NYU Cryptography Group at Courant Institute • Students: • Faculty: – Yevgeniy Dodis dodis@cs.nyu.edu – Victor Shoup shoup@cs.nyu.edu – Nelly Fazio – Michael Freedman – Anca Ivan – Antonio Nicolosi – Roberto Oliveira – Shabsi Walfish Cryptography Reading Group • Meet every week – This semester Friday, 1pm, room 101 • Drop by! – Contact me to be put on the mailing list http://www.scs.cs.nyu.edu/crypto Our Main Goals • Improving the security and/or efficiency of cryptographic applications • Designing new, provably secure cryptographic primitives • Formalization and rigorous analysis of common cryptographic practices • Protecting against key exposure • Secure distributed/multiparty computation Our Style: Provable Security • Formal definition for the cryptographic task at hand • A concrete scheme which provably satisfies the above definition, assuming some commonly believed and well studied mathematical problem is “hard” • Ensures that the only way to break the cryptographic scheme is to break a well studied mathematical problem, which is very unlikely (e.g., factoring) • Gives much higher guarantee/assurance than commonly utilized “heuristic” approaches Crypto Skills • Creativity: open mind, love for puzzles • Formalism (proofs!) and elementary math (number theory, probability) • Ability to ask interesting questions • Ability to think as a devil… Some of Our Projects • • • • Signature and Encryption Schemes Authenticated Encryption Resilience to Key Exposure Distributed and Multi-party Cryptography – Two-party computation • • • • • Digital Right Management Cryptography with Imperfect Randomness Ideal Hash Function Methodology Fault-tolerant Authentication Privacy and Anonymity … Some projects I have been involved in @ NYU… Warnings: • Not meant to… – give formal introduction to cryptography – be crystal clear if you see it for the first time • Instead… – give vague summary of the “kind” of things I like – emphasize joint works with students and faculty • Talk to me if interested in details! Partial Key Exposure • "Exposure-Resilient Functions and All-OrNothing Transforms" , Eurocrypt, 2000. • "On Perfect and Adaptive Security in Exposure-Resilient Cryptography", Eurocrypt, 2001. • "Exposure-Resilience for Free: the Case of Hierarchical ID-based Encryption", IEEE International Security In Storage Workshop (SISW), 2002. Key Evolving Schemes Designed new model of key-insulated security, led to intrusion-resilient security • "Key-Insulated Public Key Cryptosystems", Eurocrypt, 2002. • "Strong Key-Insulated Signature Schemes", Workshop on Public Key Cryptography (PKC), 2003. • "Intrusion-Resilient Public-Key Encryption", RSA Conference, Cryptography Track (CTRSA), 2003. Two-Party Schemes • Max Krohn, David Mazieres and Antonio Nicolosi, "Proactive Two-Party Signatures for User Authentication", Network and Distributed System Security Symposium (NDSS), 2003. • Anca Ivan, "Proxy Cryptography Revisited", Network and Distributed System Security Symposium (NDSS), 2003. • "Generic Two-party CCA-secure Encryption Scheme and its Applications", manuscript Authenticated Encryption • "On the Security of Joint Signature and Encryption", Eurocrypt, 2002. • "Concealment and Its Applications to Authenticated Encryption", Eurocrypt, 2003. • Michael Freedman and Shabsi Walfish, "Parallel Signcryption with OAEP, PSS-R and other Feistel Paddings", submitted to Crypto 2003. • Michael Freedman and Shabsi Walfish, "Universal Padding Schemes", manuscript. • "Parallel Authenticated Encryption", manuscript. Digital Right Management • Nelly Fazio, "Public Key Broadcast Encryption for Stateless Receivers", ACM Workshop on Digital Rights Management, 2002. • Nelly Fazio, "Public Key Broadcast Encryption Secure Against Adaptive Chosen Ciphertext Attack", Workshop on Public Key Cryptography (PKC), 2003. • Nelly Fazio, "Fully Scalable Public-Key Traitor Tracing", submitted, 2003. • Nelly Fazio, "Forward-Secure Broadcast Encryption", manuscript. Imperfect Randomness • "New Imperfect Random Source with Applications to Coin-Flipping", International Colloquium on Automata, Languages and Programming (ICALP), 2001. • Joel Spencer, "On the (non-)Universality of the One-Time Pad", Foundations of Computer Science (FOCS), 2002. • Roberto Oliveira, "On Extracting Private Randomness over a Public Channel", manuscript. Distributed Cryptography • "Parallel Reducibility for InformationTheoretically Secure Computation", Crypto, 2000. • "Efficient Construction of (Distributed) Verifiable Random Functions", Workshop on Public Key Cryptography (PKC), 2003 • “Distributed Block Ciphers", manuscript Cryptography: Other… • "Lower Bounds for Oblivious Transfer Reductions", Eurocrypt, 1999. • "A Cryptographic Solution to a Game Theoretic Problem", Crypto, 2000. • "On the Power of Claw-Free Permutations", Conference on Security in Communication Networks (SCN), 2002 Algorithmic Game Theory Can moderate taxes force selfish users minimize global traffic and congestion? • Richard Cole, "Pricing Network Edges for Heterogeneous Selfish Users", Symposium on Theory of Computing (STOC), 2003. • Richard Cole, "The Cost of Taxes for Selfish Routing", ACM Conference on Electronic Commerce (EC), 2003. My Other Interests • Algorithms: randomized and approx. algorithms, network design… • Coding Theory: relates to crypto too • Complexity Theory: derandomization… • Combinatorics and Graph Theory • Anything else that has proofs and requires problem solving… Recap of some recent group activities Signature & Encryption • First provably secure and yet efficient signature and encryption schemes [CS98, CS99, CS02] – lead to new standards for PKI • Efficient schemes utilizing ideal hash functions [Sho00, Sho01, DR02, DFW03, DFJW03] • Signature / encryption schemes with extended functionalities [CS03, DF03, NKDM03] Authenticated Encryption • First formal modeling of public-key authenticated encryption (signcryption) [ADR02] • Parallel authenticated encryption [ADR02, DFW03, DFJW03, Dod03a] • Designing authenticated encryption for long messages [DA03] Key Exposure Protection • Exposure-resilient functions and Allor-nothing transforms [CDH00, DSS01] • Key-insulated signature and encryption scheme [DKXY02, DKXY03] • Intrusion-Resilient Encryption [DKY03] • Remotely-Keyed Encryption [DA03] • Server-Aided/Proxy/Proactive Cryptography [NKDN03, ID03, DY02] Distributed Computation • Byzantine Agreement [CKS00, CKPS01, KS01] • Threshold Cryptosystems [SG98,Sho00] • Distributed verifiable random functions and block ciphers [Dod03b, DY03] • Joint generation of special RSA keys [ACS02] • Two-party computation [NKDN03, ID03] • Concurrent protocols composition [DM00] Some Other Projects • Digital right management [DF02, DF03, DFKY03] • Ideal Hash Function Methodology [Dod03b, DS03] • Basing Cryptography on Imperfect Randomness [DS02, DO03] • Cryptography and Game Theory [DHR00] •…