An analysis of acceptance policies for blockchain transactions

The standard acceptance policy for a cryptocurrency transaction at most exchanges is to wait until the transaction is placed in the blockchain and followed by a certain number of blocks. However, as noted by Sompolinsky and Zohar [16], the amount of time for blocks to arrive should also be taken into account as it affects the probability of double spending. Specifically, they propose a dynamic policy for transaction acceptance that depends on both the number of confirmations and the amount of time since transaction broadcast. In this work we study the implications of using such a policy compared with the standard option that ignores block timing information. Using an exact expression for the probability of double spend, via numerical results, we analyze time to transaction acceptance (performance) as well as the time and cost to perform a double spend attack (security). We show that while expected time required for transaction acceptance is improved using a dynamic policy, the time and cost to perform a double spend attack for a particular transaction is reduced.First author draf

EasyUC: using EasyCrypt to mechanize proofs of universally composable security

We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: Specifying a protocol and the desired ideal functionality; Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.Accepted manuscrip

An Exploration of the Role of Principal Inertia Components in Information Theory

The principal inertia components of the joint distribution of two random variables $X$ and $Y$ are inherently connected to how an observation of $Y$ is statistically related to a hidden variable $X$. In this paper, we explore this connection within an information theoretic framework. We show that, under certain symmetry conditions, the principal inertia components play an important role in estimating one-bit functions of $X$, namely $f(X)$, given an observation of $Y$. In particular, the principal inertia components bear an interpretation as filter coefficients in the linear transformation of $p_{f(X)|X}$ into $p_{f(X)|Y}$. This interpretation naturally leads to the conjecture that the mutual information between $f(X)$ and $Y$ is maximized when all the principal inertia components have equal value. We also study the role of the principal inertia components in the Markov chain $B\rightarrow X\rightarrow Y\rightarrow \widehat{B}$, where $B$ and $\widehat{B}$ are binary random variables. We illustrate our results for the setting where $X$ and $Y$ are binary strings and $Y$ is the result of sending $X$ through an additive noise binary channel.Comment: Submitted to the 2014 IEEE Information Theory Workshop (ITW

Two-server distributed ORAM with sublinear computation and constant rounds

First author draf

Studies in program obfuscation

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Mathematics, 2010.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student submitted PDF version of thesis.Includes bibliographical references (p. 159-164).Program obfuscation is the software analog to the problem of tamper-proofing hardware. The goal of program obfuscation is to construct a compiler, called an "obfuscator," that garbles the code of a computer program while maintaining its functionality. Commercial products exist to perform this procedure, but they do not provide a rigorous security guarantee. Over the past decade, program obfuscation has been studied by the theoretical cryptography community, where rigorous definitions of security have been proposed and obfuscators have been constructed for some families of programs. This thesis presents three contributions based on the virtual black-box security definition of Barak et al [10]. First, we show tight connections between obfuscation and symmetric-key encryption. Specifically, obfuscation can be used to construct an encryption scheme with strong leakage resilience and key-dependent message security. The converse is also true, and these connections scale with the level of security desired. As a result, the known constructions and impossibility results for each primitive carry over to the other. Second, we present two new security definitions that augment the virtual black-box property to incorporate non-malleability. The virtual black-box definition does not prevent an adversary from modifying an obfuscated program intelligently. By contrast, our new definitions provide software with the same security guarantees as tamper-proof and tamper-evident hardware, respectively. The first definition prohibits tampering, and the second definition requires that tampering is detectable after the fact. We construct non-malleable obfuscators of both favors for some program families of interest. Third, we present an obfuscator for programs that test for membership in a hyperplane. This generalizes prior works that obfuscate equality testing. We prove the security of the obfuscator under a new strong variant of the Decisional Diffie-Hellman assumption that holds in the generic group model. Additionally, we show a cryptographic application of the new obfuscator to leak-ageresilient one-time digital signatures. The thesis also includes a survey of the prior results in the field.by Mayank Varia.Ph.D

DEMO: integrating MPC in big data workflows

Secure multi-party computation (MPC) allows multiple parties to perform a joint computation without disclosing their private inputs. Many real-world joint computation use cases, however, involve data analyses on very large data sets, and are implemented by software engineers who lack MPC knowledge. Moreover, the collaborating parties -- e.g., several companies -- often deploy different data analytics stacks internally. These restrictions hamper the real-world usability of MPC. To address these challenges, we combine existing MPC frameworks with data-parallel analytics frameworks by extending the Musketeer big data workflow manager [4]. Musketeer automatically generates code for both the sensitive parts of a workflow, which are executed in MPC, and the remainder of the computation, which runs on scalable, widely-deployed analytics systems. In a prototype use case, we compute the Herfindahl-Hirschman Index (HHI), an index of market concentration used in antitrust regulation, on an aggregate 156GB of taxi trip data over five transportation companies. Our implementation computes the HHI in about 20 minutes using a combination of Hadoop and VIFF [1], while even "mixed mode" MPC with VIFF alone would have taken many hours. Finally, we discuss future research questions that we seek to address using our approach

Moving in next door: Network flooding as a side channel in cloud environments

The final publication is available at http://link.springer.com/chapter/10.1007/978-3-319-48965-0_56Co-locating multiple tenants' virtual machines (VMs) on the same host underpins public clouds' affordability, but sharing physical hardware also exposes consumer VMs to side channel attacks from adversarial co-residents. We demonstrate passive bandwidth measurement to perform traffic analysis attacks on co-located VMs. Our attacks do not assume a privileged position in the network or require any communication between adversarial and victim VMs. Using a single feature in the observed bandwidth data, our algorithm can identify which of 3 potential YouTube videos a co-resident VM streamed with 66% accuracy. We discuss defense from both a cloud provider's and a consumer's perspective, showing that effective defense is difficult to achieve without costly under-utilization on the part of the cloud provider or over-utilization on the part of the consumer.We would like to acknowledge the MIT PRIMES program and thank in particular Dr. Slava Gerovitch and Dr. Srini Devadas for their support. We are also grateful to Boston University, the Hariri Institute, and the Massachusetts Open Cloud. This paper is based upon work supported by the National Science Foundation under Grants No. 1414119 and 1413920

Secure multi-party computation for analytics deployed as a lightweight web application

We describe the definition, design, implementation, and deployment of a secure multi-party computation protocol and web application. The protocol and application allow groups of cooperating parties with minimal expertise and no specialized resources to compute basic statistical analytics on their collective data sets without revealing the contributions of individual participants. The application was developed specifically to support a Boston Women’s Workforce Council (BWWC) study of wage disparities within employer organizations in the Greater Boston Area. The application has been deployed successfully to support two data collection sessions (in 2015 and in 2016) to obtain data pertaining to compensation levels across genders and demographics. Our experience provides insights into the particular security and usability requirements (and tradeoffs) a successful “MPC-as-a-service” platform design and implementation must negotiate.We would like to acknowledge all the members of the Boston Women’s Workforce Council, and to thank in particular MaryRose Mazzola, Christina M. Knowles, and Katie A. Johnston, who led the efforts to organize participants and deploy the protocol as part of the 100% Talent: The Boston Women’s Compact [31], [32] data collections. We also thank the Boston University Initiative on Cities (IOC), and in particular Executive Director Katherine Lusk, who brought this potential application of secure multi-party computation to our attention. The BWWC, the IOC, and several sponsors contributed funding to complete this work. Support was also provided in part by Smart-city Cloud-based Open Platform and Ecosystem (SCOPE), an NSF Division of Industrial Innovation and Partnerships PFI:BIC project under award #1430145, and by Modular Approach to Cloud Security (MACS), an NSF CISE CNS SaTC Frontier project under award #1414119