Yael Tauman Kalai Area: Cryptography PhD: MIT, with Shafi Goldwasser

Slides:

Advertisements

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Advertisements

Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Digital Signatures. Anononymity and the Internet.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Private Programs: Obfuscation, a survey Guy Rothblum Barak, Goldreich, Impagliazzo, Rudich, Sahai, Vadhan and Yang Lynn, Prabhakaran and Sahai Goldwasser.

CRYPTOGRAPHY: STATE OF THE SCIENCE ASIACRYPT 2003 invited talk Adi Shamir Computer Science Dept The Weizmann Institute Israel.

The Physically Observable Security of Signature Schemes Alexander W. Dent Joint work with John Malone-Lee University of Bristol.

Cryptography 101 How is data actually secured. RSA Public Key Encryption RSA – names after the inventors –Rivest, Shamir, and Adleman Basic Idea: Your.

Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Certificateless Threshold Ring Signature Source: Information Sciences 179(2009) Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang Presenter:

CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Nir Bitansky Ran Canetti Henry Cohn Shafi Goldwasser Yael Tauman-Kalai

On the Implausibility of Differing-Inputs Obfuscation (and Extractable Witness Encryption) with Auxiliary Input Daniel Wichs (Northeastern U) with: Sanjam.

Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

Cryptography and Complexity at the Weizmann Institute

Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.

Introduction to Cryptography

Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Public Key Model 8. Cryptography part 2.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

RSA Encryption System.

Threshold PKC Shafi Goldwasser and Ran Canetti. Public Key Encryption [DH] A PKC consists of 3 PPT algorithms (G,E,D) - G(1 k ) outputs public key e,

Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.

CPS 82, Fall Privacy l Taxonomy of Privacy  Understanding Privacy, Daniel Solove, MIT Press 2008 l Information Processing  Aggregation  Identification.

Lecture 2: Introduction to Cryptography

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

1. ◦ Intro ◦ Online shopping vs MOTO ◦ Credit card payments vs PayPal ◦ E-cash? 2.

Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security

Boaz Barak, Nir Bitansky, Ran Canetti, Yael Tauman Kalai, Omer Paneth, Amit Sahai.

1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.

Format Information !. Information v Contact the formatist early. Be sure to get on a list. v Discuss programs used: Word, WordPerfect, Excel, etc., and/or.

1 Two Stories of Ring Signatures Yoshikazu Hanatani * Kazuo Ohta * *The University of Electro-Communications.

Cryptography Resilient to Continual Memory Leakage Zvika Brakerski Weizmann Institute Yael Tauman Kalai Microsoft Jonathan Katz University of Maryland.

Certificateless Threshold Ring Signature Source: Information Sciences 179(2009) Author: Shuang Chang, Duncan S. Wong, Yi Mu, Zhenfeng Zhang Presenter:

Cryptography By: Nick Belhumeur. Overview What is Cryptography? What is Cryptography? 2 types of cryptosystems 2 types of cryptosystems Example of Encryption.

Unit 3 Section 6.4: Internet Security

Cryptography: an overview

Key Substitution Attacks on Some Provably Secure Signature Schemes

CMIT100 Chapter 15 - Information.

Public-Key Cryptography RSA Rivest-Shamir-Adelmann Public-Key System

Encryption. Encryption Basics • Plaintext - the original message ABCDEFG • Ciphertext - the coded message DFDFSDFSD • Cipher - algorithm for.

Public Key Encryption and Digital Signatures

HEY DOUG HOW ARE YOU? NKE JUAM NUC GXK EUA. HEY DOUG HOW ARE YOU? NKE JUAM NUC GXK EUA.

Identity-based deniable authentication protocol

Digital signatures.

Practical E-Payment Scheme

Efficient CRT-Based RSA Cryptosystems

Cryptographic Protocols

CAS CS 538 Cryptography.

Cryptography for Quantum Computers

Security Analysis of Network Protocols

Appendix 5: Cryptography p

MSIT 543 Cryptography Concepts and Techniques How RSA Encryption Works

NET 311 Information Security

Cryptographic Protocols

Masayuki Fukumitsu Hokkaido Information University, Japan

Lecture 6: Digital Signature

Fiat-Shamir for Highly Sound Protocols is Instantiable

Post-Quantum Security of Fiat-Shamir

Cryptology Design Fundamentals

Investigating Provably Secure and Practical Software Protection

Ronald L. Rivest MIT ShafiFest January 13, 2019

Cryptology Design Fundamentals

Cryptology Design Fundamentals

LAB 3: Digital Signature

Presentation transcript:

Yael Tauman Kalai Area: Cryptography PhD: MIT, with Shafi Goldwasser IBM PhD Fellowship MIT Presidential Graduate Fellowship Masters: Weizmann, with Adi Shamir Outstanding Master’s Thesis Prize Graduating this year.

Yael Tauman Kalai Main results: Ring signatures Fiat-Shamir heuristic Code obfuscation Works on fundamental and difficult problems. Both theoretical and practical importance.

Fiat-Shamir Heuristic (1986) Transforms identification protocol into signature Efficient: used in practice. [with Goldwasser]: Heuristic is insecure. First example of ID protocol where Fiat-Shamir transform yields insecure signature.

Letters Letters emphasize originality and creativity Letter writers: Goldwasser Rivest Shamir Ran Raz “top 5 in 7 years from Weizmann” “top 3-5 in 11 years from Weizmann”

Goldwasser: “one of 2 or 3 most original and unconventional graduate students” “brilliant, original, technically superb” Compare to Boaz Barak, Joe Kilian

Rivest: “one of the very top students graduating from our group this year” “works on some of the most interesting, cutting edge and fundamental problems in the field today” “shows real mastery of the field” “very strong in the fundamentals and in terms of raw theoretical power”

How to Leak a Secret [with Rivest and Shamir] Goals: Anonymity. Proof that info from high-ranking official. Ring Signatures: Pick set S of people with public keys, including self. Members of S don’t have to cooperate. Others can verify that someone in S signed. Nobody knows which person in S. Very efficient, even for many people.

How to Leak a Secret [with Rivest and Shamir] Goals: Anonymity. Proof that info from high-ranking official. Ring Signatures: Pick set S of people with public keys, including self. Members of S don’t have to cooperate. Others can verify that someone in S signed. Nobody knows which person in S. Very efficient, even for many people. Other Applications Prevent phishing attacks. Many follow-up papers.

Code Obfuscation Code  “unintelligible” code, same functionality. Prevent hackers from learning anything when they examine code. Very important in practice. Vitaly’s example: phone book.

Code Obfuscation Code  “unintelligible” code, same functionality. Prevent hackers from learning anything when they examine code. Very important in practice. Vitaly’s example: phone book. Obfuscate any private key crypto  public key crypto.

Code Obfuscation Code  “unintelligible” code, same functionality. Prevent hackers from learning anything when they examine code. Very important in practice. Vitaly’s example: phone book. Obfuscate any private key crypto  public key crypto. [BGIRSVY]: Impossible for artificial functions. [Canetti, Wee]: Obfuscate certain functions. Possible for all natural functions?

Code Obfuscation Code  “unintelligible” code, same functionality. Prevent hackers from learning anything when they examine code. Very important in practice. Vitaly’s example: phone book. Obfuscate any private key crypto  public key crypto. [BGIRSVY]: Impossible for artificial functions. [Canetti, Wee]: Obfuscate certain functions. Possible for all natural functions? [with Goldwasser]: Impossible for certain natural functions. Also give positive result.

Fiat-Shamir Heuristic (1986) Transforms identification protocol into signature Efficient: used in practice. Provably secure under “random oracle model.”

Fiat-Shamir Heuristic (1986) Transforms identification protocol into signature Efficient: used in practice. Provably secure under “random oracle model.” [with Goldwasser]: Heuristic is insecure. First example of ID protocol where Fiat-Shamir transform yields insecure signature.