London Crypto Day – 5th June 2017 – A day of cryptography talks in the London area

The list of speakers for the first London Crypto Day includes

– Martin Albrecht, Royal Holloway, University of London

Primal and Dual Attacks on LWE-based Encryption Schemes

This talk will review lattice attacks on LWE-based constructions. Firstly, I will present variants of the dual-lattice attack (Eurocrypt 2017) in the presence of an unusually short (and sparse) secret. Such LWE instances are common in homomorphic encryption libraries such as IBM’s HELib or Microsoft’s SEAL and our techniques lead to revised parameter choices for these libraries. Secondly, I will revisit primal attacks which proceed by finding an unusually short vector in a lattice. Here, two different success conditions are formulated in the literature. One going back to Gama & Nguyen’s work on predicting lattice reduction (Eurocrypt 2008) and one recently sketched by Alkim et al. (USENIX 2016). I will present empirical evidence confirming the correctness of the latter estimate and explain the observed behaviour by expanding on Alkim et al.’s work.

– Liqun Chen, University of Surrey

Cryptography and Trust

The relationship between cryptography and trust has been discussed for several decades. From my point of view, there are still some aspects worthy of discussion today. In this talk, I will share some examples with the audience to demonstrate that without trust cryptography is useless, and discuss the different layers of trust necessary in a cryptographic system as it is designed and evaluated, implemented, adopted and used. A cryptographic system designed under certain trust assumptions will need to change if these trust assumptions are no longer valid. Of course, different people trust different things. Can the cryptographic community come up with suitable cryptographic solutions to meet different trust needs? How can we convince developers to adopt our designs and how can we help those who have different trust views from ours to benefit from cryptography? In the end, we must find a balance and be clear what we as the cryptographic community trust and who and what other people trust and we must respect the latter.

– Jens Groth, University College London

Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs

Signatures of knowledge enable a signer to sign a message using a statement as the public key if she owns a witness to the truth of the statement. They are used in many cryptographic schemes including cryptocurrencies, anonymous credentials, ring and group signatures, and direct anonymous attestation. We will present succinct and highly efficient pairing-based signatures of knowledge. To do this we use that signatures of knowledge and simulation-extractable non-interactive zero-knowledge argument (SE-NIZK argument) are closely linked. We describe a succinct SE-NIZK argument (SE-SNARK) that consists of only 3 group elements and has highly efficient verification. The SNARK is perfectly complete, perfectly zero-knowledge and computationally simulation-extractable. As a consequence, we get signatures of knowledge consisting of only 3 group elements.

– Aggelos Kiayias, University of Edinburgh

Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol

We present “Ouroboros,” the first blockchain protocol based on proof of stake with rigorous security guarantees. We establish security properties for the protocol comparable to those achieved by the bitcoin blockchain protocol. As the protocol provides a “proof of stake” blockchain discipline, it offers qualitative efficiency advantages over blockchains based on proof of physical resources (e.g., proof of work). We showcase the practicality of our protocol in real world settings by providing experimental results on transaction processing time obtained with a prototype implementation in the Amazon cloud. We also present a novel reward mechanism for incentivizing the protocol and we prove that given this mechanism, honest behavior is an approximate Nash equilibrium, thus neutralizing attacks such as selfish mining and block withholding. We also report on how it is possible to adapt the protocol to protect against adaptive and semi-synchronous adversaries.

– Markulf Kohlweiss, Microsoft Research Cambridge

A Cryptographically Verified Implementation of crypto_box

The crypto_box construction is a simple Diffie-Hellman based KEM-DEM construction introduced and implemented by Bernstein et al. in their crypto library NaCl. The construction was popularised by libsodium, a fork of NaCl, and is designed to be used modularly in a broad range of applications such as DNSCurve and Mega. The simplicity of crypto_box and its modular nature make it a great example to showcase code-based cryptographic verification techniques in F*, the program verification tool used by miTLS.

– Maura Paterson, Birkbeck, University of London

Reducing download complexity and storage requirements in PIR

Private Information Retrieval (PIR) involves a database consisting of several records and a user who wishes to learn one of the records without revealing which record they are seeking. Traditionally, much of the literature in the unconditionally secure setting considers the case of multiple non-colluding servers that each store a copy of the entire database, and seeks to construct schemes where the size of the users’ queries is as small as possible. Recently, however, there has been considerable interest in models focusing on slightly different aspects, such as the use of coded storage, rather than just replication, of the database in order to reduce the total storage overhead, and the consideration of smallest achievable sizes of the servers’ responses. In this talk we discuss recent developments in some of these areas.

1st London Crypto Day

List of speakers

Further details

Logo credit: Michele Villa