Periodic Reporting for period 4 - TOCNeT (Teaching Old Crypto New Tricks)
Período documentado: 2020-10-01 hasta 2021-03-31
The bulk of the research in modern cryptography goes into constructing new schemes for which stronger security guarantees can be proven. However, often it is not clear whether simple existing schemes already provide the required security, and it’s just that we don’t know how to prove it. As these new schemes are usually less efficient, there are not being applied resulting in a large discrepancy between what security the schemes applied in practice are supposed to provide, and what is actually proven. This project aims at closing this gap in different contexts: We will revisit simple schemes (including widely deployed ones) using new tools, developed by us and others in the last years, towards proving much stronger security properties than what is currently known.
The schemes developed and proven secure in this project will allow for more efficient and/or more secure solution to various challenges of information security.
The schemes developed and proven secure in this project will allow for more efficient and/or more secure solution to various challenges of information security.
We made progress on several of the work packages, but we also started some new projects which fall into the general theme of the project which were not foreseen in the original proposal. Let us first mention the main results for each of the three work packages.
WP1 (adaptive security). At CRYPTO’17 we published “Be Adaptive, Avoid Overcommitting” which provides a general methodology to prove adaptive security of schemes. This methodology unifies and simplifies several previous results, and has also been useful in proving new results by us and others. This includes the first adaptive security proof (at S&P’21) for group messaging schemes (concretely, for TreeKEM, which is the the proposal of an IETF working group) and for proxy re-encryption schemes(at PKC’19). The framework also allowed us to address the problem “from the other side” by proving lower bounds, the first on garbled circuits (at CRYPTO’21).
WP2 (symmetric cryptography). In “The Exact Security of PMAC” (at FSE’17, invited to the Journal of Cryptology) we determine the exact security of PMAC, which is a popular message authentication code. The exact security of PMAC is of great interest as many of the candidates of the CEASAR competition, which chose standards for authenticated encryption, are based on the design principles of PMAC. We worked on the security of contact tracing apps used to help with the COVID19 pandemic, providing solutions to address the insecurity of the deployed proposals against various attacks (they appeared at RSA’21 and Indocrypt’21, but were “too late” for being included in deployed apps, at least for this pandemic). Our research agenda on memory-hard functions (MHF) — which are deployed in various blockchain projects and password hashing — won the Eurocrypt’17 best paper award for proving (tight) security of the first MHF (SCRYPT). We also won the best paper in the following year at Eurocrypt’18 for constructing the first practical “proof of sequential work”.
WP3 (pseudoentropy). After making progress on proving many positive results on various computational entropy notions during my previous ERC grant, we now started investigating from the other direction. That is, proving lower bounds to understand how far we can possibly push this line of research. The two main publications in this direction were “Non-Uniform Attacks Against Pseudoentropy” at ICALP’17 and “Pseudoentropy: Lower-Bounds for Chain Rules and Transformations” at TCC’17. Another notable result in computational complexity (though not exactly pseudoentropy) is the firs proof (at STOC’19) that finding NASH equilibria is hard under “generally believed” assumptions.
WP1 (adaptive security). At CRYPTO’17 we published “Be Adaptive, Avoid Overcommitting” which provides a general methodology to prove adaptive security of schemes. This methodology unifies and simplifies several previous results, and has also been useful in proving new results by us and others. This includes the first adaptive security proof (at S&P’21) for group messaging schemes (concretely, for TreeKEM, which is the the proposal of an IETF working group) and for proxy re-encryption schemes(at PKC’19). The framework also allowed us to address the problem “from the other side” by proving lower bounds, the first on garbled circuits (at CRYPTO’21).
WP2 (symmetric cryptography). In “The Exact Security of PMAC” (at FSE’17, invited to the Journal of Cryptology) we determine the exact security of PMAC, which is a popular message authentication code. The exact security of PMAC is of great interest as many of the candidates of the CEASAR competition, which chose standards for authenticated encryption, are based on the design principles of PMAC. We worked on the security of contact tracing apps used to help with the COVID19 pandemic, providing solutions to address the insecurity of the deployed proposals against various attacks (they appeared at RSA’21 and Indocrypt’21, but were “too late” for being included in deployed apps, at least for this pandemic). Our research agenda on memory-hard functions (MHF) — which are deployed in various blockchain projects and password hashing — won the Eurocrypt’17 best paper award for proving (tight) security of the first MHF (SCRYPT). We also won the best paper in the following year at Eurocrypt’18 for constructing the first practical “proof of sequential work”.
WP3 (pseudoentropy). After making progress on proving many positive results on various computational entropy notions during my previous ERC grant, we now started investigating from the other direction. That is, proving lower bounds to understand how far we can possibly push this line of research. The two main publications in this direction were “Non-Uniform Attacks Against Pseudoentropy” at ICALP’17 and “Pseudoentropy: Lower-Bounds for Chain Rules and Transformations” at TCC’17. Another notable result in computational complexity (though not exactly pseudoentropy) is the firs proof (at STOC’19) that finding NASH equilibria is hard under “generally believed” assumptions.
Some topics we worked on which fall into the aim of the project but were not already suggested as work packages in the proposal include “memory hard functions” (MHF), “proofs of space” (PoS), “proofs of sequential work (PoSW)” and “verifiable delay functions (VDF)”.
We published several papers on MHFs, and our proof that scrypt is memory hard won the best paper award at Eurocrypt’17.
Our work on PoS, PoSW and VDFs was motivated by constructing more sustainable blockchains. The PI is involved with the Chia network that just launched and which is based on this research, our constructions are also already deployed in various other major projects in the blockchain space.
We published several papers on MHFs, and our proof that scrypt is memory hard won the best paper award at Eurocrypt’17.
Our work on PoS, PoSW and VDFs was motivated by constructing more sustainable blockchains. The PI is involved with the Chia network that just launched and which is based on this research, our constructions are also already deployed in various other major projects in the blockchain space.