Lecture Notes in Computer Science 6223 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan Van Leeuwen

Total Page:16

File Type:pdf, Size:1020Kb

Lecture Notes in Computer Science 6223 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan Van Leeuwen Lecture Notes in Computer Science 6223 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Germany Madhu Sudan Microsoft Research, Cambridge, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany Tal Rabin (Ed.) Advances in Cryptology – CRYPTO 2010 30th Annual Cryptology Conference Santa Barbara, CA, USA, August 15-19, 2010 Proceedings 13 Volume Editor Tal Rabin IBM T.J.Watson Research Center Hawthorne, NY, USA E-mail: [email protected] Library of Congress Control Number: 2010931385 CR Subject Classification (1998): E.3, G.2.1, F.2.1-2, D.4.6, K.6.5, C.2, J.1 LNCS Sublibrary: SL 4 – Security and Cryptology ISSN 0302-9743 ISBN-10 3-642-14622-8 Springer Berlin Heidelberg New York ISBN-13 978-3-642-14622-0 Springer Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. springer.com © International Association for Cryptologic Research 2010 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper 06/3180 Preface CRYPTO 2010, the 30th Annual International Cryptology Conference, was spon- sored by the International Association for Cryptologic Research (IACR) in co- operation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of Cal- ifornia at Santa Barbara. The conference was held in Santa Barbara, Califor- nia, during August 15-19, 2010, in conjunction with CHES 2010 (Workshop on Cryptographic Hardware and Embedded Systems). Zulfikar Ramzan served as the General Chair. The conference received 203 submissions. The quality of the submissions was very high, and the selection process was a challenging one. The Program Com- mittee, aided by a 159 external reviewers, reviewed the submissions and after an intensive review period the committee accepted 41 of these submissions. Three submissions were merged into a single paper and two papers were merged into a single talk, yielding a total of 39 papers in the proceedings and 38 presenta- tions at the conference. The revised versions of the 39 papers appearing in the proceedings were not subject to editorial review and the authors bear full re- sponsibility for their contents. The best-paper award was awarded to the paper “Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness” by Craig Gentry. The conference featured two invited presentations. This year we celebrated 25 years from the publication of the ground-breaking work of Shafi Goldwasser, Silvio Micali and Charles Rackoff “The Knowledge Complexity of Interactive Proof-Systems.” We had the privilege of having “GMR” give the first invited talk of the conference. The second invited talk was in a joint session with CHES. The topic was “Is Theoretical Cryptography Any Good in Practice?” and the talk was jointly given by Ivan Damg˚ard and Markus Kuhn. The program also included a Rump Session, chaired by Daniel J. Bernstein and Tanja Lange, featuring short informal talks on new and in-progress results. I am in debt to the many people who contributed to the success of the conference, and I apologize to those I have forgotten. First and foremost I thank the authors who submitted their papers; a conference is only as good as the submissions that it receives. The Program Committee members made a great effort contributing their time, knowledge, expertise and taste and for that I am grateful. I also thank the large number of external reviewers who assisted in the process. (The Program Committee and sub-reviewers are listed in the following pages.) The submission and review process used the software that Shai Halevi designed and I received a lot of help from him in running it. And always, I want to thank my friends at IBM Research, Rosario Gennaro, Craig Gentry, Shai Halevi, Charanjit Jutla, Hugo Krawczyk and Vinod Vaikun- tanathan – being part of this group makes everything so much more worthwhile. June 2010 Tal Rabin CRYPTO 2010 The 30th International Cryptology Conference August 15–19, 2010, Santa Barbara, California, USA Sponsored by the International Association for Cryptologic Research (IACR) in cooperation with IEEE Computer Society Technical Committee on Security and Privacy, Computer Science Department, University of California, Santa Barbara General Chair Zulfikar Ramzan Symantec Program Chair Tal Rabin IBM Research Program Committee Michel Abdalla ENS, France Adi Akavia Weizmann Institute, Israel Amos Beimel Ben-Gurion University, Israel Xavier Boyen Universit´edeLi`ege, Belgium Christian Cachin IBM Research, Zurich, Switzerland Serge Fehr CWI, The Netherlands Johan H˚astad Royal Institute of Technology, Sweden Carmit Hazay Weizmann Institute and IDC Herzelia, Israel Susan Hohenberger Johns Hopkins, USA Thomas Holenstein ETH, Switzerland Yael Tauman Kalai Microsoft Research - New England, USA John Kelsey NIST, USA Eike Kiltz CWI, The Netherlands Eyal Kushilevitz Technion, Israel Tanja Lange Technische Universiteit Eindhoven, The Netherlands Yehuda Lindell Bar-Ilan University, Israel Ilya Mironov Microsoft Research, USA Tal Moran Harvard, USA VIII Organization Jesper Buus Nielsen University of Aarhus, Denmark Eiji Okamoto University of Tsukuba, Japan Pascal Paillier Gemalto, France Rafael Pass Cornell University, USA Giuseppe Persiano University of Salerno, Italy Thomas Peyrin Ingenico, France Leonid Reyzin Boston University, USA Matt Robshaw Orange Labs, France Palash Sarkar Indian Statistical Institute, India abhi shelat University of Virginia, USA Vinod Vaikuntanathan IBM Research, USA Brent Waters University of Texas, Austin, USA Hoeteck Wee Queens College, CUNY, USA Andrew Yao Tsinghua University, China Advisory Members Shai Halevi (CRYPTO 2009 Program Chair) - IBM Research Phil Rogaway (CRYPTO 2011 Program Chair) - University of California, Davis External Reviewers Divesh Aggarwal Anne Canteaut Maria Dubovitskaya Shweta Agrawal Claude Carlet Leo Ducas Jae Hyun Ahn David Cash Dejan Dukaric Joel Alwen Nishanth Chandran Orr Dunkeman Benny Applebaum Donghoon Chang Sebastian Faust Gilad Asharov Melissa Chase Matthias Fitzi Aslan Askarov Sanjit Chatterjee Manuel Forster Jean-Philippe Aumasson Lily Chen Pierre-Alain Fouque Roberto M. Avanzi Victor Chen David Freeman Steve Babbage Nathan Chenette Georg Fuchsbauer Daniel J. Bernstein Cline Chevalier Thomas Fuhr Luk Bettale Christophe Clavier Benjamin Fuller Rishiraj Bhattacharyya Jean-S´ebastien Coron Steven Galbraith Sanjay Bhattacherjee Scott Coull Clemente Galdi Niek Bouman Giovanni Di Crescenzo Sharon Goldberg Elette Boyle Dana Dachman-Soled Prasant Gopal Zvika Brakerski M. Prem Laxman Das Dov Gordon Eric Brier Blandine Debraize Louis Goubin Dan Brown C´ecile Delerable Aline Gouget Jan Camenisch Yevgeniy Dodis Vipul Goyal Sbastien Canard Chandan Dubey Matthew Green Ran Canetti Renaud Dubois Iftach Haitner Organization IX Mike Hamburg Gregory Neven Gil Segev Nadia Heninger Phong Nguyen Yannick Seurin Javier Herranz Mats N¨aslund Igor Shparlinski Martin Hirt Adam O’Neill Francesco Sica Dennis Hofheinz Eran Omri Martijn Stam Esther H¨anggi Claudio Orlandi John Steinberger Vincenzo Iovino Ilan Orlov Henning Stichtenoth Yuval Ishai Duong Hieu Phan Kunal Talwar Abhishek Jain Omkant Pandey Christophe Tartary Otto Johnston Periklis B¨ojrn Terelius Antoine Joux Papakonstantinou Stefano Tessaro Charanjit Jutla Bryan Parno Emmanuel Thom´e Seny Kamara Anat Paskin Mehdi Tibouchi Bhavana Kanukurthi Souradyuti Paul Tomas Toft Alexandre Karlov Chris Peikert Luca Trevisan Dmitry Khovratovich Ray Perlner Wei-lung (Dustin) Tseng Hugo Krawczyk Ludovic Perret Meltem Turan Gunnar Kreitz Christiane Peters Dominique Unruh Robin K¨unzler Krzysztof Pietrzak Muthuramakrishnan Allison Lewko David Pointcheval Venkitasubramaniam Huijia Rachel Lin Stefan Popoveniuc Damien Vergnaud Carolin Lunemann Emmanuel Prouff Ivan Visconti Vadim Lyubashevsky Elizabeth Quaglia Bogdan Warinschi Subhamoy Maitra Somindu C. Ramanna Stephanie Wehner Willi Meier Dominik Raub Daniel Wichs Alfred Menezes Christian Rechberger Douglas Wikstr¨om Daniele Micciancio Andrew Regenscheid Severin Winkler Steve Miller Matthieu Rivain Christopher Wolf Hart Montgomery Yannis Rouselakis Bo-Yin Yang Jorge Nakahara Andrea R¨ock Shona Yu Mridul Nandi Subhabrata
Recommended publications
  • Anna Lysyanskaya Curriculum Vitae
    Anna Lysyanskaya Curriculum Vitae Computer Science Department, Box 1910 Brown University Providence, RI 02912 (401) 863-7605 email: [email protected] http://www.cs.brown.edu/~anna Research Interests Cryptography, privacy, computer security, theory of computation. Education Massachusetts Institute of Technology Cambridge, MA Ph.D. in Computer Science, September 2002 Advisor: Ronald L. Rivest, Viterbi Professor of EECS Thesis title: \Signature Schemes and Applications to Cryptographic Protocol Design" Massachusetts Institute of Technology Cambridge, MA S.M. in Computer Science, June 1999 Smith College Northampton, MA A.B. magna cum laude, Highest Honors, Phi Beta Kappa, May 1997 Appointments Brown University, Providence, RI Fall 2013 - Present Professor of Computer Science Brown University, Providence, RI Fall 2008 - Spring 2013 Associate Professor of Computer Science Brown University, Providence, RI Fall 2002 - Spring 2008 Assistant Professor of Computer Science UCLA, Los Angeles, CA Fall 2006 Visiting Scientist at the Institute for Pure and Applied Mathematics (IPAM) Weizmann Institute, Rehovot, Israel Spring 2006 Visiting Scientist Massachusetts Institute of Technology, Cambridge, MA 1997 { 2002 Graduate student IBM T. J. Watson Research Laboratory, Hawthorne, NY Summer 2001 Summer Researcher IBM Z¨urich Research Laboratory, R¨uschlikon, Switzerland Summers 1999, 2000 Summer Researcher 1 Teaching Brown University, Providence, RI Spring 2008, 2011, 2015, 2017, 2019; Fall 2012 Instructor for \CS 259: Advanced Topics in Cryptography," a seminar course for graduate students. Brown University, Providence, RI Spring 2012 Instructor for \CS 256: Advanced Complexity Theory," a graduate-level complexity theory course. Brown University, Providence, RI Fall 2003,2004,2005,2010,2011 Spring 2007, 2009,2013,2014,2016,2018 Instructor for \CS151: Introduction to Cryptography and Computer Security." Brown University, Providence, RI Fall 2016, 2018 Instructor for \CS 101: Theory of Computation," a core course for CS concentrators.
    [Show full text]
  • MODELING and ANALYSIS of MOBILE TELEPHONY PROTOCOLS by Chunyu Tang a DISSERTATION Submitted to the Faculty of the Stevens Instit
    MODELING AND ANALYSIS OF MOBILE TELEPHONY PROTOCOLS by Chunyu Tang A DISSERTATION Submitted to the Faculty of the Stevens Institute of Technology in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Chunyu Tang, Candidate ADVISORY COMMITTEE David A. Naumann, Chairman Date Yingying Chen Date Daniel Duchamp Date Susanne Wetzel Date STEVENS INSTITUTE OF TECHNOLOGY Castle Point on Hudson Hoboken, NJ 07030 2013 c 2013, Chunyu Tang. All rights reserved. iii MODELING AND ANALYSIS OF MOBILE TELEPHONY PROTOCOLS ABSTRACT The GSM (2G), UMTS (3G), and LTE (4G) mobile telephony protocols are all in active use, giving rise to a number of interoperation situations. This poses serious challenges in ensuring authentication and other security properties. Analyzing the security of all possible interoperation scenarios by hand is, at best, tedious under- taking. Model checking techniques provide an effective way to automatically find vulnerabilities in or to prove the security properties of security protocols. Although the specifications address the interoperation cases between GSM and UMTS and the switching and mapping of established security context between LTE and previous technologies, there is not a comprehensive specification of which are the possible interoperation cases. Nor is there comprehensive specification of the procedures to establish security context (authentication and short-term keys) in the various interoperation scenarios. We systematically enumerate the cases, classifying them as allowed, disallowed, or uncertain with rationale based on detailed analysis of the specifications. We identify the authentication and key agreement procedure for each of the possible cases. We formally model the pure GSM, UMTS, LTE authentication protocols, as well as all the interoperation scenarios; we analyze their security, in the symbolic model of cryptography, using the tool ProVerif.
    [Show full text]
  • Department of Computer Science
    i cl i ck ! MAGAZINE click MAGAZINE 2014, VOLUME II FIVE DECADES AS A DEPARTMENT. THOUSANDS OF REMARKABLE GRADUATES. 50COUNTLESS INNOVATIONS. Department of Computer Science click! Magazine is produced twice yearly for the friends of got your CS swag? CS @ ILLINOIS to showcase the innovations of our faculty and Commemorative 50-10 Anniversary students, the accomplishments of our alumni, and to inspire our t-shirts are available! partners and peers in the field of computer science. Department Head: Editorial Board: Rob A. Rutenbar Tom Moone Colin Robertson Associate Department Heads: Rob A. Rutenbar shop now! my.cs.illinois.edu/buy Gerald DeJong Michelle Wellens Jeff Erickson David Forsyth Writers: David Cunningham CS Alumni Advisory Board: Elizabeth Innes Alex R. Bratton (BS CE ’93) Mike Koon Ira R. Cohen (BS CS ’81) Rick Kubetz Vilas S. Dhar (BS CS ’04, BS LAS BioE ’04) Leanne Lucas William M. Dunn (BS CS ‘86, MS ‘87) Tom Moone Mary Jane Irwin (MS CS ’75, PhD ’77) Michelle Rice Jennifer A. Mozen (MS CS ’97) Colin Robertson Daniel L. Peterson (BS CS ’05) Laura Schmitt Peter L. Tannenwald (BS LAS Math & CS ’85) Michelle Wellens Jill C. Zmaczinsky (BS CS ’00) Design: Contact us: SURFACE 51 [email protected] 217-333-3426 Machines take me by surprise with great frequency. Alan Turing 2 CS @ ILLINOIS Department of Computer Science College of Engineering, College of Liberal Arts & Sciences University of Illinois at Urbana-Champaign shop now! my.cs.illinois.edu/buy click i MAGAZINE 2014, VOLUME II 2 Letter from the Head 4 ALUMNI NEWS 4 Alumni
    [Show full text]
  • Lipics-ISAAC-2020-42.Pdf (0.5
    Multiparty Selection Ke Chen Department of Computer Science, University of Wisconsin–Milwaukee, WI, USA [email protected] Adrian Dumitrescu Department of Computer Science, University of Wisconsin–Milwaukee, WI, USA [email protected] Abstract Given a sequence A of n numbers and an integer (target) parameter 1 ≤ i ≤ n, the (exact) selection problem is that of finding the i-th smallest element in A. An element is said to be (i, j)-mediocre if it is neither among the top i nor among the bottom j elements of S. The approximate selection problem is that of finding an (i, j)-mediocre element for some given i, j; as such, this variant allows the algorithm to return any element in a prescribed range. In the first part, we revisit the selection problem in the two-party model introduced by Andrew Yao (1979) and then extend our study of exact selection to the multiparty model. In the second part, we deduce some communication complexity benefits that arise in approximate selection. In particular, we present a deterministic protocol for finding an approximate median among k players. 2012 ACM Subject Classification Theory of computation Keywords and phrases approximate selection, mediocre element, comparison algorithm, i-th order statistic, tournaments, quantiles, communication complexity Digital Object Identifier 10.4230/LIPIcs.ISAAC.2020.42 1 Introduction Given a sequence A of n numbers and an integer (selection) parameter 1 ≤ i ≤ n, the selection problem asks to find the i-th smallest element in A. If the n elements are distinct, the i-th smallest is larger than i − 1 elements of A and smaller than the other n − i elements of A.
    [Show full text]
  • Arxiv:2102.09041V3 [Cs.DC] 4 Jun 2021
    Reaching Consensus for Asynchronous Distributed Key Generation ITTAI ABRAHAM, VMware Research, Israel PHILIPP JOVANOVIC, University College London, United Kingdom MARY MALLER, Ethereum Foundation, United Kingdom SARAH MEIKLEJOHN, University College London, United Kingdom and Google, United Kingdom GILAD STERN, The Hebrew University in Jerusalem, Israel ALIN TOMESCU, VMware Research, USA < = We give a protocol for Asynchronous Distributed Key Generation (A-DKG) that is optimally resilient (can withstand 5 3 faulty parties), has a constant expected number of rounds, has $˜ (=3) expected communication complexity, and assumes only the existence of a PKI. Prior to our work, the best A-DKG protocols required Ω(=) expected number of rounds, and Ω(=4) expected communication. Our A-DKG protocol relies on several building blocks that are of independent interest. We define and design a Proposal Election (PE) protocol that allows parties to retrospectively agree on a valid proposal after enough proposals have been sent from different parties. With constant probability the elected proposal was proposed by a nonfaulty party. In building our PE protocol, we design a Verifiable Gather protocol which allows parties to communicate which proposals they have and have not seen in a verifiable manner. The final building block to our A-DKG is a Validated Asynchronous Byzantine Agreement (VABA) protocol. We use our PE protocol to construct a VABA protocol that does not require leaders or an asynchronous DKG setup. Our VABA protocol can be used more generally when it is not possible to use threshold signatures. 1 INTRODUCTION In this work we study Decentralized Key Generation in the Asynchronous setting (A-DKG).
    [Show full text]
  • Cryptography Abstracts
    Cryptography Abstracts Saturday 10:15 – 12:15 Shafi Goldwasser, MIT Anna Lysyanskaya, Brown University Alice Silverberg, University of California, Irvine Nadia Heninger, UCSD Sunday 8:30 – 10:30 Tal Rabin, IBM Research Tal Malkin, Columbia University Allison Bishop Lewko, University of Texas, Austin Yael Tauman-Kalai, Microsoft Research – New England Saturday 10:15 – 12:15 On Probabilistic Proofs Shafi Goldwasser, MIT ABSTRACT Flavors and applications of verifiable random functions Anna Lysyanskaya, Brown University A random Boolean function is a function where for every input x, the value f(x) is truly random. A pseudorandom function is one where, even though f(x) can be deterministically computed from a small random "seed" s, no efficient algorithm can distinguish f from a random function upon querying it on inputs x1,...,xn of its choice. A verifiable random function (VRF) is a pseudorandom function that can be verified. That is to say, a VRF consists of four algorithms: Generate, Evaluate, Prove, Verify. Alice chooses uses Generate to pick her function f, Evaluate to evaluate it and compute y=f(x), Prove in order to compute a proof p(x) that y is indeed f(x). Bob can then use Verify in order to ascertain that it is indeed the case that y=f(x). At the same time, whenever Bob is not given a proof p(x) for a particular x, no efficient algorithm allows him to determine whether y=f(x) or is random. In this talk I will give a survey of verifiable random functions and their constructions and applications. Elliptic Curve Primality Tests for Numbers in Special Forms Alice Silverberg, University of California, Irvine In joint work with Alex Abatzoglou and Angela Wong, we use elliptic curves with complex multiplication to give primality proofs for integers of certain forms, generalizing earlier work of B.
    [Show full text]
  • Fundamentals of Fully Homomorphic Encryption – a Survey
    Electronic Colloquium on Computational Complexity, Report No. 125 (2018) Fundamentals of Fully Homomorphic Encryption { A Survey Zvika Brakerski∗ Abstract A homomorphic encryption scheme is one that allows computing on encrypted data without decrypting it first. In fully homomorphic encryption it is possible to apply any efficiently com- putable function to encrypted data. We provide a survey on the origins, definitions, properties, constructions and uses of fully homomorphic encryption. 1 Homomorphic Encryption: Good, Bad or Ugly? In the seminal RSA cryptosystem [RSA78], the public key consists of a product of two primes ∗ N = p · q as well as an integer e, and the message space is the set of elements in ZN . Encrypting a message m involved simply raising it to the power e and taking the result modulo N, i.e. c = me (mod N). For the purpose of the current discussion we ignore the decryption process. It is not hard to see that the product of two ciphertexts c1 and c2 encrypting messages m1 and m2 allows e to compute the value c1 · c2 (mod N) = (m1m2) (mod N), i.e. to compute an encryption of m1 · m2 without knowledge of the secret private key. Rabin's cryptosystem [Rab79] exhibited similar behavior, where a product of ciphertexts corresponded to an encryption of their respective plaintexts. This behavior can be expressed in formal terms by saying that the ciphertext space and the plaintext space are homomorphic (multiplicative) groups. The decryption process defines the homomorphism by mapping a ciphertext to its image plaintext. Rivest, Adleman and Dertouzos [RAD78] realized the potential advantage of this property.
    [Show full text]
  • Speeding-Up Verification of Digital Signatures Abdul Rahman Taleb, Damien Vergnaud
    Speeding-Up Verification of Digital Signatures Abdul Rahman Taleb, Damien Vergnaud To cite this version: Abdul Rahman Taleb, Damien Vergnaud. Speeding-Up Verification of Digital Signatures. Journal of Computer and System Sciences, Elsevier, 2021, 116, pp.22-39. 10.1016/j.jcss.2020.08.005. hal- 02934136 HAL Id: hal-02934136 https://hal.archives-ouvertes.fr/hal-02934136 Submitted on 27 Sep 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Speeding-Up Verification of Digital Signatures Abdul Rahman Taleb1, Damien Vergnaud2, Abstract In 2003, Fischlin introduced the concept of progressive verification in cryptog- raphy to relate the error probability of a cryptographic verification procedure to its running time. It ensures that the verifier confidence in the validity of a verification procedure grows with the work it invests in the computation. Le, Kelkar and Kate recently revisited this approach for digital signatures and pro- posed a similar framework under the name of flexible signatures. We propose efficient probabilistic verification procedures for popular signature schemes in which the error probability of a verifier decreases exponentially with the ver- ifier running time. We propose theoretical schemes for the RSA and ECDSA signatures based on some elegant idea proposed by Bernstein in 2000 and some additional tricks.
    [Show full text]
  • September 21-23, 2021 Women in Security and Cryptography Workshop
    September 21-23, 2021 Women in Security and Cryptography Workshop Our WISC- Speakers Our WISC-Speakers Adrienne Porter Felt, Google BIO. Adrienne is a Director of Engineering at Google, where she leads Chrome’s Data Science, content ecosystem, and iOS teams. Previously, Adrienne founded and led Chrome’s usable security team. She is best known externally for her work on moving the web to HTTPS, earning her recognition as one of MIT Technology Review’s Innovators Under 35. Adrienne holds a PhD from UC Berkeley, and most of her academic publications are on usable security for browsers and mobile operating systems. Copyright: Adrienne Porter Felt Carmela Troncoso, École polytechnique fédérale de Lausanne BIO. Carmela Troncoso is an assistant professor at EPFL, Switzerland, where she heads the SPRING Lab. Her work focuses on analyzing, building, and deploying secure and privacy-preserving systems. Carmela holds a PhD in Engineering from KULeuven. Her thesis, Design and Analysis Methods for Privacy Technologies, received the European Research Consortium for Informatics and Mathematics Security and Trust Management Best PhD Thesis Award, and her work on Privacy Engineering received the CNIL-INRIA Privacy Protection Award in 2017. She has been named 40 under 40 in technology by Fortune in 2020. Copyright: Carmela Troncoso Elette Boyle, IDC Herzliya BIO. Elette Boyle is an Associate Professor, and Director of the FACT (Foundations & Applications of Cryptographic Theory) Research Center, at IDC Herzliya, Israel. She received her PhD from MIT, and served as a postdoctoral researcher at Cornell University and at the Technion Israel. Elette's research focuses on secure multi- party computation, secret sharing, and distributed algorithm design.
    [Show full text]
  • Program of the NIST Workshop on Multi-Party Threshold Schemes MPTS 2020 — Virtual Event (November 4–6, 2020)
    MPTS 2020 program (updated November 20, 2020) Program of the NIST Workshop on Multi-Party Threshold Schemes MPTS 2020 — Virtual event (November 4–6, 2020) https://csrc.nist.gov/events/2020/mpts2020 # Hour Speaker(s) Topic (not the title) — 09:15–09:35 — Virtual arrival 1a1 09:35–10:00 Luís Brandão Workshop introduction 1a2 10:00–10:25 Berry Schoenmakers Publicly verifiable secret sharing Talks 1a3 10:25–10:50 Ivan Damgård Active security with honest majority — 10:50–11:05 — Break 1b1 11:05–11:30 Tal Rabin MPC in the YOSO model 1b2 11:30–11:55 Nigel Smart Threshold HashEdDSA (deterministic) Talks 1b3 11:55–12:20 Chelsea Komlo Threshold Schnorr (probabilistic) November 4 — 12:20–12:30 — Break 1c1 12:30–12:36 Yashvanth Kondi Threshold Schnorr (deterministic) 1c2 12:36–12:42 Akira Takahashi PQ Threshold signatures 1c3 12:42–12:48 Jan Willemson PQ Threshold schemes Briefs 1c4 12:48–12:54 Saikrishna Badrinarayanan Threshold bio-authentication — 12:54–13:00+ — Day closing — 09:15–09:35 — Virtual arrival 2a1 09:35–10:00 Yehuda Lindell Diverse multiparty settings 2a2 10:00–10:25 Ran Canetti General principles (composability, ...) Talks 2a3 10:25–10:50 Yuval Ishai Pseudorandom correlation generators — 10:50–11:05 — Break 2b1 11:05–11:30 Emmanuela Orsini & Peter Scholl Oblivious transfer extension 2b2 11:30–11:55 Vladimir Kolesnikov Garbled circuits Talks 2b3 11:55–12:20 Xiao Wang Global scale threshold AES — 12:20–12:30 — Break November 5 2c1 12:30–12:36 Xiao Wang Garbled circuits 2c2 12:36–12:42 Jakob Pagter MPC-based Key-management 2c3 12:42–12:48
    [Show full text]
  • Further Simplifications in Proactive RSA Signatures
    Further Simplifications in Proactive RSA Signatures Stanislaw Jarecki and Nitesh Saxena School of Information and Computer Science, UC Irvine, Irvine, CA 92697, USA {stasio, nitesh}@ics.uci.edu Abstract. We present a new robust proactive (and threshold) RSA sig- nature scheme secure with the optimal threshold of t<n/2 corruptions. The new scheme offers a simpler alternative to the best previously known (static) proactive RSA scheme given by Tal Rabin [36], itself a simpli- fication over the previous schemes given by Frankel et al. [18, 17]. The new scheme is conceptually simple because all the sharing and proac- tive re-sharing of the RSA secret key is done modulo a prime, while the reconstruction of the RSA signature employs an observation that the secret can be recovered from such sharing using a simple equation over the integers. This equation was first observed and utilized by Luo and Lu in a design of a simple and efficient proactive RSA scheme [31] which was not proven secure and which, alas, turned out to be completely in- secure [29] due to the fact that the aforementioned equation leaks some partial information about the shared secret. Interestingly, this partial information leakage can be proven harmless once the polynomial sharing used by [31] is replaced by top-level additive sharing with second-level polynomial sharing for back-up. Apart of conceptual simplicity and of new techniques of independent interests, efficiency-wise the new scheme gives a factor of 2 improvement in speed and share size in the general case, and almost a factor of 4 im- provement for the common RSA public exponents 3, 17, or 65537, over the scheme of [36] as analyzed in [36].
    [Show full text]
  • COT 5407:Introduction to Algorithms Author and Copyright: Giri Narasimhan Florida International University Lecture 1: August 28, 2007
    COT 5407:Introduction to Algorithms Author and Copyright: Giri Narasimhan Florida International University Lecture 1: August 28, 2007. 1 Introduction The field of algorithms is the bedrock on which all of computer science rests. Would you jump into a business project without understanding what is in store for you, without know- ing what business strategies are needed, without understanding the nature of the market, and without evaluating the competition and the availability of skilled available workforce? In the same way, you should not undertake writing a program without thinking out a strat- egy (algorithm), without theoretically evaluating its performance (algorithm analysis), and without knowing what resources you will need and you have available. While there are broad principles of algorithm design, one of the the best ways to learn how to be an expert at designing good algorithms is to do an extensive survey of “case studies”. It provides you with a storehouse of strategies that have been useful for solving other problems. When posed with a new problem, the first step is to “model” your problem appropriately and cast it as a problem (or a variant) that has been previously studied or that can be easily solved. Often the problem is rather complex. In such cases, it is necessary to use general problem-solving techniques that one usually employs in modular programming. This involves breaking down the problem into smaller and easier subproblems. For each subproblem, it helps to start with a skeleton solution which is then refined and elaborated upon in a stepwise manner. Once a strategy or algorithm has been designed, it is important to think about several issues: why is it correct? does is solve all instances of the problem? is it the best possible strategy given the resource limitations and constraints? if not, what are the limits or bounds on the amount of resources used? are improved solutions possible? 2 History of Algorithms It is important for you to know the giants of the field, and the shoulders on which we all stand in order to see far.
    [Show full text]