BCD Edition-5
Welcome to the Bengaluru Crypto Day, 5th edition. We will have a day full of exciting topics in cryptography presented by leading researchers and students.Speakers
Venue
CSA Seminar hall, room #104
Schedule
| Time | Speaker | Title | ||||||
|---|---|---|---|---|---|---|---|---|
| 09:00 - 09:05 | Welcome | |||||||
Research presentations | ||||||||
| 09:05 - 10:00 | Yashwanth | Separating Broadcast from Cheater Identification
Secure Multiparty Computation (MPC) protocols that achieve Identifiable Abort (IA) guarantee honest parties that in the event that they are denied output, they will be notified of the identity of at least one corrupt party responsible for the abort. Cheater identification provides recourse in the event of a protocol failure, and in some cases can even be desired over Guaranteed Output Delivery. However, protocols in the literature typically make use of broadcast as a necessary tool in identifying cheaters. In many deployments, the broadcast channel itself may be the most expensive component. In this work, we investigate if it is inherent that MPC with IA should bear the full complexity of broadcast. As the implication of broadcast from IA has been established in previous work, we relax our target to circumvent this connection: we allow honest parties to differ in which cheaters they identify, nonetheless retaining the ability to prove claims of cheating to an auditor. We show that in the honest majority setting, our notion of Provable Identifiable Selective Abort (PISA) can be achieved without a traditional broadcast channel. Indeed, broadcast in this setting—which we term Broadcast with Selective Identifiable Abort (BC-IA)—is achievable in only two point-to-point rounds with a simple echoing technique. On the negative side, we also prove that BC-IA is impossible to achieve in the dishonest majority setting. As a general result, we show that any MPC protocol that achieves IA with r broadcasts, can be compiled to one that achieves PISA with 2(r+1) point to point rounds. As a practical application of this methodology, we design, implement, and benchmark a six-round honest majority threshold ECDSA protocol that achieves PISA, and can be deployed in any environment with point to point communication alone.
|
||||||
| 10:05 - 11:00 | Amrita | Robustness against Poisoning under Local Differential Privacy
Today, data is generated on billions of smart devices at the edge, leading to a decentralized data ecosystem comprising multiple data owners (clients) and a service provider (server). The clients interact with the server with their personal data for specific services, while the server performs analysis on the joint dataset. However, as an untrusted entity, the server is often incentivized to extract as much information as possible, potentially compromising the clients' privacy. Local Differential Privacy (LDP) has emerged as a leading solution for privacy in decentralized data analytics. Yet, as its adoption grows, it is essential to examine its vulnerabilities. The decentralized nature of LDP makes it vulnerable to poisoning attacks, where adversaries can inject fake clients that provide poisoned or malformed data. In this talk, we will explore solutions to provide provable robustness against such attacks. Specifically, we will analyze how LDP protocols possess a unique characteristic that distinguishes them from non-private ones —the clear separation between the input and the final response (obtained after randomization). This separation provides adversaries with two distinct opportunities to tamper with the data. We will discuss strategies to mitigate both types of tampering by applying them in real-world settings and exploring the associated challenges.
|
||||||
| 11:00 - 11:15 | Tea/Coffee break | |
||||||
| 11:15 - 12:10 | Surbhi | Post-quantum Secure Deterministic Wallet from Isogeny-based Signatures with Rerandomized Keys
Deterministic wallets are promising cryptographic primitives that are employed in cryptocurrencies to safeguard user’s fund. In CCS’19, a generic construction of deterministic wallets was proposed by Das et al. leveraging signature schemes with rerandomizable keys. Unfortunately, the existing proposals for deterministic wallets are undesirable for practical applications. While some schemes lack formal security proof, others are susceptible to quantum attacks or necessitate impractically large parameters to achieve security. In our work, we offer a strategy for post-quantum migration of secure deterministic wallets based on isogenies. Rerandomizable signatures being at the center of the wallet construction, we initially propose ways to design such signature schemes from isogenies. Employing the signature schemes CSI-FiSh and CSI-SharK, we present two quantum-resistant signature schemes with rerandomizable keys. Finally, we integrate our rerandomized signature scheme from CSI-FiSh to design the first isogeny-based deterministic wallet with a compact key size that is secure against wallet unlinkability and wallet unforgeability.
|
||||||
| 12:15 - 13:30 | Lunch Break | |
||||||
Interactive sessions | ||||||||
| 13:30 - 15:00 | Student talks session-1 | |||||||
| 15:00 - 15:15 | Tea/Coffee break | | 15:15 - 16:45 |
Student talks session-2 |
|
16:50 - 17:00 |
Closing remarks |
|
|