Faculty: –Yevgeniy Dodis [email protected] –Victor Shoup [email protected] NYU Cryptography Group at Courant Institute Students: –Nelly Fazio –Michael Freedman.

• Faculty:– Yevgeniy Dodis

[email protected]– Victor Shoup

[email protected]

NYU Cryptography Group at Courant

Institute• Students:

– Nelly Fazio– Michael

Freedman– Anca Ivan– Antonio Nicolosi– Roberto Oliveira– Shabsi Walfish

• Meet every week– This semester Friday, 1pm, room 101

• Drop by!– Contact me to be put on the mailing list

http://www.scs.cs.nyu.edu/crypto

Cryptography Reading Group

Our Main Goals

• Improving the security and/or efficiency of cryptographic applications

• Designing new, provably secure cryptographic primitives

• Formalization and rigorous analysis of common cryptographic practices

• Protecting against key exposure

• Secure distributed/multiparty computation

Our Style: Provable Security

• Formal definition for the cryptographic task at hand

• A concrete scheme which provably satisfies the above definition, assuming some commonly believed and well studied mathematical problem is “hard”

• Ensures that the only way to break the cryptographic scheme is to break a well studied mathematical problem, which is very unlikely (e.g., factoring)

• Gives much higher guarantee/assurance than commonly utilized “heuristic” approaches

Crypto Skills

• Creativity: open mind, love for puzzles

• Formalism (proofs!) and elementary math (number theory, probability)

• Ability to ask interesting questions

• Ability to thinkas a devil…

Some of Our Projects• Signature and Encryption Schemes• Authenticated Encryption• Resilience to Key Exposure• Distributed and Multi-party Cryptography

– Two-party computation

• Digital Right Management• Cryptography with Imperfect Randomness• Ideal Hash Function Methodology• Fault-tolerant Authentication• Privacy and Anonymity …

Some projects I have been involved in @

NYU…Warnings:• Not meant to…

– give formal introduction to cryptography– be crystal clear if you see it for the first time

• Instead…– give vague summary of the “kind” of things I like– emphasize joint works with students and faculty

• Talk to me if interested in details!

• "Exposure-Resilient Functions and All-Or-Nothing Transforms" , Eurocrypt, 2000.

• "On Perfect and Adaptive Security in Exposure-Resilient Cryptography", Eurocrypt, 2001.

• "Exposure-Resilience for Free: the Case of Hierarchical ID-based Encryption", IEEE International Security In Storage Workshop (SISW), 2002.

Partial Key Exposure

Designed new model of key-insulated security, led to intrusion-resilient security

• "Key-Insulated Public Key Cryptosystems", Eurocrypt, 2002.

• "Strong Key-Insulated Signature Schemes", Workshop on Public Key Cryptography (PKC), 2003.

• "Intrusion-Resilient Public-Key Encryption", RSA Conference, Cryptography Track (CT-RSA), 2003.

Key Evolving Schemes

• Max Krohn, David Mazieres and Antonio Nicolosi, "Proactive Two-Party Signatures for User Authentication", Network and Distributed System Security Symposium (NDSS), 2003.

• Anca Ivan, "Proxy Cryptography Revisited", Network and Distributed System Security Symposium (NDSS), 2003.

• "Generic Two-party CCA-secure Encryption Scheme and its Applications", manuscript

Two-Party Schemes

• "On the Security of Joint Signature and Encryption", Eurocrypt, 2002.

• "Concealment and Its Applications to Authenticated Encryption", Eurocrypt, 2003.

• Michael Freedman and Shabsi Walfish, "Parallel Signcryption with OAEP, PSS-R and other Feistel Paddings", submitted to Crypto 2003.

• Michael Freedman and Shabsi Walfish, "Universal Padding Schemes", manuscript.

• "Parallel Authenticated Encryption", manuscript.

Authenticated Encryption

• Nelly Fazio, "Public Key Broadcast Encryption for Stateless Receivers", ACM Workshop on Digital Rights Management, 2002.

• Nelly Fazio, "Public Key Broadcast Encryption Secure Against Adaptive Chosen Ciphertext Attack", Workshop on Public Key Cryptography (PKC), 2003.

• Nelly Fazio, "Fully Scalable Public-Key Traitor Tracing", submitted, 2003.

• Nelly Fazio, "Forward-Secure Broadcast Encryption", manuscript.

Digital Right Management

• "New Imperfect Random Source with Applications to Coin-Flipping", International Colloquium on Automata, Languages and Programming (ICALP), 2001.

• Joel Spencer, "On the (non-)Universality of the One-Time Pad", Foundations of Computer Science (FOCS), 2002.

• Roberto Oliveira, "On Extracting Private Randomness over a Public Channel", manuscript.

Imperfect Randomness

• "Parallel Reducibility for Information-Theoretically Secure Computation", Crypto, 2000.

• "Efficient Construction of (Distributed) Verifiable Random Functions", Workshop on Public Key Cryptography (PKC), 2003

• “Distributed Block Ciphers", manuscript

Distributed Cryptography

• "Lower Bounds for Oblivious Transfer Reductions", Eurocrypt, 1999.

• "A Cryptographic Solution to a Game Theoretic Problem", Crypto, 2000.

• "On the Power of Claw-Free Permutations", Conference on Security in Communication Networks (SCN), 2002

Cryptography: Other…

Can moderate taxes force selfish users minimize global traffic and congestion?

• Richard Cole, "Pricing Network Edges for Heterogeneous Selfish Users", Symposium on Theory of Computing (STOC), 2003.

• Richard Cole, "The Cost of Taxes for Selfish Routing", ACM Conference on Electronic Commerce (EC), 2003.

Algorithmic Game Theory

My Other Interests

• Algorithms: randomized and approx. algorithms, network design…

• Coding Theory: relates to crypto too• Complexity Theory:

derandomization…• Combinatorics and Graph Theory• Anything else that has proofs and

requires problem solving…

Recap of some recent group activities

Signature & Encryption• First provably secure and yet efficient

signature and encryption schemes [CS98, CS99, CS02]– lead to new standards for PKI

• Efficient schemes utilizing ideal hash functions [Sho00, Sho01, DR02, DFW03, DFJW03]

• Signature / encryption schemes with extended functionalities [CS03, DF03, NKDM03]

Authenticated Encryption

• First formal modeling of public-key authenticated encryption (signcryption) [ADR02]

• Parallel authenticated encryption [ADR02, DFW03, DFJW03, Dod03a]

• Designing authenticated encryption for long messages [DA03]

Key Exposure Protection

• Exposure-resilient functions and All-or-nothing transforms [CDH00, DSS01]

• Key-insulated signature and encryption scheme [DKXY02, DKXY03]

• Intrusion-Resilient Encryption [DKY03]• Remotely-Keyed Encryption [DA03]• Server-Aided/Proxy/Proactive

Cryptography [NKDN03, ID03, DY02]

Distributed Computation

• Byzantine Agreement [CKS00, CKPS01, KS01]

• Threshold Cryptosystems [SG98,Sho00]• Distributed verifiable random functions

and block ciphers [Dod03b, DY03]• Joint generation of special RSA keys

[ACS02]• Two-party computation [NKDN03, ID03]• Concurrent protocols composition

[DM00]

Some Other Projects• Digital right management [DF02,

DF03, DFKY03]• Ideal Hash Function Methodology

[Dod03b, DS03]• Basing Cryptography on Imperfect

Randomness [DS02, DO03]• Cryptography and Game Theory

[DHR00]• …