Presentation is loading. Please wait.

Presentation is loading. Please wait.

The (post-quantum) future of data privacy

Published byPreston Mitchell Modified over 6 years ago

Similar presentations

Presentation on theme: "The (post-quantum) future of data privacy"— Presentation transcript:

1 The (post-quantum) future of data privacy
Cecilia Boschini, Predoctoral Researcher IBM Research – Zurich October 4th, 2018

2 IBM Research - Zurich Established in 1956 45+ different nationalities
Two Nobel Prizes: 1986: Nobel Prize in Physics for the invention of the scanning tunneling microscope by Heinrich Rohrer and Gerd K. Binnig 1987: Nobel Prize in Physics for the discovery of high- temperature superconductivity by K. Alex Müller and J. Georg Bednorz Binnig and Rohrer Nanotechnology Centre opened in 2011 (Public Private Partnership with ETH Zürich and EMPA)

3 50 million Facebook users have been exposed to ID fraud after the biggest cyber attack on the social media giant in its history. The company revealed that hackers were able to access accounts on an unprecedented scale due to a security hole that had remained open for more than a year. Facebook said it had alerted the FBI over the breach, and security experts said a rogue state such as Russia may have been responsible. The cyber defence arm of GCHQ said it was investigating the hack, which allowed attackers full access to private Facebook profiles, and advised British users to be on the lookout for fraud. Facebook was facing questions about why it had taken almost two weeks to shut the security hole after noticing “unusual traffic” on its systems in mid-September. (28sept2018) TWITTER: According to Twitter, the bug occurred due to an issue in the hashing process that masks passwords by replacing them with a random string of characters that get stored on Twitter’s system. But due to an error with the system, apparently passwords were being saved in plain text to an internal log, instead of masking them with the hashing process. Twitter claims to have found the bug on its own and removed the passwords. It’s working to make sure that similar issues don’t come up again.

4 How to guarantee privacy? Minimize!
Zero-Knowledge proofs Allow to prove knowledge of a secret without revealing it. Applications in a lot of different scenarios (example: authentication). Can be interactive or non interactive. How to guarantee privacy? Minimize!

5 Privacy in the Quantum World
Breaking the scheme = solving the hard problem IDEA: substitute the problem with a new math problem that is hard to solve for a quantum computer! The adversary cannot break the scheme because it cannot solve the problem! Security proof Cryptographic scheme Hard Math Problem Post-quantum Cryptography Lattice-based Cryptography Privacy in the Quantum World

6 Attribute-based Tokens over lattices
Security requirement: Impossible to forge the issuer’s signature. Cecilia Boschini, Jan Camenisch, Gregory Neven, Relaxed lattice-based signatures with short zero-knowledge proofs, Proceedings of International Conference on Information Security, 2018.

7 Anonymous Attribute-based Tokens over lattices
Security requirement: Impossible to forge the issuer’s signature. + Unlinkability and no impersonation attacks when the verifier (Alice) is corrupted. Cecilia Boschini, Jan Camenisch, Gregory Neven, Relaxed lattice-based signatures with short zero-knowledge proofs, Proceedings of International Conference on Information Security, 2018.

8 A Crash Course on Lattices
Lattice = grid of points A lattice is identified by a basis. Finding a “good” basis given a random lattice basis is hard. If I know a particularly “good” basis, I can find a short vector. Otherwise, finding a short vector in the lattice is a hard problem.

9 Intuition behind AAT over lattices
The issuer’s signature is a short vector in the lattice dependent on the user’s id and attributes, and on the issuer’s pk. Signature: short vector from lattice depending on the user’s id Token: Zkproof Unforgeable if it is hard to find a short vector in the lattice! Only a minimal amount of data is revealed to Alice! Cecilia Boschini, Jan Camenisch, Gregory Neven, Relaxed lattice-based signatures with short zero-knowledge proofs, Proceedings of International Conference on Information Security, 2018.

10 Open Positions in our group!
We are looking for postdocs and research staff members! Check out the openings at Thanks!

Download ppt "The (post-quantum) future of data privacy"

Similar presentations

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
John D. Gregory Ministry of the Attorney General (Ontario) October 29, 2012.

John D. Gregory Ministry of the Attorney General (Ontario) October 29, 2012.
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Computer Security Set of slides 5 Dr Alexei Vernitski.

Computer Security Set of slides 5 Dr Alexei Vernitski.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.

Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.
VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.

VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

Similar presentations

Ads by Google