18 research outputs found
Mechanisms for Outsourcing Computation via a Decentralized Market
As the number of personal computing and IoT devices grows rapidly, so does
the amount of computational power that is available at the edge. Since many of
these devices are often idle, there is a vast amount of computational power
that is currently untapped, and which could be used for outsourcing
computation. Existing solutions for harnessing this power, such as volunteer
computing (e.g., BOINC), are centralized platforms in which a single
organization or company can control participation and pricing. By contrast, an
open market of computational resources, where resource owners and resource
users trade directly with each other, could lead to greater participation and
more competitive pricing. To provide an open market, we introduce MODiCuM, a
decentralized system for outsourcing computation. MODiCuM deters participants
from misbehaving-which is a key problem in decentralized systems-by resolving
disputes via dedicated mediators and by imposing enforceable fines. However,
unlike other decentralized outsourcing solutions, MODiCuM minimizes
computational overhead since it does not require global trust in mediation
results. We provide analytical results proving that MODiCuM can deter
misbehavior, and we evaluate the overhead of MODiCuM using experimental results
based on an implementation of our platform
Delegatable Anonymous Credentials
We construct an efficient delegatable anonymous credential system. Users can anonymously and unlinkably obtain credentials from any authority, delegate their credentials to other users, and prove possession of a credential levels away from the given authority. The size of the proof (and time to compute it) is , where is the security parameter. The only other construction of delegatable anonymous credentials (Chase and Lysyanskaya, Crypto 2006) relies on general non-interactive proofs for NP-complete languages of size .
We revise the entire approach to constructing anonymous credentials
and identify \emph{randomizable} zero-knowledge proof of knowledge
systems as the key building block. We formally define the notion of
randomizable non-interactive zero-knowledge proofs, and give the first construction by showing how to appropriately rerandomize Groth and Sahai (Eurocrypt 2008) proofs. We show that such proof systems, in combination with an appropriate authentication scheme and a few other protocols, allow us to construct delegatable anonymous credentials. Finally, we instantiate these building blocks under appropriate assumptions about groups with bilinear maps
Incentivizing Outsourced Computation
We describe different strategies a central authority, the boss, can use to distribute computation to untrusted contractors. Our problem is inspired by volunteer distributed computing projects such as SETI@home, which outsource computation to large numbers of participants. For many tasks, verifying a task\u27s output requires as much work as computing it again; additionally, some tasks may produce certain outputs with greater probability than others. A selfish contractor may try to exploit these factors, by submitting potentially incorrect results and claiming a reward. Further, malicious contractors may respond incorrectly, to cause direct harm or to create additional overhead for result-checking.
We consider the scenario where there is a credit system whereby users can be rewarded for good work and fined for cheating. We show how to set rewards and fines that incentivize proper behavior from rational contractors, and mitigate the damage caused by malicious contractors. We analyze two strategies: random double-checking by the boss, and hiring multiple contractors to perform the same job.
We also present a bounty mechanism when multiple contractors are employed; the key insight is to give a reward to a contractor who catches another worker cheating. Furthermore, if we can assume that at least a small fraction h of the contractors are honest (1% − 10%), then we can provide graceful degradation for the accuracy of the system and the work the boss has to perform. This is much better than the Byzantine approach, which typically assumes h > 60%
Membership Privacy for Fully Dynamic Group Signatures
Group signatures present a compromise between the traditional goals of digital
signatures and the need for signer privacy, allowing for the creation of
unforgeable signatures in the name of a group which reveal nothing about the
actual signer's identity beyond their group membership. An important
consideration that is absent in prevalent models is that group membership itself
may be sensitive information, especially if group membership is dynamic, i.e.
membership status may change over time.
We address this issue by introducing formal notions of membership privacy for
fully dynamic group signature schemes, which can be easily integrated into the
most expressive models of group signature security to date. We then propose a
generic construction for a fully dynamic group signature scheme with membership
privacy that is based on signatures with flexible public key (SFPK) and
signatures on equivalence classes (SPSEQ).
Finally, we devise novel techniques for SFPK to construct a highly efficient
standard model scheme (i.e. without random oracles) that provides shorter
signatures than even the non-private state-of-the-art from standard assumptions.
This shows that, although the strictly stronger security notions we introduce
have been completely unexplored in the study of fully dynamic group signatures
so far, they do not come at an additional cost in practice
Single Password Authentication
Users frequently reuse their passwords when authenticating to various online services. Combined with the use of weak passwords or honeypot/phishing attacks, this brings high risks to the security of the user’s account information. In this paper, we propose several protocols that can allow a user to use a single password to authenticate to multiple services securely. All our constructions provably protect the user from dictionary attacks on the password, and cross-site impersonation or honeypot attacks by the online service providers. Our solutions assume the user has access to either an untrusted online cloud storage service (as per Boyen [14]), or a mobile storage device that is trusted until stolen. In the cloud storage scenario, we consider schemes that optimize for either storage server or online service performance, as well as anonymity and unlinkability of the user’s actions. In the mobile storage scenario, we minimize the assumptions we make about the capabilities of the mobile device: we do not assume synchronization, tamper resistance, special or expensive hardware, or extensive cryptographic capabilities. Most importantly, the user’s password remains secure even after the mobile device is stolen. Our protocols provide another layer of security against malware and phishing. To the best of our knowledge, we are the first to propose such various and provably secure password-based authentication schemes. Lastly, we argue that our constructions are relatively easy to deploy, especially if a few single sign-on services (e.g., Microsoft, Google, Facebook) adopt our proposal