CRYPTOGRAPHY - École Normale Supérieurenitulesc/files/slides/ESOF.pdf · 9. . . Password...
Transcript of CRYPTOGRAPHY - École Normale Supérieurenitulesc/files/slides/ESOF.pdf · 9. . . Password...
CRYPTOGRAPHY
Enc Dec
Privacy
pk sk
Authenticity
Sign proof
Integrity
f(x)
Store Data in the Cloud
3
Server
data
data
Cloud Computing
4
Server
data
data
Untrusted Cloud Provider
5
Server
data
data
Security Properties
6
Server
data
data
Computation Integrity
Confidentiality
Confidentiality
7
data
Confidentiality
data
Server
data✘ User creates an encryption key
✘ Encrypts her data using this key
✘ Stores her encrypted data in the Cloud
8
Where to Store the Key?
? Key Management
Protect the secret key
✘ Users can remember just low entropy passwords (and not too many)
✘ User has to store her secret key on some device
✘ The storage device can also get corrupted
9
. . .
Password Protected Secret Sharing
✘ stores the secret into N servers using a password
✘ retrieves her secret even under corruptions
10
. . .
✘ Only needs to remember username & password
✘ Needs at least t+1 honest servers to retrieve key
Retrieve the Stored Secret Key
11
. . .
✘ If at most t servers are corrupted, they do not learn anything about the secret
✘ Retrieval with all bad servers does not leak password
Secure Recovery even under Corruptions
12
. . .
Password Protected Secret Sharing
[ACNP16]: Robust Password-Protected Secret Sharing joint work with M. Abdalla, M. Cornejo, D. Pointcheval
Delegated Computation
13
? ? ?
Task
Server
data
Algorithm f(x)
User requires data processing(eg: a personalised diet)
14
Server
f(x)=y
data
Answer y’
Trust the server or ask for a proof
Delegated Computation
15
Server
Integrity- verify computation result
- proof π that shows knowledge of the process
- Server should know all the computation steps
π
data
Verify the Solution: SNARK
16
Server
Integrity- verify computation result
- proof π that shows knowledge of the process
- Server should know all the computation steps
π
data
Verify the Solution: SNARK
Existing Solutions:
[BCC+14] The hunting of the SNARK. N. Bitansky, R. Canetti, A. Chiesa, S. Goldwasser, H. Lin, A. Rubinstein, E. Tromer.
[GGPR13] Quadratic span programs and succinct NIZKs without PCPs. R. Gennaro, C. Gentry, B. Parno, M. Raykova
17
Server
Integrity
what if Server receives part of
the knowledge from outside?
π
data
OSNARK: Prove with Black-box Access
18
Server
Integrity
what if Server receives part of
the knowledge from outside?
π
data
OSNARK: Prove with Black-box Access
[FN16] On the (In)security of SNARKs in the Presence of OraclesDario Fiore, Anca Nitulescu.
Quantum Adversaries
19
Server
Post-Quantum Integrity
Proofs resistant to quantum attacks
π
data
Quantum Adversaries
20
Server
Post-Quantum Integrity
Proofs resistant to quantum attacks
π
data
[GMNO18] Lattice-Based zk-SNARKs from Square Span ProgramsJoint work with Rosario Gennaro, Michele Minelli, Michele Orrù
Verifiable Computation with Privacy of Inputs
21
Confidentiality
data
Server
Verifiable Computation on Encrypted Data
22
Server
Apply FHE Eval
Computation Integrity
π
Verifiable Computation on Encrypted Data
23
Server
Apply FHE Eval
Computation Integrity
π
Verifiable Computation on Encrypted Data
24
Server
Apply FHE Eval
Computation Integrity
π
Anonymous Submission: Dedicated SNARK: Better efficiency than applying existing solutions