Krüptograafia Uurimisseminar 2018/19 kevad

List of supervisors and schedule

List of emails of supervisors

Presentation and key date schedule

List of projects

Supervised by Karim Baghery

• HAWK: A Privacy-Preserving Smart Contract System

Introduction: These days, along with blockchain technology, smart contracts have found intense interest in lots of practical applications. A smart contract is a mechanism involving digital assets and some parties, where the parties deposit assets into the contract and the contract redistributes the assets among the parties based on provisions of the smart contract and inputs of the parties.

Recently there have been valuable eorts to construct smart contract systems that can provide privacy- preserving payments and interconnections in the contracts. HAWK is one of decentralized smart contract systems that uses zk-SNARKs (zero-knowledge Succinct Non-interactive Arguments of Knowledge) to retain transactional privacy from the public's view. Similar to privacy-preserving coins (e.g. Zerocash), HAWK does not store financial transactions in the clear on the block-chain, instead the system stores short (succinct) zero-knowledge proofs on the ledger.

The protocol of HAWK constructed from two main blocks, where one block is responsible for private money transfers and uses a variation of Zerocash (Zerocash is a known and ecient cryptocurrency that allows anonymous transactions), while the second part handles the required operations for a smart contract specified with HAWK.

The student's task is to read, understand and present the article "HAWK: The Blockchain Model of Cryp- tography and Privacy-Preserving Smart Contracts" available in https://eprint.iacr.org/2015/675.pdf.

MSc or PhD level

• Private Proof-of-Stake Protocols

Introduction: Bitcoin is the first well-known cryptocurrency where all transactions are linked together by public ledger. The key component in Bitcoin protocol (and many of the follow-up protocols) is the proof-of-work(PoW) puzzle solving. A miner can issue a new block only if it has solved a computationally dificult PoW challenge. The miner who finds the solution first, can issue the next block and she is rewarded in some coins. PoW protocols suffer from enormous energy consumption.

Proof-of-stake (PoS) protocols are one of the most promising alternative to the wasteful PoW protocols for consensus in distributed ledgers. In PoS protocols, individual parties have certain amount of stakes on the ledger (e.g. coins) and for deciding who will issue the next block, there is a randomized (but stake-based) leader election process. More stake a party has, more likely she will be elected as a leader for next block. During the leader election procedure, both the identity and the stake of stakeholders are disclosed which is incompatible with privacy-preserving cryptocurrencies such as Zerocash, Monero, etc.

Recently, Ganesh et al. proposed to add zero-knowledge proofs to the PoS protocols to guarantee the privacy of stakeholders; known as Private PoS (PPoS) protocols. They also presented a privacy-preserving version of a popular PoS protocol, Ouroboros Praos.

The student's task is to read, understand and present the paper "Proof-of-Stake Protocols for Privacy-Aware Blockchains" which is going to be presented in Eurocrypt 2019, https://eprint.iacr.org/2018/1105.

MSc or PhD level

Assigned to Hiie Vill

Summary of Karim's projects
Slides

Supervised by Dan Bogdanov (Cybernetica)

• A survey of side channel attacks against Intel’s Software Guard eXtensions (SGX) enclaves

Trusted Execution Environments are features of modern processors that allow the processing of confidential information with hardware-level protection. Think of it like a box with somebody working inside. You can give the materials to work on through a hole and you will receive results through another hole. But you will not see what’s going on inside the box. Side-channel attacks are like listening next to the box with very good microphones and sensors, trying to understand what’s going on inside. You can also give work to the box in clever ways to see how long it takes to do it and use that to guess what is actually going on in the box.

SGX (https://software.intel.com/en-us/sgx) is an instruction set in Intel processors for creating Trusted Execution Environments. It has had its share of attacks in the last year, e.g., Foreshadow (https://foreshadowattack.eu). Your job as a student will be to 1) understand what SGX does, how it works. You’ll read the attack papers (some will be provided, you can find more) and write a survey describing the severity of the attack, complexity of launching it and mitigations. You will be supported by Cybernetica’s R&D personnel and we expect you to write a document that can be shared publicly. Thus, writing great English is a key skill. Understanding the principles of public key encryption is important as well. The rest can be learned quickly.

BSc or MSc level, MSc preferred

Supervised by Vitaly Skachek

• Detection of Bots in the Social Media

Bot is a software that automaically imitates legitimate users in social networks and other online platforms. In the recent years bots were massively used by private entities, political groups and governments in order to influence public opinion in the desired direction. Bots possess certain properties that often allow to distinguish them from the human users.

In this project, the student will study the distinguishing properties of the automatic bots, and develop a software that will identify possible bots in social networks.

[1] Digital Forensic Research Lab, "#BotSpot: Twelve Ways to Spot a Bot", https://medium.com/dfrlab/botspot-twelve-ways-to-spot-a-bot-aedc7d9c110c

[2] Arzum Karataş, Serap Şahin, "A Review on Social Bot Detection Techniques and Research Directions"

BSc or MSc level

• Security of authentication protocols in 5G

For the next-generation of mobile communications (5G), the 3GPP workgroup has standardized the 5G AKA protocol. In this project, the student will study a protocol 5G AKA, and will discuss its strengthes and weaknesses in her/his report.

[1] D. Basin, J. Dreier, L. Hirschi, S. Radomirović, R. Sasse, and V. Stettler, "A Formal Analysis of 5G Authentication," https://arxiv.org/abs/1806.10360

[2] M. Dehnel-Wild and C. Cremers, "Security vulnerability in 5G-AKA draft," https://www.cs.ox.ac.uk/5G-analysis/5G-AKA-draft-vulnerability.pdf

BSc or MSc level

Assigned to Aivo Toots

• Hiding information in noise

Widely-deployed encryption-based security prevents unauthorized decoding, but does not ensure undetectability of communication. However, covert, or low probability of detection/intercept (LPD/LPI) communication is crucial in many scenarios ranging from covert military operations and the organization of social unrest, to privacy protection for users of wireless networks. In addition, encrypted data or even just the transmission of a signal can arouse suspicion, and even the most theoretically robust encryption can often be defeated by a determined adversary using non-computational methods such as sidechannel analysis. Various covert communication techniques were developed to address these concerns, including steganography for finite-alphabet noiseless applications and spread-spectrum systems for wireless communications. In this project, the student will review approach based on covert communication systems.

[1] Boulat A. Bash, Dennis Goeckel, Saikat Guha, and Don Towsley, "Hiding Information in Noise: Fundamental Limits of Covert Wireless Communication", IEEE Communications Magazine, preprint available at https://arxiv.org/pdf/1506.00066.pdf .

Approximately MSc level

Assigned to Mart Simisker

• NIST quantum competition - second round

A number of proposals have passed into the second round of the NIST competition for post-quantum secure cryptosystems. This competition aims at selecting future standards for cryptosystems that are resistable to quantum attacks. The list of proposals that take part in the second round appear here: https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions . The full submission documents are available on the webpage of the first round: https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions .

In this project, the student will pick one of the proposals that passed into the second round, and will present the main ideas of the proposed system in the seminar. Specifically, we are interested in proposals BIKE, HQC, LEDAcrypt, NewHope, NTRUPrime, RQC and SIKE, but a student can also choose another proposal.

This project can be taken by several students, each student will be reviewing a different crypto system.

MSc or PhD level

Assigned to Kristiina Konno

• How to Run Turing Machines on Encrypted Data

Cryptographic schemes for computing on encrypted data have a lot of potential for use in cryptography. As of today, almost all known schemes for fully homomorphic encryption, functional encryption, and garbling schemes work by modeling algorithms as circuits rather than as Turing machines. By contrast, the authors of [1] construct cryptographic schemes for computing Turing machines on encrypted data.

[1] Shafi Goldwasser, Yael Tauman Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich, "How to Run Turing Machines on Encrypted Data", CRYPTO'13, https://eprint.iacr.org/2013/229.pdf .

Assigned to Andrei Perapiolkin

Supervised by Ahto Truu (Guardtime)

• Attribute-based credentials allow a person to present different subsets of his/her attributes to different parties for verification. For example, only the age is needed for entering a nightclub, and just the student status might be sufficient for getting a discount at university café. There are techniques which provide advanced features such as unlinkability: when a prover presents different attributes, the verifier will not learn whether they come from the same set. One of such schemes is IRMA: https://summerschool-croatia.cs.ru.nl/2015/IRMA.pdf. The task is to review IRMA and compare it to other major schemes, such as IBM’s Idemix and Microsoft’s U-Prove.

Suitable for MSc and BSc students

• Cohort identification is commonly used in clinical datasets. It involves querying the patient database to identify potential recruits for a clinical trial. However, providing unrestricted access to count queries on a database can reveal personal information. To protect patient privacy, some institutions only allow researchers to receive approximate counts and access is mediated by systems such as the I2B2 framework (https://www.i2b2.org/) or the Stanford University Medical School STRIDE (https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2815452/) environment. In particular, I2B2 and STRIDE add Gaussian noise to the true count and then round to the nearest multiple of one and five, respectively. These systems aim to provide privacy through the process by which they answer queries. However, when they were developed, there were no metrics to quantify protection from re-identification, and it seems there are no quantitative analyses of how they affect privacy loss over time. The task is to identify suitable metrics and estimate the quality of protection provided by these Gaussian noise based systems.

Mostly suitable for PhD and advanced MSc students

Slides

Supervised by Dominique Unruh

• Verification of crypto with EasyCrypt

Cryptographic proofs are typically very error prone. Humans make mistakes that are hard to notice. To avoid this, machine-verified proofs can be used. EasyCrypt is a popular tool for formulating such proofs. The task of the seminar is to give an introduction to EasyCrypt (with own examples) to the class, and to create a report explaining EasyCrypt.

Required background: Crypto I or comparable

• Relativistic commitments

Relativistic commitments are protocols where a commitment scheme is implemented that is secure based on the assumption that the speed of light is bounded (i.e., to break it, you would have to communicate faster than light). Those can be made information-theoretically secure (i.e., no computationally unlimited or quantum attacker can break them).

The task of this topic is to give a short overview of the existing results, and to study and describe one of them in more detail.

Required background: Crypto I or comparable, Quantum Crypto if a quantum secure variant is studied