CryptoDB
Mayank Varia
Publications
Year
Venue
Title
2022
CRYPTO
Universally Composable End-to-End Secure Messaging
📺
Abstract
We model and analyze the Signal end-to-end messaging protocol within the UC framework. In particular:
- We formulate an ideal functionality that captures end-to-end secure messaging, in a setting with PKI and an untrusted server, against an adversary that has full control over the network and can adaptively and momentarily compromise parties at any time and obtain their entire internal states. In particular our analysis captures the forward secrecy and recovery-of-security properties of Signal and the conditions under which they break.
- We model the main components of the Signal architecture (PKI and long-term keys, the backbone continuous-key-exchange or "asymmetric ratchet," epoch-level symmetric ratchets, authenticated encryption) as individual ideal functionalities that are realized and analyzed separately and then composed using the UC and Global-State UC theorems.
- We show how the ideal functionalities representing these components can be realized using standard cryptographic primitives under minimal hardness assumptions.
Our modeling introduces additional innovations that enable arguing about the security of Signal irrespective of the underlying communication medium, as well as secure composition of dynamically generated modules that share state. These features, together with the basic modularity of the UC framework, will hopefully facilitate the use of both Signal-as-a-whole and its individual components within cryptographic applications.
Two other features of our modeling are the treatment of fully adaptive corruptions, and making minimal use of random oracle abstractions. In particular, we show how to realize continuous key exchange in the plain model, while preserving security against adaptive corruptions.
2021
PKC
Two-server Distributed ORAM with Sublinear Computation and Constant Rounds
📺
Abstract
Distributed ORAM (DORAM) is a multi-server variant of Oblivious RAM. Originally proposed to lower bandwidth, DORAM has recently been of great interest due to its applicability to secure computation in the RAM model, where the circuit complexity and rounds of communication are equally important metrics of efficiency. All prior DORAM constructions either involve linear work per server (e.g., Floram) or logarithmic rounds of communication between servers (e.g., square root ORAM). In this work, we construct the first DORAM schemes in the 2-server, semi-honest setting that simultaneously achieve sublinear server computation and constant rounds of communication. We provide two constant-round constructions, one based on square root ORAM that has O(sqrt{N} log N) local computation and another based on secure computation of a doubly efficient PIR that achieves local computation of O(N^e) for any e > 0 but that allows the servers to distinguish between reads and writes. As a building block in the latter construction, we provide secure computation protocols for evaluation and interpolation of multi- variate polynomials based on the Fast Fourier Transform, which may be of independent interest.
Program Committees
- Crypto 2022
Coauthors
- Ran Canetti (4)
- Ariel Hamlin (1)
- Gene Itkis (1)
- Palak Jain (1)
- Yael Tauman Kalai (1)
- Guy N. Rothblum (1)
- Emily Shen (1)
- Marika Swanberg (1)
- Mayank Varia (6)
- Daniel Wichs (1)
- David Wilson (1)
- Arkady Yerukhimovich (1)