# Verifiable Delegation of Computation over Large Datasets

Save this PDF as:

Size: px
Start display at page:

Download "Verifiable Delegation of Computation over Large Datasets"

## Transcription

1 Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas University of Toronto Rosario Gennaro IBM Research Yevgeniy Vahlis AT&T

2 Cloud Computing Data D Code F Y F(D) Cloud could be malicious or arbitrarily buggy (same as malicious)! Goal: efficiently verify that Y = F(D)

3 Cloud Computing What is efficient verification? Algo F Data D Option 1: F, D are small but F(D) takes many steps For example: D=N=pq, F tries all prime factors until p,q, are found Efficient verification can be linear in F, D

4 Cloud Computing What is efficient verification? Algo F Data D Option 2: D is very big F(D) is almost linear in D Plenty of examples: Mining medical records Looking up records (PIR) Making predictions based on trained machine learning models Linear verification is not good enough Need to be (very) sublinear in D

5 [GGP, CKV, AIK]: Any function can be verifiably delegated in the sense of option 2, assuming Fully Homomorphic Encryption 1. FHE will become practical any moment In the mean time can we do VC without it? 2. [GGP,CKV,AIK] require that a malicious server does not learn if it was successful in cheating a significant restriction in practice

6 Our Results Non-crypto applications Keyword search A new verifiable delegation scheme Proofs for polynomials of retrievability Delegate functions of the form p(x)=c 0 + c 1 x + c 2 x c d x d The degree d is arbitrarily large Extends* to multivariate In polynomials the line of work on auth. data structures and memory checkers Adaptive security the server learns if he was successful Constant communication overhead and client work (strict poly-time) Constant size assumption Verifiable databases A client can outsource dictionaries (i 1, v 1 ) (i n, v n ) Make verifiable retrieval queries Get i Update queries: Add (i, v), Remove (i), Update (i, v)

7 Prior Work Long series of works related to this problem Interactive Proofs (B,GMR) Probabilistically Checkable Proofs A computation can be associated with a (potentially very long) proof of correctness Verifying an NP problem can take time indep. of size of statement Verifier queries bits of the proof, assuming the Prover honestly provides them Efficient Arguments/CS Proofs [K,M] Prover commits to the PCP proof Verifier queries bits and verifies Statement must be short F(x) = y. Does not deal well with large data. All schemes above are interactive Except for Micali's CS proofs which are made non-interactive in the random oracle model Memory checkers [BlumEvansGemmellKannanNaor91,Ajtai02,GemmellNaor03,NaorRothblum05,Dw orknaorrothvaik09,...] Different model: server can only retrieve array values. The goal is to minimize the number of queries Our solution is not a good memory checker (because the server works hard), but is much more efficient in communication and client work

8 VERIFIABLE DELEGATION OF POLYMOMIALS

9 Delegating a polynomial What does it mean to delegate a polynomial? p(x)=a 0 + a 1 x+ + a d x d Public key Short secret SK << d

10 Delegating a polynomial What does it mean to delegate a polynomial? Public key SK We only want verification Input x Compiled query Response Y Certificate C Goal: be convinced that Y=P(x), or output reject

11 Our main tool Algebraic PRFs with trapdoor efficient algebraic operations A pseudorandom function F is a family of functions where F K ( ) is indistinguishable from a random function R( ) Algebraic PRF: the range of F K ( ) forms an abelian group F is not a homomorphism! But, given F K (x), F K (y), can compute F K (x) F K (y) A public generator g (This is trivial)

12 Trapdoor Efficiency Given a range (0,,n) and values (x,x 2,...,x n ) can compute: using the algebraic property Trapdoor efficiency: given (K,x) easy to compute Y (sublinear in n) More generally: other functions of F K (0),,F K (n)

13 Back to VC Given coefficients a 0,,a d Want to delegate p(x) = a 0 + a 1 x + + a d x Secrecy d of a 0,,a d can be achieved Construction using(singly) Choose random c, compute masking coefficients homomorphic encryption Upload and To answer query x the server computes: and returns (C, P(x))

14 Verification Verifier s key: PRF key K, masking coefficient c Recall that the server is given The server has (in the exponent) coefficients of An honest server sends: Verifier checks: and Y If = R P(x) was random, this breaks a secure MAC To cheat adversary has to find, W Y

15 Efficiency If R was random the client would have to remember r 0,, r d Easy to solve using any PRF (in fact, we already did that) Now the client only remembers the PRF key Even if a PRF is used, the verifier needs to check efficiently: Trapdoor efficiency allows exactly that! Given (K, x) can compute R(x) is time sublinear in d

16 How? From strong-ddh: is ind. from random The PRF is: Efficiency: Need only one exponentiation because: Multivariate: Generalizes Naor-Reingold

17 How? From DDH Local state size is log(d) We use the Naor-Reingold PRF Efficiency: In the paper: Polynomials with logarithmic number of variables (tradeoff degree/# variables)

18 To summarize Based on DDH/Strong-DDH we obtian an adaptively secure scheme for delegating high degree polynomials. Can be used for keyword search: To outsource a set of keywords {w 1,,w n } outsource the polynomial p(x) = (x-w 1 ) (x-w 2 ) (x-w n ) Proofs of retrievability Want to make sure that server keeps a large file F Break F into blocks F 0,,F n Outsource the polynomial P(x) = F 0 + F 1 x + + F n x n Audit check: verifiably evaluate P(r) for random r

19 Open directions Adaptive security for general functions Other efficient constructions for restricted classes of functions Better support for multi-variate polynomials Thank you!

20 Thank you!

21 VERIFIABLE DATABASES!

22 Verifiable databases? Retrieve location i Write to location j Insert to location k Delete from location l Think: SVN with untrusted repository

23 Very abridged history Merkle trees Data is in stored as leaves of a tree Client keeps a hash of the root Queries/updates are relatively easy log n operations each Insertion/deletion is not good based on amortization Too slow over a network for large storages Memory checkers Different model: server is a RAM Efficiency is counted in # of RAM queries We allow server to work hard Authenticated Data Structures Different model: trusted party has a large secret

24 Folklore solution without updates For every populated location i Give the server MAC(i, data[i]) For all other locations j Upload a MAC of the shortest prefix w of j that does not extend to a populated i But, hard to do updates can t revoke! root?? (i1,d1) (i2,d2)

25 Simple Construction Upload to authenticate (i,v i ) This is a MAC Can update (insecurely): To change value to u i, send Now server can find Insertion is easy Efficient deletion not possible Server always has certificate for (i,v i ) Can we fix it? Need to tie all the elements together without growing client state

26 Composite Order Bilinear Groups Subgroup membership assumption: G = G 1 x G 2 G 1 =p G 2 =q Given g in G, g 2 in G 2 hard to distinguish: (Random from G) c (Random from G 2 )

27 Instead of uploading Back to verifiable DB The client sends for a random w i The key is a,b,k, and The server now sends* To update location i to value u i client sends and updates w Proof of security: the update token is indistinguishable from. (Actually, there are CCA issues)

28 Back to verifiable DB But server can t compute! All he has is Upload additional hints h 1 in G, h 0 in G 2 To respond to query i the server sends back: The client performs the check in the target group of the pairing

29 Open directions Adaptive security for general functions is still open Support higher degree polynomials Obtain constructions based on Lattice assumptions Make verifiable DB publicly checkable Extend VDB to support wider range of queries Thank you!

### Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results

Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results Dario Catalano Dario Fiore Luca Nizzardo University of Catania Italy IMDEA Software Institute Madrid, Spain

### Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation

### Privacy and Verifiability for Data Storage in Cloud Computing. Melek Ӧnen August 17, 2015 IFIP Summer School, Edinburgh

Privacy and Verifiability for Data Storage in Cloud Computing Melek Ӧnen August 17, 2015 IFIP Summer School, Edinburgh Cloud Computing Outsourcing storage & computation High availability No IT maintenance

### MTAT.07.003 Cryptology II. Digital Signatures. Sven Laur University of Tartu

MTAT.07.003 Cryptology II Digital Signatures Sven Laur University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic

### Improving data integrity on cloud storage services

International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 2 ǁ February. 2013 ǁ PP.49-55 Improving data integrity on cloud storage services

### 1 Message Authentication

Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

### SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

International Journal of Computer Network and Security(IJCNS) Vol 7. No.1 2015 Pp. 1-8 gopalax Journals, Singapore available at : www.ijcns.com ISSN: 0975-8283 ----------------------------------------------------------------------------------------------------------------------------------------------------------

### Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

### Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens. P.Srinivas *,K. Rajesh Kumar # M.Tech Student (CSE), Assoc. Professor *Department of Computer Science (CSE), Swarnandhra College of Engineering

### Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

### Privacy and Security in Cloud Computing

Réunion CAPPRIS 21 mars 2013 Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧnen Slide 1 Cloud computing Idea: Outsourcing Ø Huge distributed data centers Ø Offer storage and computation Benefit:

### Lecture 15 - Digital Signatures

Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.

### Chapter 2 TSAS: Third-Party Storage Auditing Service

Chapter 2 TSAS: Third-Party Storage Auditing Service Abstract In cloud storage systems, data owners host their data on cloud servers and users (data consumers) can access the data from cloud servers Due

### PORs: Proofs of Retrievability for Large Files

PORs: Proofs of Retrievability for Large Files Ari Juels RSA Laboratories Burt Kaliski EMC Innovation Network ACM CCS Conference, 2007 presented by Serkan Uzunbaz Source: www.rsa.com/rsalabs/node.asp?id=3357

### Introduction. Digital Signature

Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

### Enabling Public Auditing for Secured Data Storage in Cloud Computing

IOSR Journal of Engineering (IOSRJEN) e-issn: 2250-3021, p-issn: 2278-8719 Vol. 3, Issue 5 (May. 2013), V3 PP 01-05 Enabling Public Auditing for Secured Data Storage in Cloud Computing 1 Er.Amandeep Kaur,

### Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm Twinkle Graf.F 1, Mrs.Prema.P 2 1 (M.E- CSE, Dhanalakshmi College of Engineering, Chennai, India) 2 (Asst. Professor

### Restructuring the NSA Metadata Program

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar, Matt Green, Noah Kunin, Payman Mohassel, Kurt Rohloff, Chris Soghoian and Marcy Wheeler June 5 th, 2013 1

### Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

### Victor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract

Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart

### Lecture 5 - CPA security, Pseudorandom functions

Lecture 5 - CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.

### Storage Systems Autumn 2009

Storage Systems Autumn 2009 Chapter 5: Securely Auditing André Brinkmann Sources Different Publications Slides from Randal Burns, Johns Hopkins University, USA Awkward for large data What s wrong with

### Cryptography for the Cloud

Cryptography for the Cloud ENS - CNRS - INRIA Cyber-Sécurité - SPECIF CNAM, Paris, France - November 7th, 2014 The Cloud Introduction 2 Access from Anywhere Introduction 3 Available for Everything One

### How Efficient can Memory Checking be?

How Efficient can Memory Checking be? Cynthia Dwork Moni Naor Guy N. Rothblum Vinod Vaikuntanathan Abstract We consider the problem of memory checking, where a user wants to maintain a large database on

### Enable Public Audit ability for Secure Cloud Storage

Enable Public Audit ability for Secure Cloud Storage Leela Poornima 1, D.Hari Krishna 2 1 Student, Nova College of Engineering and Technology, Ibrahimpatnam,Krishna Dist., Andhra Pradesh, India 2 Assistant

### Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.

Volume 3, Issue 5, May 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Privacy - Preserving

### Authentication and Encryption: How to order them? Motivation

Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in

### Comments on "public integrity auditing for dynamic data sharing with multi-user modification"

University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic

### Lecture 2: Complexity Theory Review and Interactive Proofs

600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography

### Public Key Encryption that Allows PIR Queries

Public Key Encryption that Allows PIR Queries Dan Boneh Eyal Kushilevitz Rafail Ostrovsky William E Skeith III Appeared at CRYPTO 2007: 50-67 Abstract Consider the following problem: Alice wishes to maintain

### Digital Signatures. What are Signature Schemes?

Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counter-parts of the message authentication schemes in the public

### Securing Network Audit Logs on Untrusted Machines. Bruce Schneier. schneier@counterpane.com

Securing Network Audit Logs on Untrusted Machines Bruce Schneier schneier@counterpane.com Counterpane Systems 101 East Minnehaha Parkway, Minneapolis, MN 55419 (612) 823-1098 Fax: (612) 823-1590 RAID Louvain-la-Neuve

### Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory.

Proof of Freshness: How to efficiently use an online single secure clock to secure shared untrusted memory. Marten van Dijk, Luis F. G. Sarmenta, Charles W. O Donnell, and Srinivas Devadas MIT Computer

### Cloud Data Storage Services Considering Public Audit for Security

Global Journal of Computer Science and Technology Cloud and Distributed Volume 13 Issue 1 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals

### Hey! Cross Check on Computation in Cloud

Hey! Cross Check on Computation in Cloud Ajeet Singh Rajput Computer Science and Engineering Department S.D.B.C.T, Mhow Road,Indore,(M.P), India ajeetsinghrajput@gmail.com M.E.(CSE), S.D.B.C.T, Indore

### Secure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure

Secure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure Fei Chen, Tao Xiang, Yuanyuan Yang, Cong Wang, Shengyu Zhang Department of Computer

### SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Volume 1, Issue 7, PP:, JAN JUL 2015. SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD B ANNAPURNA 1*, G RAVI 2*, 1. II-M.Tech Student, MRCET 2. Assoc. Prof, Dept.

### How Efficient can Memory Checking be?

How Efficient can Memory Checking be? Cynthia Dwork 1, Moni Naor 2,, Guy N. Rothblum 3,, and Vinod Vaikuntanathan 4, 1 Microsoft Research 2 The Weizmann Institute of Science 3 MIT 4 IBM Research Abstract.

### Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

### PCPOR: Public and Constant-Cost Proofs of Retrievability in Cloud

PCPOR: Public and Constant-Cost Proofs of Retrievability in Cloud Jiawei Yuan and Shucheng Yu jxyuan@ualr.edu and sxyu1@ualr.edu Department of Computer Science University of Arkansas at Little Rock Little

### Proofs in Cryptography

Proofs in Cryptography Ananth Raghunathan Abstract We give a brief overview of proofs in cryptography at a beginners level. We briefly cover a general way to look at proofs in cryptography and briefly

MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and

### Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction 1 Priyadharshni.A, 2 Geo Jenefer.G 1 Master of engineering in computer science, Ponjesly College of Engineering 2 Assistant Professor,

### preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Privacy-Preserving Public Auditing For Secure Cloud Storage ABSTRACT: Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared

### Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database

### Secure Auditing and Deduplicating Data in Cloud

IEEE TRANSACTIONS ON COMPUTERS VOL: PP NO: 99 YEAR 2015 Secure Auditing and Deduplicating Data in Cloud 1 Jingwei Li, Jin Li, Dongqing Xie and Zhang Cai Abstract As the cloud computing technology develops

### Privacy Preserving String Pattern Matching on Outsourced Data

Privacy Preserving String Pattern Matching on Outsourced Data Thesis submitted in partial fulfillment of the requirements for the degree of MS By Research in CSE by Bargav Jayaraman 201207509 bargav.jayaraman@research.iiit.ac.in

### Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

### MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial

### Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical public-key

### Efficient Similarity Search over Encrypted Data

UT DALLAS Erik Jonsson School of Engineering & Computer Science Efficient Similarity Search over Encrypted Data Mehmet Kuzu, Saiful Islam, Murat Kantarcioglu Introduction Client Untrusted Server Similarity

### Secure Mediation of Join Queries by Processing Ciphertexts

Secure Mediation of Join Queries by Processing Ciphertexts Joachim Biskup, Christian Tsatedem and Lena Wiese Germany SECOBAP 07 Marmara Hotel, Istanbul April 20, 2007 1/23 Overview Introduction and Problem

### A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA Mr.Mahesh S.Giri Department of Computer Science & Engineering Technocrats Institute of Technology Bhopal, India

### Message Authentication Codes 133

Message Authentication Codes 133 CLAIM 4.8 Pr[Mac-forge A,Π (n) = 1 NewBlock] is negligible. We construct a probabilistic polynomial-time adversary A who attacks the fixed-length MAC Π and succeeds in

### Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage Priyanga.R 1, Maheswari.B 2, Karthik.S 3 PG Scholar, Department of CSE, SNS College of technology, Coimbatore-35,

### Dynamic Searchable Encryption in Very Large Databases: Data Structures and Implementation

Dynamic Searchable Encryption in Very Large Databases: Data Structures and Implementation David Cash, Joseph Jaeger, Stanislaw Jarecki, Charanjit Jutla, Hugo Krawczyk, Marcel Roşu and Michael Steiner Rutgers

### CryptoVerif Tutorial

CryptoVerif Tutorial Bruno Blanchet INRIA Paris-Rocquencourt bruno.blanchet@inria.fr November 2014 Bruno Blanchet (INRIA) CryptoVerif Tutorial November 2014 1 / 14 Exercise 1: preliminary definition SUF-CMA

### 1 Domain Extension for MACs

CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures Katz-Lindell Ÿ4.34.4 (2nd ed) and Ÿ12.0-12.3 (1st ed).

### Secure Deduplication of Encrypted Data without Additional Independent Servers

Secure Deduplication of Encrypted Data without Additional Independent Servers Jian Liu Aalto University jian.liu@aalto.fi N. Asokan Aalto University and University of Helsinki asokan@acm.org Benny Pinkas

### Multi-Input Functional Encryption for Unbounded Arity Functions

Multi-Input Functional Encryption for Unbounded Arity Functions Saikrishna Badrinarayanan, Divya Gupta, Abhishek Jain, and Amit Sahai Abstract. The notion of multi-input functional encryption (MI-FE) was

### Merkle Hash Trees for Distributed Audit Logs

Merkle Hash Trees for Distributed Audit Logs Subject proposed by Karthikeyan Bhargavan Karthikeyan.Bhargavan@inria.fr April 7, 2015 Modern distributed systems spread their databases across a large number

### Computational Soundness of Symbolic Security and Implicit Complexity

Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 3-7, 2013 Overview

### VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

### Two Factor Zero Knowledge Proof Authentication System

Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted

### Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming

### Hosting Services on an Untrusted Cloud

Hosting Services on an Untrusted Cloud Dan Boneh 1(B), Divya Gupta 2, Ilya Mironov 3, and Amit Sahai 2 1 Stanford University, Stanford, CA, USA dabo@cs.stanford.edu 2 UCLA and Center for Encrypted Functionalities,

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### Ch.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis

Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography

### Improved Online/Offline Signature Schemes

Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion

### Currency and Correctness of Content in Object Storage Networks

Currency and Correctness of Content in Object Storage Networks Organization: The Johns Hopkins University 3400 N. Charles St. Baltimore, MD USA 21218 Technical Contacts: Randal Burns 224 New Engineering

### Privacy Preserving Public Auditing for Data in Cloud Storage

Privacy Preserving Public Auditing for Data in Cloud Storage M.Priya 1, E. Anitha 2, V.Murugalakshmi 3 M.E, Department of CSE, Karpagam University, Coimbatore, Tamilnadu, India 1, 3 M.E, Department of

### QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)

### I. Introduction. A. Related Work

PUBLIC VERIFIABILITY AND DATA DYNAMICS IN CLOUD SERVER P.Saranya, Roever Engineering College; S.Vishnupriya, Roever Engineering College; E.Elangovan, PRIST University Abstract- Cloud computing stores the

### 15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN

### Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

### Energy Efficiency in Secure and Dynamic Cloud Storage

Energy Efficiency in Secure and Dynamic Cloud Storage Adilet Kachkeev Ertem Esiner Alptekin Küpçü Öznur Özkasap Koç University Department of Computer Science and Engineering, İstanbul, Turkey {akachkeev,eesiner,akupcu,oozkasap}@ku.edu.tr

### EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY Siliveru Ashok kumar* S.G. Nawaz ## and M.Harathi # * Student of M.Tech, Sri Krishna Devaraya Engineering College, Gooty # Department

### Secure Cloud StorageForPrivacy-Preserving Public Audit

RESEARCH ARTICLE OPEN ACCESS Secure Cloud StorageForPrivacy-Preserving Public Audit ShekhAhamadhusen D., Prof. Rahul Deshmukh Abstract- In Cloud Environment, using cloud storage service, users can remotely

### 1 Signatures vs. MACs

CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures

### Democratic Group Signatures on Example of Joint Ventures

Democratic Group Signatures on Example of Joint Ventures Mark Manulis Horst-Görtz Institute Ruhr-University of Bochum D-44801, Germany EMail: mark.manulis@rub.de Abstract. In the presence of economic globalization

### Chosen-Ciphertext Security from Identity-Based Encryption

Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes

### Ensuring Data Storage Security in Cloud Computing

Ensuring Data Storage Security in Cloud Computing Cong Wang 1, Qian Wang 1, Kui Ren 1, and Wenjing Lou 2 1 ECE Department, Illinois Institute of Technology 2 ECE Department, Worcester Polytechnic Institute

### Lecture 13. Lecturer: Yevgeniy Dodis Spring 2012

CSCI-GA.3210-001 MATH-GA.2170-001 Introduction to Cryptography April 18, 2012 Lecture 13 Lecturer: Yevgeniy Dodis Spring 2012 This lecture is dedicated to constructions of digital signature schemes. Assuming

### Verifying Remote Data Integrity in Peer-to-Peer Data Storage: a Comprehensive Survey of Protocols

PPNA-251 1 Verifying Remote Integrity in Peer-to-Peer Storage: a Comprehensive Survey of Protocols Nouha Oualha *, Jean Leneutre and Yves Roudier * CEA, LIST Communicating Systems Laboratory Bât. 451 PC

### Publicly Verifiable Conjunctive Keyword Search in Outsourced Databases

Publicly Verifiable Conjunctive Keyword Search in Outsourced Databases Monir Azraoui, Kaoutar Elkhiyaoui, Melek Önen, Refik Molva EURECOM, Sophia Antipolis, France {azraoui, elkhiyao, onen, molva}@eurecom.fr

### Breaking An Identity-Based Encryption Scheme based on DHIES

Breaking An Identity-Based Encryption Scheme based on DHIES Martin R. Albrecht 1 Kenneth G. Paterson 2 1 SALSA Project - INRIA, UPMC, Univ Paris 06 2 Information Security Group, Royal Holloway, University

### Secure Way of Storing Data in Cloud Using Third Party Auditor

IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 12, Issue 4 (Jul. - Aug. 2013), PP 69-74 Secure Way of Storing Data in Cloud Using Third Party Auditor 1 Miss.

### Privacy-Providing Signatures and Their Applications. PhD Thesis. Author: Somayeh Heidarvand. Advisor: Jorge L. Villar

Privacy-Providing Signatures and Their Applications PhD Thesis Author: Somayeh Heidarvand Advisor: Jorge L. Villar Privacy-Providing Signatures and Their Applications by Somayeh Heidarvand In fulfillment

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### Linearity and Group Homomorphism Testing / Testing Hadamard Codes

Title: Linearity and Group Homomorphism Testing / Testing Hadamard Codes Name: Sofya Raskhodnikova 1, Ronitt Rubinfeld 2 Affil./Addr. 1: Pennsylvania State University Affil./Addr. 2: Keywords: SumOriWork:

### Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

### 9 Digital Signatures: Definition and First Constructions. Hashing.

Leo Reyzin. Notes for BU CAS CS 538. 1 9 Digital Signatures: Definition and First Constructions. Hashing. 9.1 Definition First note that encryption provides no guarantee that a message is authentic. For

### ISSN 2278-3091. Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

Outsourcing and Discovering Storage Inconsistencies in Cloud Through TPA Sumathi Karanam 1, GL Varaprasad 2 Student, Department of CSE, QIS College of Engineering and Technology, Ongole, AndhraPradesh,India

### Computing on Encrypted Data

Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy

### Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 Security Analytics Crypto and Privacy Technologies Infrastructure Security 60+ members Framework and Taxonomy Chair - Sree Rajan, Fujitsu

### 1 Formulating The Low Degree Testing Problem

6.895 PCP and Hardness of Approximation MIT, Fall 2010 Lecture 5: Linearity Testing Lecturer: Dana Moshkovitz Scribe: Gregory Minton and Dana Moshkovitz In the last lecture, we proved a weak PCP Theorem,

### Constant-Round Leakage-Resilient Zero-Knowledge Arguments of Knowledge for NP

Constant-Round Leakage-Resilient Zero-Knowledge Arguments of Knowledge for NP Hongda Li, Qihua Niu, Guifang Huang 1 The Data Assurance and Communication Security Research Center 2 State Key Lab of Information