25 research outputs found
General Impossibility of Group Homomorphic Encryption in the Quantum World
Group homomorphic encryption represents one of the most important building
blocks in modern cryptography. It forms the basis of widely-used, more
sophisticated primitives, such as CCA2-secure encryption or secure multiparty
computation. Unfortunately, recent advances in quantum computation show that
many of the existing schemes completely break down once quantum computers reach
maturity (mainly due to Shor's algorithm). This leads to the challenge of
constructing quantum-resistant group homomorphic cryptosystems.
In this work, we prove the general impossibility of (abelian) group
homomorphic encryption in the presence of quantum adversaries, when assuming
the IND-CPA security notion as the minimal security requirement. To this end,
we prove a new result on the probability of sampling generating sets of finite
(sub-)groups if sampling is done with respect to an arbitrary, unknown
distribution. Finally, we provide a sufficient condition on homomorphic
encryption schemes for our quantum attack to work and discuss its
satisfiability in non-group homomorphic cases. The impact of our results on
recent fully homomorphic encryption schemes poses itself as an open question.Comment: 20 pages, 2 figures, conferenc
Privacy-preserving Cross-domain Routing Optimization -- A Cryptographic Approach
Today's large-scale enterprise networks, data center networks, and wide area
networks can be decomposed into multiple administrative or geographical
domains. Domains may be owned by different administrative units or
organizations. Hence protecting domain information is an important concern.
Existing general-purpose Secure Multi-Party Computation (SMPC) methods that
preserves privacy for domains are extremely slow for cross-domain routing
problems. In this paper we present PYCRO, a cryptographic protocol specifically
designed for privacy-preserving cross-domain routing optimization in Software
Defined Networking (SDN) environments. PYCRO provides two fundamental routing
functions, policy-compliant shortest path computing and bandwidth allocation,
while ensuring strong protection for the private information of domains. We
rigorously prove the privacy guarantee of our protocol. We have implemented a
prototype system that runs PYCRO on servers in a campus network. Experimental
results using real ISP network topologies show that PYCRO is very efficient in
computation and communication costs
Secure equality testing protocols in the two-party setting
Protocols for securely testing the equality of two encrypted integers are common building blocks for a number of proposals in the literature that aim for privacy preservation. Being used repeatedly in many cryptographic protocols, designing efficient equality testing protocols is important in terms of computation and communication overhead. In this work, we consider a scenario with two parties where party A has two integers encrypted using an additively homomorphic scheme and party B has the decryption key. Party A would like to obtain an encrypted bit that shows whether the integers are equal or not but nothing more. We propose three secure equality testing protocols, which are more efficient in terms of communication, computation or both compared to the existing work. To support our claims, we present experimental results, which show that our protocols achieve up to 99% computation-wise improvement compared to the state-of-the-art protocols in a fair experimental set-up
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data
Abstract We introduce new secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users. Our protocols allow a smartphone to privately perform continuous and unobtrusive authentication using touch behaviors. Through our protocols, the smartphone does not need to disclose touch information to the authentication server. Further, neither the server nor the smartphone have access to the content of the user's template. We present formal proofs to substantiate security claims on our protocols. We then perform experiments on publicly available touch data, collected from forty-one users. Our experiments on a commodity Android smartphone show that our protocols incur an overhead between 263ms and 2.1s
Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data
Abstract We introduce new secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users. Our protocols allow a smartphone to privately perform continuous and unobtrusive authentication using touch behaviors. Through our protocols, the smartphone does not need to disclose touch information to the authentication server. Further, neither the server nor the smartphone have access to the content of the user's template. We present formal proofs to substantiate security claims on our protocols. We then perform experiments on publicly available touch data, collected from forty-one users. Our experiments on a commodity Android smartphone show that our protocols incur an overhead between 263ms and 2.1s