Our Main Goals - NYU Computer Science Department

advertisement
NYU Cryptography Group
at Courant Institute
• Students:
• Faculty:
– Yevgeniy Dodis
dodis@cs.nyu.edu
– Victor Shoup
shoup@cs.nyu.edu
– Nelly Fazio
– Michael Freedman
– Anca Ivan
– Antonio Nicolosi
– Roberto Oliveira
– Shabsi Walfish
Cryptography Reading Group
• Meet every week
– This semester Friday, 1pm, room 101
• Drop by!
– Contact me to be put on the mailing list
http://www.scs.cs.nyu.edu/crypto
Our Main Goals
• Improving the security and/or efficiency
of cryptographic applications
• Designing new, provably secure
cryptographic primitives
• Formalization and rigorous analysis of
common cryptographic practices
• Protecting against key exposure
• Secure distributed/multiparty computation
Our Style: Provable Security
• Formal definition for the cryptographic task
at hand
• A concrete scheme which provably satisfies
the above definition, assuming some commonly
believed and well studied mathematical
problem is “hard”
• Ensures that the only way to break the
cryptographic scheme is to break a well
studied mathematical problem, which is very
unlikely (e.g., factoring)
• Gives much higher guarantee/assurance than
commonly utilized “heuristic” approaches
Crypto Skills
• Creativity: open mind, love for puzzles
• Formalism (proofs!) and elementary
math (number theory, probability)
• Ability to ask interesting questions
• Ability to think as a devil…
Some of Our Projects
•
•
•
•
Signature and Encryption Schemes
Authenticated Encryption
Resilience to Key Exposure
Distributed and Multi-party Cryptography
– Two-party computation
•
•
•
•
•
Digital Right Management
Cryptography with Imperfect Randomness
Ideal Hash Function Methodology
Fault-tolerant Authentication
Privacy and Anonymity …
Some projects I have
been involved in @ NYU…
Warnings:
• Not meant to…
– give formal introduction to cryptography
– be crystal clear if you see it for the first time
• Instead…
– give vague summary of the “kind” of things I like
– emphasize joint works with students and faculty
• Talk to me if interested in details!
Partial Key Exposure
• "Exposure-Resilient Functions and All-OrNothing Transforms" , Eurocrypt, 2000.
• "On Perfect and Adaptive Security in
Exposure-Resilient Cryptography", Eurocrypt,
2001.
• "Exposure-Resilience for Free: the Case of
Hierarchical ID-based Encryption", IEEE
International Security In Storage Workshop
(SISW), 2002.
Key Evolving Schemes

Designed new model of key-insulated
security, led to intrusion-resilient security
• "Key-Insulated Public Key Cryptosystems",
Eurocrypt, 2002.
• "Strong Key-Insulated Signature Schemes",
Workshop on Public Key Cryptography (PKC),
2003.
• "Intrusion-Resilient Public-Key Encryption",
RSA Conference, Cryptography Track (CTRSA), 2003.
Two-Party Schemes
• Max Krohn, David Mazieres and Antonio
Nicolosi, "Proactive Two-Party Signatures for
User Authentication", Network and Distributed
System Security Symposium (NDSS), 2003.
• Anca Ivan, "Proxy Cryptography Revisited",
Network and Distributed System Security
Symposium (NDSS), 2003.
• "Generic Two-party CCA-secure Encryption
Scheme and its Applications", manuscript
Authenticated Encryption
• "On the Security of Joint Signature and
Encryption", Eurocrypt, 2002.
• "Concealment and Its Applications to
Authenticated Encryption", Eurocrypt, 2003.
• Michael Freedman and Shabsi Walfish, "Parallel
Signcryption with OAEP, PSS-R and other
Feistel Paddings", submitted to Crypto 2003.
• Michael Freedman and Shabsi Walfish,
"Universal Padding Schemes", manuscript.
• "Parallel Authenticated Encryption", manuscript.
Digital Right Management
• Nelly Fazio, "Public Key Broadcast Encryption
for Stateless Receivers", ACM Workshop on
Digital Rights Management, 2002.
• Nelly Fazio, "Public Key Broadcast Encryption
Secure Against Adaptive Chosen Ciphertext
Attack", Workshop on Public Key Cryptography
(PKC), 2003.
• Nelly Fazio, "Fully Scalable Public-Key Traitor
Tracing", submitted, 2003.
• Nelly Fazio, "Forward-Secure Broadcast
Encryption", manuscript.
Imperfect Randomness
• "New Imperfect Random Source with
Applications to Coin-Flipping",
International Colloquium on Automata,
Languages and Programming (ICALP), 2001.
• Joel Spencer, "On the (non-)Universality
of the One-Time Pad", Foundations of
Computer Science (FOCS), 2002.
• Roberto Oliveira, "On Extracting Private
Randomness over a Public Channel",
manuscript.
Distributed Cryptography
• "Parallel Reducibility for InformationTheoretically Secure Computation",
Crypto, 2000.
• "Efficient Construction of (Distributed)
Verifiable Random Functions", Workshop
on Public Key Cryptography (PKC), 2003
• “Distributed Block Ciphers", manuscript
Cryptography: Other…
• "Lower Bounds for Oblivious Transfer
Reductions", Eurocrypt, 1999.
• "A Cryptographic Solution to a Game
Theoretic Problem", Crypto, 2000.
• "On the Power of Claw-Free
Permutations", Conference on
Security in Communication Networks
(SCN), 2002
Algorithmic Game Theory

Can moderate taxes force selfish users
minimize global traffic and congestion?
• Richard Cole, "Pricing Network Edges for
Heterogeneous Selfish Users",
Symposium on Theory of Computing
(STOC), 2003.
• Richard Cole, "The Cost of Taxes for
Selfish Routing", ACM Conference on
Electronic Commerce (EC), 2003.
My Other Interests
• Algorithms: randomized and approx.
algorithms, network design…
• Coding Theory: relates to crypto too
• Complexity Theory: derandomization…
• Combinatorics and Graph Theory
• Anything else that has proofs and
requires problem solving…
Recap of some recent
group activities
Signature & Encryption
• First provably secure and yet efficient
signature and encryption schemes
[CS98, CS99, CS02]
– lead to new standards for PKI
• Efficient schemes utilizing ideal hash
functions [Sho00, Sho01, DR02, DFW03,
DFJW03]
• Signature / encryption schemes with
extended functionalities [CS03, DF03,
NKDM03]
Authenticated Encryption
• First formal modeling of public-key
authenticated encryption (signcryption)
[ADR02]
• Parallel authenticated encryption
[ADR02, DFW03, DFJW03, Dod03a]
• Designing authenticated encryption for
long messages [DA03]
Key Exposure Protection
• Exposure-resilient functions and Allor-nothing transforms [CDH00, DSS01]
• Key-insulated signature and encryption
scheme [DKXY02, DKXY03]
• Intrusion-Resilient Encryption [DKY03]
• Remotely-Keyed Encryption [DA03]
• Server-Aided/Proxy/Proactive
Cryptography [NKDN03, ID03, DY02]
Distributed Computation
• Byzantine Agreement [CKS00, CKPS01,
KS01]
• Threshold Cryptosystems [SG98,Sho00]
• Distributed verifiable random functions
and block ciphers [Dod03b, DY03]
• Joint generation of special RSA keys
[ACS02]
• Two-party computation [NKDN03, ID03]
• Concurrent protocols composition [DM00]
Some Other Projects
• Digital right management [DF02,
DF03, DFKY03]
• Ideal Hash Function Methodology
[Dod03b, DS03]
• Basing Cryptography on Imperfect
Randomness [DS02, DO03]
• Cryptography and Game Theory
[DHR00]
•…
Download