The list of speakers for the second London Crypto Day includes
– Kenny Paterson (Royal Holloway, University of London) (slides here)
Reconstruction Attacks on Encrypted Data Using Range Query Leakage
In this talk, I’ll present recent joint work with Marie-Sarah Lacharite and Brice Minaud (eprint 2017/701). We analyse the security of database encryption schemes supporting range queries. The bulk of our work applies to a generic setting, where the view of the adversary is limited to the set of records or documents matched by each query (known as access pattern leakage). We also consider a more specific setting where certain rank information is also leaked. The latter is inherent to multiple encryption schemes supporting range queries. We provide three attacks: 1. a full reconstruction attack requiring an expected number of queries NlogN+O(N), where N is the number of distinct plaintext values; 2. an approximate reconstruction attack able to recover all plaintext values within a constant ratio of error (such as a 1% error), requiring only the access pattern leakage of O(N) queries; and 3. An accelerated attack which exploits rank leakage and adversarial access to an auxiliary distribution for the targeted values. In combination, our attacks suggest that the practical impact of the leakage suffered by all schemes supporting range queries is more severe than previously thought, particularly so for schemes which also leak rank. Our attacks cast doubt on the practical viability of current approaches to enabling range queries when the threat model goes beyond snapshot attacks to include a persistent server-side adversary.
– Elisabeth Oswald (University of Bristol) (slides here)
Catch me if you can: locating (and fixing) side channel leaks for dummies
Side channel leakage is no longer just a concern for industries that traditionally have a high degree of awareness and expertise in (implementing) cryptography. With the rapid growth of security sensitive applications in other areas, e.g. smart phones, homes, etc. there is a clear need for developers with little to no crypto expertise to implement and instantiate cryptography securely on embedded devices. In this talk I explain what makes finding side channel leaks challenging (in theory and in practice) and give an update on our latest work to develop methods and tools to enable non-domain experts to ‘get a grip’ on leakage in their implementations.
– Hoeteck Wee (Ecole Normale Superieure, Paris)
Attribute-Based Encryption and Information-Theoretic Crypto
Can we encrypt data while enabling fine-grained access control, as is necessary to protect big, complex data? In this talk, we will survey how addressing this question led to new connections and results in information-theoretic cryptography.
– Cas Cremers (University of Oxford)
Formal analysis of security protocols: Towards higher assurance
During the last decade there has been a vast increase in the ability to use mathematical models (including computational and symbolic) to formally analyse security protocols, or ideally prove them secure in some sense. In this talk I will briefly sketch some of the advances in the field by using two case studies: the Signal protocol and the upcoming TLS 1.3 protocol. In a surprising twist (well, at least for those who didn’t read this abstract) I will focus on the many things we *did not* prove, in what sense the current analyses are useful, and how we might advance the field further.
– Mark Ryan (University of Birmingham) (slides here)
Binding keys to programs using Intel SGX remote attestation
Intel SGX is a technology which allows one to securely associate crypto keys with a binary program, so that a relying party can be sure that only that binary program can access and use the given keys. In the talk, I’ll describe how this works from the programmer’s point of view, and give an example which I call “accountable decryption”. In accountable decryption, a user can see all the instances of decryption that have taken place by inspecting a blockchain set up for that purpose.
– Sarah Meiklejohn (University College London) (slides here)
Anonymity in Cryptocurrencies
A long line of recent research has demonstrated that existing cryptocurrencies often do not achieve the level of anonymity that users might expect they do, while at the same time another line of research has worked to increase the level of anonymity by adding new features to existing cryptocurrencies or creating entirely new cryptocurrencies. This talk will explore both of these lines of research, demonstrating both de-anonymization attacks and techniques for anonymity that achieve provably secure guarantees.