Fair private set intersection with a semi-trusted arbiter

A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties' privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance

Isogeny Secrets can be Traded

We consider a situation in which two mutually distrusting parties, each possessing a secret piece of information, wish to exchange these secrets while communicating over a secure channel, in effect ``trading them. Each is afraid of counterparty risk: Alice fears that as soon as she sends her secret to Bob he will cease communication without sending his secret in return, and likewise for the reverse case. In the situation where Alice and Bob\u27s secrets are protected by isogenies, we propose a system in which Alice and Bob may fairly exchange their secrets without counterparty risk, and without a trusted third party. We then discuss potential applications

On the Security of Time-Lock Puzzles and Timed Commitments

Time-lock puzzles---problems whose solution requires some amount of sequential effort---have recently received increased interest (e.g., in the context of verifiable delay functions). Most constructions rely on the sequential-squaring conjecture that computing $g^{2^T} \bmod N$ for a uniform $g$ requires at least $T$ (sequential) steps. We study the security of time-lock primitives from two perspectives: - We give the first hardness result about the sequential-squaring conjecture in a non-generic model. Namely, in a quantitative version of the algebraic group model (AGM) that we call the strong AGM, we show that speeding up sequential squaring is as hard as factoring $N$. - We then focus on timed commitments, one of the most important primitives that can be obtained from time-lock puzzles. We extend existing security definitions to settings that may arise when using timed commitments in higher-level protocols, and give the first construction of non-malleable timed commitments. As a building block of independent interest, we also define (and give constructions for) a related primitive called timed public-key encryption

Verifiable Random Functions from Standard Assumptions

The question whether there exist verifiable random functions with exponential-sized input space and full adaptive security based on a non-interactive, constant-size assumption is a long-standing open problem. We construct the first verifiable random functions which simultaneously achieve all these properties. Our construction can securely be instantiated in symmetric bilinear groups, based on any member of the (n-1)-linear assumption family with n >= 3. This includes, for example, the 2-linear assumption, which is also known as the decision linear (DLIN) assumption

Efficient verifiable delay functions

We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor VDF. A trapdoor VDF is essentially a VDF which can be evaluated efficiently by parties who know a secret (the trapdoor). By setting up this scheme in a way that the trapdoor is unknown (not even by the party running the setup, so that there is no need for a trusted setup environment), we obtain a simple VDF. Our construction is based on groups of unknown order such as an RSA group, or the class group of an imaginary quadratic field. The output of our construction is very short (the result and the proof of correctness are each a single element of the group), and the verification of correctness is very efficient

Using Decentralized Networks and Distributed Ledger Technologies for Foreign Aid Distribution and Reporting

The U.S. federal government is responsible for the creation and disbursement of roughly $95 billion worth of international spending packages annually. Of this amount, nearly$45 billion is allocated for the advancement of economic and humanitarian aid initiatives. However, these programs often face challenges when attempting to distribute funds to individual recipients in regions lacking stable government or reliable financial infrastructure. In addition, existing inefficiencies within the allocation process for these awards may introduce various inequalities through bias or other procedural complexities. As a result, many aid initiatives are not administered in a cost-effective manner and the subsequent lack of transparent reporting makes it difficult for the public to audit these programs and assess outcomes. To address these challenges, a new mobile based (Android/iOS) application has been developed in which foreign aid awards are distributed through the transaction of digital currency and asset-backed stable-coins on the Stellar network. Following user registration and onboarding, the application confirms that users meet the required qualifications through the use of a novel crowdsourcing mechanism comprised of previous recipients. Network validators are incentivized through continued awards to verify new recipient eligibility and further expand the verification network. Once confirmed, the application allows users to transact their awards in USDC, network-native Stellar lumens (XLM) or transfer their tokens to other marketplaces and asset representations with minimal transaction cost. While other available software addresses each of these issues separately, this application combines the end-to-end transfer and housing of aid funds into a singular process for both administrators and recipients. Furthermore, the awarding of these funds is recorded on a public ledger that allows for detailed analysis of initiative outcomes in a verifiable and trust-less manner. Finally, a simulation script was constructed for the purposed of modeling network growth and efficiency in relation to incentivizing future participation in validating new applicants

Outsourced CP-ABE with Whitebox Accountability in IoT Systems

Cryptography based on identity and attributes enhances the chance of secure communication on a large scale. Several attribute-based encryption schemes achieve different objectives when used in various protocols. Most of these are suitable for large systems like cloud services. There are a few protocols which focus on reducing the computational overhead for lower end devices like Internet of Things sensors and actuators. It is desirable to have a mix of features in protocols for IoT security architecture. We first propose a scheme to ensure accountability in CPABE scheme FAME. The protocol is proven CPA-secure with full security in random oracle model. We also prove its accountability. We also propose a hybrid protocol that enforces user accountability and outsourced decryption in IoT systems and achieve full security in replayable chosen ciphertext attack (RCCA) under random oracle model

Efficient Verifiable Partially-Decryptable Commitments from Lattices and Applications

We introduce verifiable partially-decryptable commitments (VPDC), as a building block for constructing efficient privacy-preserving protocols supporting auditability by a trusted party. A VPDC is an extension of a commitment along with an accompanying proof, convincing a verifier that (i) the given commitment is well-formed and (ii) a certain part of the committed message can be decrypted using a (secret) trapdoor known to a trusted party. We first formalize VPDCs and then introduce a general decryption feasibility result that overcomes the challenges in relaxed proofs arising in the lattice setting. Our general result can be applied to a wide class of Fiat-Shamir based protocols and may be of independent interest. Next, we show how to extend the commonly used lattice-based `Hashed-Message Commitment\u27 (HMC) scheme into a succinct and efficient VPDC. In particular, we devise a novel `gadget\u27-based Regev-style (partial) decryption method, compatible with efficient relaxed lattice-based zero-knowledge proofs. We prove the soundness of our VPDC in the setting of adversarial proofs, where a prover tries to create a valid VPDC output that fails in decryption. To demonstrate the effectiveness of our results, we extend a private blockchain payment protocol, MatRiCT, by Esgin et al. (ACM CCS \u2719) into a formally auditable construction, which we call MatRiCT-Au, with very low communication and computation overheads over MatRiCT