CRYPTO WORKING GROUP
Friday, June 02, 2023
De Kargadoor (http://www.kargadoor.nl/utrecht/zaalverhuur.html)
Oudegracht 36, Utrecht
Program
10:45 - 11:30 Robert Subroto (RU)
Decomposition of finite commutative semisimple group algebras, and some applications in cryptography
11:30 - 11:45 Coffee / tea break
11:45 - 12:30 Mike Hamburg (Rambus)
Constant-sum encoding
12:30 - 14:00 Lunch break (lunch not included)
14:00 - 14:45 Chenglu Jin (CWI)
Towards Remote Verifiable Computation without Digital Secrets
14:45 - 15:00 Coffee / tea break
15:00 - 15:45 Zekeriya Erkin (TU Delft)
Financial Crime Detection with Privacy
--------------------------------------------------------------------------------
Abstracts
--------------------------------------------------------------------------------
Robert Subroto (RU)
*Decomposition of finite commutative semisimple group algebras, and some applications in cryptography*
We present a full decomposition of finite commutative semisimple group algebras, which are a type of algebraic objects with many applications in coding theory and cryptography.
Important results include a formula for counting the number of simple components, together with a strong criterion to determine invertibility of elements in the group algebra.
Besides being of mathematical interest, these results are also useful for studying algebraic properties of certain cryptographic functions which rely on these group algebras.
An interesting example are Circulant Column Parity Mixers (CCPMs), which are a class of linear boolean functions used in well-known cryptographic primitives like Keccak-f and Xoodoo.
These CCPMs can be redefined as module endomorphisms over such a group algebra, giving it a more simplified and natural flavour.
By doing so, many non-trivial results are now trivial consequences of results of the decomposition of the group algebra.
Another interesting application can be found in the the post-quantum cryptographic scheme LEDAcrypt, where they rely on verifying invertibility of circulant matrices in an efficient way.
This again relates to the structure of the decomposition of the group algebra.
--------------------------------------------------------------------------------
Mike Hamburg (Rambus)
*Constant-sum encoding*
One-time signatures such as XMSS, LMS and SPHINCS+ need to encode hashes of messages so that the encoding one hash cannot, in every position, be greater or equal to the encoding of another hash. They achieve this using a checksum encoding technique. If we could instead use a constant-sum encoding technique, then signatures would have constant signing and verification time, and might also be slightly smaller and faster. However, constant-sum encoding is rather complicated, and with existing proposals requires either large tables or large binomial coefficient calculations. Here I will go over some new ideas to make these algorithms smaller and more efficient.
--------------------------------------------------------------------------------
Chenglu Jin (CWI)
*Towards Remote Verifiable Computation without Digital Secrets*
he development of secure processor architecture technology has seen many challenges. It turns out difficult to implement efficient resource sharing and at the same time eliminate or protect against side channels as a result of shared caches and other buffers. For this reason, implemented hardware isolation cannot provide confidential computing (as of yet). Nevertheless, the hardware isolation for access control as implemented by micro code and added circuitry cannot be circumvented and this allows for verifiable computation. However, even though computations can be isolated in enclaves, how can we provide remote attestation of computed output? Remote attestation requires digital secrets which may leak due to side channels. We show two puzzle pieces which together can be used to implement remote attestation without secure digital computation or digital secrets: We use a strong PUF for masking ‘session signing keys’ and we use these in a new one-time signature primitive. In essence, computing a signature for an output boils down to directly reading out a signature from unmasked digital storage.
--------------------------------------------------------------------------------
Zekeriya Erkin (TU Delft)
*Financial Crime Detection with Privacy*
Privacy-enhancing technologies, particularly MPC, have been questioned about their practicality. Last summer, a competition was organized by the USA and UK governments ( U.S.-U.K. PETs Prize Challenges), where privacy researchers were tasked to solve the fraud detection problem using machine learning algorithms while providing privacy guarantees to banks and their users. For this purpose, we developed the cryptographic part of the solution, where the result is a custom protocol that allows payment providers to check whether a user's credentials match the credentials in a bank's database without the bank learning any information about the user. At the same time, the payment provider never has access to the bank's database. These seemingly-impossible constructions are made possible using a particular type of encryption called homomorphic encryption. The competition results show that privacy-enhancing technologies are fast enough to be practically deployable. They provide solutions for problems that are otherwise hard to address without exposing private data.
We are glad to announce that our team from the Delft University of Technology and researchers from the University of Washington Tacoma won second place as the "PPML Huskies" team.
In this talk, we will investigate the proposed approach that wins a prize and the competition itself.