A full day of cryptography talks in the Paris area.Home / About
The next Paris Area Crypto Day will take place on 27.06.2017 and 28.06.2017 (Tue/Wed) at ENS. The event will be co-located with the ECRYPT NET Workshop on Crypto for the Cloud & Implementation; the website is here.
|09:30 - 10:00||Coffee & Welcome|
|10:10 - 11:10||David Evans Secure multi-party computation: promises, protocols, and practicalities [slides]|
|11:15 - 12:00||Georg Fuchsbauer Subversion-resistant zero knowledge [slides]|
|12:00 - 14:00||Lunch (not provided)|
|14:00 - 15:00||Ingrid Verbauwhede Energy efficiency and security for cryptographic algorithm implementations|
|15:00 - 15:30||Coffee Break|
|15:30 - 16:30||Pascal Paillier Whitebox cryptomania [slides]|
|09:50 - 10:00||Coffee & Welcome|
|10:00 - 11:00||Kenneth Paterson Secure storage in the cloud using property preserving encryption [slides]|
|11:15 - 12:00||Raphael Bost Searchable encryption: from theory to implementation [slides]|
|12:00 - 14:00||Lunch (not provided)|
|14:00 - 15:00||Sergey Gorbunov IRON: functional encryption using Intel SGX [slides]|
|15:00 - 15:30||Coffee Break|
|15:30 - 16:00||Panel|
Secure multi-party computation: promises, protocols, and practicalities
David Evans (University of Virginia)
Secure multi-party computation (MPC) provides a way for two (or more) parties to compute a function that depends on inputs from both parties, while keeping their inputs private. A general solution to this problem have been known since Yao’s pioneering work on garbled circuits in the 1980s, but only recently has it become conceivable to use this approach in real systems. Over the past decade, the costs of executing MPC protocols have dropped by about 7 orders of magnitude, but real-world deployments remain rare, and mostly unsatisfying. In this talk, I’ll provide a brief introduction to MPC and summarize some of the work our group has done to make secure computation scalable, efficient, and accessible. I’ll describe some attempts to build interesting practical systems with MPC including an ongoing effort to develop a decentralized certificate authority that can produce signed certificates without ever exposing the private signing key. Finally, I’ll discuss the remaining impediments that are holding back MPC from being widely used in practice.
Subversion-resistant zero knowledge
Georg Fuchsbauer (INRIA and ENS)
Motivated by the subversion of “trusted” public parameters in mass-surveillance activities, we study the security of non-interactive zero-knowledge (NIZK) proofs in the presence of a maliciously chosen common reference string. We first provide definitions for subversion-resistant soundness, witness indistinguishability and zero knowledge. We show that certain combinations of goals are unachievable but for all other combinations we give constructions that achieve them.
We then turn to zk-SNARKs (succinct non-interactive arguments of knowledge), which are computationally sound NIZK systems with short and efficiently verifiable proofs, used e.g. in cryptocurrencies such as Zcash. We show that under plausible hardness assumptions, many zk-SNARK schemes proposed in the literature can be made subversion-zero-knowledge at very little cost.
(joint work with Mihir Bellare and Alessandra Scafuro)
Energy efficiency and security for cryptographic algorithm implementations
Ingrid Verbauwhede (K.U. Leuven)
Energy and power efficiency is an extremely important optimization goal when implementing applications on any digital platform. This is important for light-weight InternetOfThings devices as well as high end servers and cloud computing. The first one requires a long battery life, the second one needs to reduce the cost of cooling (and the electricity bill).
The energy and power optimization also holds for the implementation of cryptographic algorithms. Our goal is to build devices that can perform the mathematically demanding cryptographic operations in an efficient way. At the same time, we request that the implementations are also secure against a wide range of physical attacks, including side-channel attacks. Unfortunately countermeasures to side-channel attacks impose an extra cost.
This presentation will focus on the implementation aspects of cryptographic operations and how to balance the computation requirements with the resource constraints. These concepts will be illustrated with the design of several cryptographic co-processors, secret key, public key and new generation of post-quantum secure algorithms.
Pascal Paillier (CryptoExperts)
In the utopic world of whitebox cryptomania, cryptographic programs can be freely executed, copied and shared without endangering their inner secret keys, as breaking them requires intractable computational efforts. Once again, constructive cryptography has prevailed over cryptanalysis thanks to reductionist proofs and tamper-resistant cryptographic software has suddenly become a reality. This talk explores the side effects of this parallel universe on cryptographic constructions - good and bad alike - and what they potentially mean for the security of the Cloud.
Secure storage in the cloud using property preserving encryption
Kenneth Paterson (Royal Holloway)
In this talk, we’ll take a look at how Property Preserving Encryption (PPE) schemes can be used to store data in encrypted form at cloud service providers while still allowing various forms of search queries to be carried out against the data. We’ll explain why some of the currently deployed schemes provide insufficient security in practice, and discuss methods by which security can be enhanced whilst preserving search capabilities.
Searchable encryption: from theory to implementation
Raphael Bost (DGA and Universite Rennes 1)
Searchable encryption is a very appealing concept to store data on an untrusted server, so as to keep search functionalities while ensuring privacy of both the queries and the data. Many different solutions emerged, differing on their security and on their efficiency, originating both from the industry and the academia. Actually, these past few years, searchable encryption has actually been a very hot topic, a lot of work on new constructions or new attacks has been done.
In this presentation, I will try to give an insight on the big challenges of searchable encryption, and explain why the compromise between security and performance is the core problem in this area. To do so, I will talk about lower bounds, recent attacks and constructions, and ongoing work, both theoretical and practical. This will give you a glimpse at the variety of techniques and tools that can be applied to searchable encryption, and at how wide this topic can be, ranging from theoretical computer science, to systems design. Finally, I will conclude by describing some exciting open problems on searchable encryption, again both theoretical and practical.
IRON: functional encryption using Intel SGX
Sergey Gorbunov (University of Waterloo)
Functional encryption (FE) is an extremely powerful cryptographic mechanism that lets an authorized entity compute on encrypted data, and learn the results in the clear. However, all current cryptographic instantiations for general FE are too impractical to be implemented. We build Iron, a practical and usable FE system using Intel’s recent Software Guard Extensions (SGX). We show that Iron can be applied to complex functionalities, and even for simple functions, outperforms the best known cryptographic schemes. We argue security by modeling FE in the context of hardware elements, and prove that Iron satisfies the security model.
Joint work with: Ben A Fisch, Dhinakaran Vinayagamurthy, Dan Boneh