field of e-voting, including the proposal of a new paradigm of e-voting system called self-enforcing e-voting (SEEV). A SEEV system is End-to-End (E2E) verifiable, but it differs from all previous E2E systems in that it does not require tallying authorities. The removal of tallying authorities significantly simplifies the election management and makes the system much more practical than before. A prototype of a SEEV system based on the DRE-i protocol (Hao et al. USENIX JETS 2014) has been built and used regularly in Newcastle University for classroom voting and student prize competitions with very positive student feedback. Lessons from our experience of designing, analysing and deploying an e-voting system for real-world applications are also presented.

  • Cryptography Seminar
8 March 2017

The amount of digital data that requires long-term protection 
of integrity, authenticity, and confidentiality protection is steadily 
increasing. Examples are health records and genomic data which may have 
to be kept and protected for 100 years and more. However, current 
security technology does not provide such protection which I consider a 
major challenge. In this talk I report about a storage system that 
achieves the above protection goals in the long-term. It is based on 
information theoretic secure cryptography (both classical and quantum) 
as well as on chains of committments. I discuss its security and present 
a proof-of-concept implementation including an experimental analysis.

  • Cryptography Seminar
1 March 2017
Andreas Enge

Classical modular functions and forms may be evaluated numerically using truncations of the q-series of the Dedekind eta-function or of Jacobi theta-constants. We show that the special structure of the exponents occurring in these series makes it possible to evaluate their truncations to N terms with N+o(N) multiplications; the proofs use elementary number theory and sometimes rely on a Bateman-Horn type conjecture. We furthermore obtain a baby-step giant-step algorithm needing only a sublinear number of multiplications, more precisely O (N/log^r N) for any r>0. Both approaches lead to a measurable speed-up in practical precision ranges, and push the cross-over point for the asymptotically faster arithmetic- geometric mean algorithm even further.

(joint work with William Hart and Fredrik Johansson) ​

  • Cryptography Seminar
22 February 2017

In this seminar, we present a fast fully homomorphic encryption (FHE) based on GSW and its ring variants. The cryptosystem relies on the hardness of lattice problems in the unique domain (e.g. the LWE family). After a brief presentation of these lattice problems, with a few notes on their asymptotic and practical average case hardness, we will present our homomorphic cryptosystem TFHE, based on a ring variant of GSW. TFHE can operate in two modes: The first one is a leveled homomorphic mode, which has the ability to evaluate deterministic automata (or branching programs) at a rate of 1 transition every 50microseconds. For the second mode, we also show that this scheme can evaluate its own decryption in only 20milliseconds, improving on the the construction by Ducas-Micciancio, and of Brakerski-Perlman. This makes the scheme fully homomorphic by Gentry's bootstrapping principle, and for instance, suitable for representing fully dynamic encrypted databases in the cloud.

  • Cryptography Seminar
15 February 2017

We present “Ouroboros,” the first blockchain protocol based on proof of stake with rigorous security guarantees. We establish security properties for the protocol comparable to those achieved by the bitcoin blockchain protocol. As the protocol provides a “proof of stake” blockchain discipline, it offers qualitative efficiency advantages over blockchains based on proof of physical resources (e.g., proof of work). We showcase the practicality of our protocol in real world settings by providing experimental results on transaction processing time obtained with a prototype implementation in the Amazon cloud. We also present a novel reward mechanism for incentivizing the protocol and we prove that given this mechanism, honest behavior is an approximate Nash equilibrium, thus neutralizing attacks such as selfish mining. 

Joint work with  Alexander Russell and Bernardo David and Roman Oliynykov

  • Cryptography Seminar