22 research outputs found
Separating IND-CPA and Circular Security for Unbounded Length Key Cycles
A public key encryption scheme is said to be n-circular secure if no PPT adversary can distinguish between encryptions of an n length key cycle and n encryptions of zero.
One interesting question is whether circular security comes for free from IND-CPA security. Recent works have addressed this question, showing that for all integers n, there exists an IND-CPA scheme that is not n-circular secure. However, this leaves open the possibility that for every IND-CPA cryptosystem, there exists a cycle length l, dependent on the cryptosystem (and the security parameter) such that the scheme is l-circular secure. If this is true, then this would directly lead to many applications, in particular, it would give us a fully homomorphic encryption scheme via Gentry’s bootstrapping.
In this work, we show that is not true. Assuming indistinguishability obfuscation and leveled homomorphic encryption, we construct an IND-CPA scheme such that for all cycle lengths l, the scheme is not l-circular secure
Fairness and Efficiency in DAG-based Cryptocurrencies
Bitcoin is a decentralised digital currency that serves as an alternative to
existing transaction systems based on an external central authority for
security. Although Bitcoin has many desirable properties, one of its
fundamental shortcomings is its inability to process transactions at high
rates. To address this challenge, many subsequent protocols either modify the
rules of block acceptance (longest chain rule) and reward, or alter the
graphical structure of the public ledger from a tree to a directed acyclic
graph (DAG). Motivated by these approaches, we introduce a new general
framework that captures ledger growth for a large class of DAG-based
implementations. With this in hand, and by assuming honest miner behaviour, we
(experimentally) explore how different DAG-based protocols perform in terms of
fairness, i.e., if the block reward of a miner is proportional to their hash
power, as well as efficiency, i.e. what proportion of user transactions a
ledger deems valid after a certain length of time. Our results demonstrate
fundamental structural limits on how well DAG-based ledger protocols cope with
a high transaction load. More specifically, we show that even in a scenario
where every miner on the system is honest in terms of when they publish blocks,
what they point to, and what transactions each block contains, fairness and
efficiency of the ledger can break down at specific hash rates if miners have
differing levels of connectivity to the P2P network sustaining the protocol
Centrally Banked Cryptocurrencies
Current cryptocurrencies, starting with Bitcoin, build a decentralized
blockchain-based transaction ledger, maintained through proofs-of-work that
also generate a monetary supply. Such decentralization has benefits, such as
independence from national political control, but also significant limitations
in terms of scalability and computational cost. We introduce RSCoin, a
cryptocurrency framework in which central banks maintain complete control over
the monetary supply, but rely on a distributed set of authorities, or
mintettes, to prevent double-spending. While monetary policy is centralized,
RSCoin still provides strong transparency and auditability guarantees. We
demonstrate, both theoretically and experimentally, the benefits of a modest
degree of centralization, such as the elimination of wasteful hashing and a
scalable system for avoiding double-spending attacks.Comment: 15 pages, 4 figures, 2 tables in Proceedings of NDSS 201
XYZ Privacy
Future autonomous vehicles will generate, collect, aggregate and consume
significant volumes of data as key gateway devices in emerging Internet of
Things scenarios. While vehicles are widely accepted as one of the most
challenging mobility contexts in which to achieve effective data
communications, less attention has been paid to the privacy of data emerging
from these vehicles. The quality and usability of such privatized data will lie
at the heart of future safe and efficient transportation solutions.
In this paper, we present the XYZ Privacy mechanism. XYZ Privacy is to our
knowledge the first such mechanism that enables data creators to submit
multiple contradictory responses to a query, whilst preserving utility measured
as the absolute error from the actual original data. The functionalities are
achieved in both a scalable and secure fashion. For instance, individual
location data can be obfuscated while preserving utility, thereby enabling the
scheme to transparently integrate with existing systems (e.g. Waze). A new
cryptographic primitive Function Secret Sharing is used to achieve
non-attributable writes and we show an order of magnitude improvement from the
default implementation.Comment: arXiv admin note: text overlap with arXiv:1708.0188
Narwhal and Tusk: A DAG-based Mempool and Efficient BFT Consensus
We propose separating the task of reliable transaction dissemination from
transaction ordering, to enable high-performance Byzantine fault-tolerant
quorum-based consensus. We design and evaluate a mempool protocol, Narwhal,
specializing in high-throughput reliable dissemination and storage of causal
histories of transactions. Narwhal tolerates an asynchronous network and
maintains high performance despite failures. Narwhal is designed to easily
scale-out using multiple workers at each validator, and we demonstrate that
there is no foreseeable limit to the throughput we can achieve. Composing
Narwhal with a partially synchronous consensus protocol (Narwhal-HotStuff)
yields significantly better throughput even in the presence of faults or
intermittent loss of liveness due to asynchrony. However, loss of liveness can
result in higher latency. To achieve overall good performance when faults occur
we design Tusk, a zero-message overhead asynchronous consensus protocol, to
work with Narwhal. We demonstrate its high performance under a variety of
configurations and faults. As a summary of results, on a WAN, Narwhal-Hotstuff
achieves over 130,000 tx/sec at less than 2-sec latency compared with 1,800
tx/sec at 1-sec latency for Hotstuff. Additional workers increase throughput
linearly to 600,000 tx/sec without any latency increase. Tusk achieves 160,000
tx/sec with about 3 seconds latency. Under faults, both protocols maintain high
throughput, but Narwhal-HotStuff suffers from increased latency