Abstract: The use of elliptic curves for asymmetric cryptography was introduced by Miller and Koblitz in 1985. Due to patent restrictions and the mathematical complexity of the relevant cryptographic operations, the wide deployment of elliptic curve cryptography (ECC) in real-world applications was postponed until the mid 2000's. The main advantage of using ECC over other public-key crypotsystems, such as RSA, is the memory and key-length requirements; two important factors for the practical implementation of cryptographic protocols in embedded devices. ECC is nowadays implemented in many broadly used cryptographic libraries, such as OpenSSL, mbedTLS and libecc. Recent side-channel attacks (SCA) on elliptic curve algorithms have shown that the security of these cryptosystems is a matter of serious concern. Side-channel attacks exploit various physical leakages of secret information or instructions from cryptographic devices and they constitute a constant threat for cryptographic implementations. In this talk, after introducing some basic principles of side-channel attacks, we are going to present a practical SCA on elliptic curves. Our methodology offers a generic attack framework with minimal assumptions for the attacker model, which is applicable to various forms of curves (Weierstrass, Edwards and Montgomery curves) and implementations. As a proof of concept, we attack the doubling operation in the double-and-add-always scalar multiplication algorithm.

Abstract:

Abstract: The security analysis of the novel e-voting system DEMOS (Kiayias, Zacharias, and Zhang - 2015) shows that the level of end-to-end verifiabiliy that DEMOS achieves directly depends on the rate of honest voters that participate in the auditing procedure. Motivated by this result, we performed a study of the voters' auditing behaviour as a parameter of the end-to-end verifiability of the well-established e-voting system Helios. We were led to an interesting conclusion regarding e-voting security: ensuring that a sufficient number of participants follow a well-defined set of admissible behaviours, is of equal importance with the protection of the system infrastructure. In this presentation, we take discussion a step further by putting some thinking cap on how the above ideas apply to any voting protocol where the human participation consists of non-trivial actions (i.e., people are not modelled as dummy parties that forward their inputs or are only responsible for protecting their secret states in an on/off approach). We focus on the apparent trade-off between (i) encouraging direct human involvement via active participation and (ii) the increase in the security risk that stems from the amplified human factor. Protocol designers aware of this fact, face a strategic dilemma: should they prevent security threats by putting trust to the administrators or share responsibility to people while keeping the promise of their proper training?

Abstract: Classical results on secure multi-party computation (MPC) imply that fully secure computation, including fairness (either all parties get output or none) and robustness (output delivery is guaranteed), is impossible unless a majority of the parties is honest. Recently, cryptocurrencies like Bitcoin where utilized to leverage the fairness loss in MPC against a dishonest majority. The idea is that when the protocol aborts in an unfair manner (i.e., after the adversary receives output) then honest parties get compensated by the adversarially controlled parties. Our contribution is three-fold. First, we put forth a new formal model of secure MPC with compensation and we show how the introduction of suitable ledger and synchronization functionalities makes it possible to express completely such protocols using standard interactive Turing machines (ITM) circumventing the need for the use of extra features that are outside the standard model as in previous works. Second, our model, is expressed in the universal composition setting with global setup and is equipped with a composition theorem that enables the design of protocols that compose safely with each other and within larger environments where other protocols with compensation take place; a composition theorem for MPC protocols with compensation was not known before. Third, we introduce the first robust MPC protocol with compensation, i.e., an MPC protocol where not only fairness is guaranteed (via compensation) but additionally the protocol is guaranteed to deliver output to the parties that get engaged and therefore the adversary, after an initial round of deposits, is not even able to mount a denial of service attack without having to suffer a monetary penalty. Importantly, our robust MPC protocol requires only a {\em constant } number of (coin-transfer and communication) rounds.
Joint work with Hong-Sheng Zhou and Vasilis Zikas.

Abstract: Bitcoin has proved to be the first widely successful decentralized cryptocurrency since its creation in 2009. However, forensic analysis of the blockchain has allowed analysts to deanonymize bitcoin keys, often in an automated manner. These techniques also allow legal authorities to taint coins, harming bitcoin's fungibility. Monero is a separate blockchain cryptocurrency with a codebase created from scratch based on the CryptoNote papers. It offers transaction unlinkability and untraceability through two primary mechanisms: First, the disassociation of public receiving addresses from blockchain information; and second, the use of ring signatures to create sender anonymity sets. In this talk, I will present these features of monero and discuss how they achieve the claimed properties.

Abstract: Every modern system relies on compression and encryption, for performance optimization and data security respectively. This work investigates attacks on compressed encrypted protocols, such as HTTP over TLS. A new property of cryptosystems is proposed, Indistinguishability under Partially Chosen Plaintext Attack (IND-PCPA), along with an attack model that utilizes it. In order to bypass obstacles of real-world systems, statistical methods are employed, that improve performance and validity of the attack. Experiments were conducted on massively popular systems, using a Python framework that was implemented for the purpose of this paper. Experimental results, in lab environment, revealed that those systems are not IND-PCPA, demonstrating vulnerabilities regarding certain types of secrets. Finally, we propose novel techniques, that could lead to complete mitigation of similar attacks.