Network Security 2023

https://docs.google.com/document/d/18SyaJJUBr055WaWQ0LvUHPKfB4ltZDqISJ7ZgIVmeNA

Network Security 2022

https://docs.google.com/document/d/1o-jK86y2TBq7EertOeVWDklYS6AvnFY48XGNokaH3OQ/edi

Network Security 2021 Syllabus

https://docs.google.com/document/d/1kHYHxSV_i5IMp0DwQK6DflQB_0s9-9iCMr6hDsIfUu8/edi

New Applications Of Public Ledgers

The last decade and a half has seen the rise of a new class of systems loosely categorized as public ledgers. Public ledgers guarantee that all posted information is permanently available to the entire public. Common realizations of public ledgers include public blockchains and centralized logs. In this work we investigate novel applications of public ledgers. We begin by describing enclave ledger interaction, a computational method that allows the execution of trusted execution environments or cryptographically obfuscated programs to be conditioned on the contents of the ledger. We then show how this conditional execution paradigm can be used to achieve fairness in dishonest majority secure multiparty computation, which is impossible in the plain model. Finally, we show how conditional execution can be used to build systems that facilitate law enforcement access to ciphertext while ensuring robust transparency and accountability mechanisms

Efficient proofs of software exploitability for real-world processors

CRAhttps://eprint.iacr.org/2022/1223.pdfPublished versio

Pulsar: Secure Steganography through Diffusion Models

Widespread efforts to subvert acccess to strong cryptography has renewed interest in steganography, the practice of embedding sensitive messages in mundane cover messages. Recent efforts at provably secure steganography have only focused on text-based generative models and cannot support other types of models, such as diffusion models, which are used for high-quality image synthesis. In this work, we initiate the study of securely embedding steganographic messages into the output of image diffusion models. We identify that the use of variance noise during image generation provides a suitable steganographic channel. We develop our construction, Pulsar, by building optimizations to make this channel practical for communication. Our implementation of Pulsar is capable of embedding $\approx 275$-$542$ bytes (on average) into a single image without altering the distribution of the generated image, all in the span of $\approx 3$ seconds of online time on a laptop. In addition, we discuss how the results of Pulsar can inform future research into diffusion models. Pulsar shows that diffusion models are a promising medium for steganography and censorship resistance

Dora: Processor Expressiveness is (Nearly) Free in Zero-Knowledge for RAM Programs

Existing protocols for proving the correct execution of a RAM program in zero-knowledge are plagued by a processor expressiveness trade-off : supporting fewer instructions results in smaller processor circuits (which improves performance), but may result in more program execution steps because non-supported instruction must be emulated over multiple processor steps (which diminishes performance). We present Dora, a concretely efficient zero-knowledge protocol for RAM programs that sidesteps this tension by making it (nearly) free to add additional instructions to the processor. The computational and communication complexity of proving each step of a computation in Dora, is constant in the number of supported instructions. Dora is also highly generic and only assumes the existence of linearly homomorphic commitments. We implement Dora and demonstrate that on commodity hardware it can prove the correct execution of a processor with thousands of instruction, each of which has thousands of gates, in just a few milliseconds per step

Speed-Stacking: Fast Sublinear Zero-Knowledge Proofs for Disjunctions

Building on recent disjunctive compilers for zero-knowledge (e.g. Goel et al. [EUROCRYPT\u2722]) we propose a new compiler that, when applied to sublinear-sized proofs, can result in sublinear-size disjunctive zero-knowledge with sublinear proving times (without meaningfully increasing proof sizes). Our key observation is that simulation in sublinear-size zero-knowledge proof systems can be much faster (both concretely and asymptotically) than the honest prover. We study applying our compiler to two classes of $O(\log n)$-round protocols: interactive oracle proofs, specifically Aurora [EUROCRYPT\u2719] and Fractal [EUROCRYPT\u2720], and folding arguments, specifically Compressed $\Sigma$-protocols [CRYPTO\u2720, CRYPTO\u2721] and Bulletproofs [S&P\u2718]. This study validates that the compiler can lead to significant savings. For example, applying our compiler to Fractal enables us to prove a disjunction of $\ell$ clauses, each of size $N$, with only $O((N+\ell) \cdot \text{polylog}(N))$ computation, versus $O(\ell N \cdot \text{polylog}(N))$ when proving the disjunction directly. We also find that our compiler offers a new lens through which to understand zero-knowledge proofs, evidenced by multiple examples of protocols with the same standalone complexity that each behave very differently when stacked

Efficient Set Membership Proofs using MPC-in-the-Head

Set membership proofs are an invaluable part of privacy preserving systems. These proofs allow a prover to demonstrate knowledge of a witness $w$ corresponding to a secret element $x$ of a public set, such that they jointly satisfy a given NP relation, {\em i.e.} $\mathcal{R}(w,x)=1$ and $x$ is a member of a public set $\{x_1, \ldots, x_\ell\}$. This allows the identity of the prover to remain hidden, eg. ring signatures and confidential transactions in cryptocurrencies. In this work, we develop a new technique for efficiently adding logarithmic-sized set membership proofs to any MPC-in-the-head based zero-knowledge protocol (Ishai et al. [STOC\u2707]). We integrate our technique into an open source implementation of the state-of-the-art, post quantum secure zero-knowledge protocol of Katz et al. [CCS\u2718]. We find that using our techniques to construct ring signatures results in signatures (based only on symmetric key primitives) that are between 5 and 10 times smaller than state-of-the-art techniques based on the same assumptions. We also show that our techniques can be used to efficiently construct post-quantum secure RingCT from only symmetric key primitives