Abstract: TBA

Abstract: In this talk, I will give a brief overview of the attempt to create Proofs of Proofs-of-Work for work-based blockchain protocols in order to construct secure proofs which have communication complexity polylogarithmic to the size of the blockchain. Such schemas enable the creation of efficient SPV clients and are the foundation for building blockchain sidechains, a key solution to the fundamental blockchain problems of scalability, interoperability and upgradability. I will give an overview of the paper by Kiayias, Lamprou, Stouka (Financial Crypto 16) on interactive proofs of proof-of-work as well as discuss research directions in non-interactive proofs of proofs-of-work, a draft schema we are working on with Aggelos Kiayias & Andrew Miller.

Abstract: From a cryptographic point of view, money is a primitive whose purpose is to produce coins that are impossible to copy/counterfeit while still can be efficiently verified. Classically, in a setting where verification takes place locally, a coin cannot correspond to a single bit-string, since bits can be easily copied. As a result, we give away local verification by either interacting with a trusted bank or by interacting with the rest of the users in order to achieve consensus over account balances. On the other hand, in a quantum setting, the no-cloning theorem gives evidence that a coin may actually correspond to a qubit-string while preserving local verification. The talk will survey results in the area of quantum money, give constructions and connections between them and explore their limits by presenting impossibility results. Moreover, it will present similarities and differences between quantum money and cryptocurrencies.

Based on works with Kai-Min Chung, Iordanis Kerenidis, Aggelos Kiayias, Ching-Yi Lai and Vassilis Zikas.

Abstract: We propose a framework for constructing efficient designated-verifier non-interactive zero-knowledge proofs (DVNIZK) for a wide class of algebraic languages over abelian groups, under standard assumptions. The proofs obtained via our framework are proofs of knowledge, enjoy statistical, and unbounded soundness (the soundness holds even when the prover receives arbitrary feedbacks on previous proofs). Previously, no efficient DVNIZK system satisfying any of those three properties was known. Our framework allows proving arbitrary relations between cryptographic primitives such as Pedersen commitments, ElGamal encryptions, or Paillier encryptions, in an efficient way. For the latter, we further exhibit the first non-interactive zero-knowledge proof system in the standard model which is more efficient than proofs obtained via the Fiat-Shamir transform, with still-meaningful security guarantees and under standard assumptions. Our framework has numerous applications, in particular for the design of efficient privacy-preserving non-interactive authentication.

Abstract: The highly-specialized skills required for the evaluation of the devices in conjunction with the isolation of the involved disciplines, become a true barrier for the identification of additional security issues. This obstacle is strengthened by the lack of an overall platform that would enable the estimation of information leakage from different devices. While in theory the testing approach as well as the employed trace collection tool-set can be designed exclusively for a specific cryptographic implementation (e.g. AES, RSA etc.), in practice, experienced SCA analysts require a generic and flexible tool-set and DUT leakage evaluator (e.g. test vector leakage assessment, TVLA and its variations), that needs to be easily adapted to the Device Under Test they are currently evaluating and still be able to collect huge amount of traces in a reasonably fast way. Open source SCA setups that are widely used by the research community have either very primitive software/hardware support or they are built on low-cost equipment that cannot endure very sophisticated attacks without having considerable custom software code developed by an attacker. To collect huge amounts of traces (e.g. leakage assessment requires millions of traces) in reasonable time, custom hardware control mechanisms on a platform are developed specifically for the respective DUT’s cryptographic algorithm, in order to provide the appropriate test vector inputs. This considerably increases the development time of the control mechanism (a different hardware control implementation for each crypto-algorithm on test) and restricts its re-usability. In an attempt to adapt and improve the existing cryptanalysis methodologies and tools, we designed a mechanism that enables the security assessment of real-world cryptographic IP implementations, regardless of their algorithm implemented internally, thus supporting flexibility, reconfigurability, high scalability, fast trace collection and ease-of-use.

Joint work with Apostolos P. Fournaris.

Abstract: We show how to obfuscate a large and expressive class of programs, which we call compute-and-compare programs, under the learning-with-errors (LWE) assumption. Each such program $CC[f,y]$ is parametrized by an arbitrary polynomial-time computable function $f$ along with a target value y and we define $CC[f,y](x)$ to output 1 if $f(x)=y$ and 0 otherwise. In other words, the program performs an arbitrary computation f and then compares its output against a target y. Our obfuscator satisfies distributional virtual-black-box security, which guarantees that the obfuscated program does not reveal any partial information about the function f or the target value y, as long as they are chosen from some distribution where y has sufficient pseudo-entropy given f. We also extend our result to multi-bit compute-and-compare programs $MBCC[f,y,z](x)$ which output a message z if $f(x)=y$. Compute-and-compare programs are powerful enough to capture many interesting obfuscation tasks as special cases. This includes obfuscating conjunctions, and therefore we improve on the prior work of Brakerski et al. (ITCS '16) which constructed a conjunction obfuscator under a non-standard "entropic" ring-LWE assumption, while here we obfuscate a significantly broader class of programs under standard LWE. We show that our obfuscator has several interesting applications. For example, we can take any encryption scheme and publish an obfuscated plaintext equality tester that allows users to check whether an arbitrary ciphertext encrypts some target value y; as long as y has sufficient pseudo-entropy this will not harm semantic security. We can also use our obfuscator to generically upgrade attribute-based encryption to predicate encryption with one-sided attribute-hiding security, as well as witness encryption to indistinguishability obfuscation which is secure for all null circuits. Furthermore, we show that our obfuscator gives new circular-security counter-examples for public-key bit encryption and for unbounded length key cycles. Our result uses the graph-induced multi-linear maps of Gentry, Gorbunov and Halevi (TCC '15), but only in a carefully restricted manner which is provably secure under LWE. Our technique is inspired by ideas introduced in a recent work of Goyal, Koppula and Waters (EUROCRYPT '17) in a seemingly unrelated context.

Joint work with Daniel Wichs.

Abstract: Quantum systems exhibit an intrinsic randomness that can be exploited in order to significantly boost computational performance, increase security of communications and in general achieve tasks that are believed to be impossible with purely classical means. The use of quantum technologies in future telecommunication networks also raises important questions on the security of the currently deployed protocols since quantum adversaries will be able to use quantum effects to break widely-deployed cryptosystems (e.g. RSA). In this talk I will give an introduction on the essential components for secure quantum communication and computing, and I will present important research questions and recent progress in the field.

Abstract: Bitcoin's innovative and distributedly maintained blockchain data structure hinges on the adequate degree of difficulty of so-called "proofs of work," which miners have to produce in order for transactions to be inserted. Importantly, these proofs of work have to be hard enough so that miners have an opportunity to unify their views in the presence of an adversary who interferes but has bounded computational power, but easy enough to be solvable regularly and enable the miners to make progress. As such, as the miners' population evolves over time, so should the difficulty of these proofs. Bitcoin provides this adjustment mechanism, with empirical evidence of a constant block generation rate against such population changes. In this paper we provide the first formal analysis of Bitcoin's target (re)calculation function in the cryptographic setting, i.e., against all possible adversaries aiming to subvert the protocol's properties. We provide a set of necessary conditions with respect to the way the population evolves under which the "Bitcoin backbone with chains of variable difficulty" provides a robust transaction ledger in the presence of an actively malicious adversary controlling a fraction of the miners strictly below 50% at each instant of the execution.

Abstract: In this talk, we introduce a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under the assumption of untappable channels. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds. The validity of the signatures can only be verifiable by a designated signature verifier. This primitive is utilized in the proposed voting scheme to blindly mark votes under coercion in an auditable manner.

Joint work with Aris Pagourtzis, Alexandros Zacharakis and Bingsheng Zhang