2 September 2024, University of St. Gallen
·Thank you to everyone who contributed to making Swiss Crypto Day 24 a fantastic event! Also, thanks to our main sponsors - City of St. Gallen, Canton of St. Gallen and HSG Committee for Equality Diversity & Inclusion!
Next year’s Swiss Crypto Day will be organized at USI.
Program
| 8:45-9:00 | Registrations & Arrivals | |
| 9:00-9:15 | Opening Remarks slides | |
| 9:15-9:45 | Nan Cheng (University of St. Gallen) | |
| Communication Optimization in SS-FSS Hybrid 2PC slides | ||
Calculating the distance between two non-normalized vectors X and Y using cos(X,Y), and comparing it to a predefined threshold τ, is crucial in privacy-sensitive applications such as biometric authentication, identification, machine learning algorithms (e.g., linear regression, k-nearest neighbors), and typo-tolerant password-based authentication. To enhance secure computation efficiency in this context, we propose a communication optimization method utilizing a novel building block, CondEval, conditionally (depends on a boolean secret sharing) evaluate a function secret sharing gate in one round. CondEval is designed to operate effectively in both semi-honest and malicious settings. By evaluating protocols derived from CondEval in the context of voice-based biometric authentication, the results demonstrated notable efficiency improvements over existing SOTAs. In this talk, I will give a step-by-step introduction to this technique and show its impact in practical application. |
||
| 9:45-10:15 | Chen-Da Liu-Zhang (Lucerne University of Applied Sciences and Arts & Web3 Foundation) | |
| Asynchronous Multi-Party Computation with Linear Communication and Optimal Resilience slides Secure multi-party computation (MPC) allows a set of parties to jointly compute a function over their private inputs. The seminal works of Ben-Or, Canetti and Goldreich [STOC ‘93] and Ben-Or, Kelmer and Rabin [PODC ‘94] settled the feasibility of MPC over asynchronous networks. Despite the significant line of work devoted to improving the communication complexity, current protocols with information-theoretic security and optimal resilience communicate \Omega(n^4C) field elements for a circuit with C multiplication gates. In contrast, synchronous MPC protocols with O(nC) communication have long been known. In this work we provide the first asynchronous MPC protocol with optimal resilience and linear O(nC) communication. The protocol makes black-box use of an asynchronous complete secret-sharing (ACSS) protocol, where the cost per multiplication reduces to the cost of distributing a constant number of sharings via ACSS, improving a linear factor over the state of the art by Choudhury and Patra [IEEE Trans. Inf. Theory ‘17]. Instantiating the ACSS with the concurrent work by Ji, Li and Song [CRYPTO ‘24] achieving linear cost per sharing, the result follows. |
||
| 10:15-10:45 | Break | |
| 10:45-11:15 | Anna-Lena Horlemann (University of St. Gallen) | |
| Code-based cryptography in different metrics slides Classically code-based cryptography uses the Hamming metric, however, one can replace it by any other coding metric and the respective isometries, as long as the metric is defined on a vector space (as the ambient space). The most studied alternative metric in code-based cryptography is the rank metric, for which many results are known. Furthermore, the Lee and the sum-rank metric have recently gotten a lot of attention in this context. We will give an overview of known results and open questions for those metrics, including: 1. public key cryptosystems, 2. identification schemes and digital signatures, 3. generic decoding, 4. structural attacks on public keys. Finally, we will show how the metrics are related to each other (or other metrics) and which metric bears similarities with lattice-based cryptography. |
||
| 11:15-11:45 | Abhinaba Mazumder and Michael Schaller (UZH) | |
| Information Set Decoding for Convolutional Codes slides We present generic decoding algorithms for McEliece type systems that use (non-tail-biting) convolutional codes and show how to use them to reduce the security of two proposed cryptosystems. We were able to successfully recover many of the errors used in the encryption in less than 10 hours. |
||
| 11:45-12:15 | Luca De Feo (IBM) | |
| The Isogeny Toolbox slides They say it’s hard compute an isogeny between any two elliptic curves, and yet they spend their time computing them. Isogeny people have played us for absolute fools! What does “compute” even mean for an isogeny, anyway? If you think you know, think twice. I, for one, change definition every other day. The truth is that as we kept discovering more and more algorithms / protocols / attacks, our understanding of what it means to compute an isogeny has changed, and some protocols we believed were secure were lost in the process, while others were created. In this talk I will explain how our understanding of isogeny computations has changed over time and what it means for cryptography. |
||
| 12:15-13:15 | Lunch and Mentoring Session | |
| 13:15-13:45 | Anwar Hithnawi (ETH Zürich) | |
| Democratizing Privacy-Preserving Computation The potential of data to transform science and society has spurred unparalleled efforts to collect it in increasingly sensitive and granular forms, which has raised a variety of societal concerns about how this data is handled and used. Though today, at-rest and in-transit encryption are standard practices, these alone are insufficient to address the security and privacy needs of emerging complex data-driven applications in inherently privacy-sensitive domains. Moreover, these applications frequently require sharing and disclosing data for legitimate reasons. Nonetheless, prevailing data-sharing practices in these systems often disregard privacy considerations, leading to numerous instances of data misuse and abuse. In the past few decades, cryptographers have developed an array of theoretical techniques that, in principle, could address the security and privacy needs of these applications, including secure computation and privacy-enhancing techniques. The increasing urgency in addressing security and privacy concerns within these complex environments has generated a growing demand to transition these theoretical techniques into practice. While these techniques promise to enhance privacy and security for sensitive data, realizing their full potential in practice remains challenging. In this talk, I will discuss and motivate research on making privacy-preserving technologies more accessible and easier to develop and deploy. Throughout the talk, I will discuss the prevalent challenges of efficiency, functionality, and accessibility in this research area. |
||
| 13:45-14:15 | Florian Tramer (ETH Zürich) | |
| Stealing a Generative AI’s Secrets (responsibly) slides Companies that develop generative AI tools such as ChatGPT keep most development and deployment details secret. We typically don’t know what the underlying model looks like (or how big it is), what it was trained on, or what safety measures are applied. In this talk, I’ll show how we reverse-engineered such secrets from various production systems, and draw some connections to cryptographic problems. I’ll conclude with a discussion of responsible disclosure practices in today’s AI world, and how we might improve them. |
||
| 14:15-14:35 | Break | |
| 14:35-15:05 | Francesco Regazzoni (University of Amsterdam and Università della Svizzera italiana) | |
| Processor Customization for Side Channel Resistance |
||
| 15:05-15:35 | Tommaso Gagliardoni (Kudelski security/Nagra) | |
| 2024 Update on Shufflecake: Plausible Deniability Is Even Sweeter slides Shufflecake is an open-source data encryption tool that allows creation of hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. This is useful for people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes. You can consider Shufflecake a “spiritual successor” of tools such as TrueCrypt and VeraCrypt, but vastly improved: it is fast, supports any filesystem of choice, and can concurrently manage multiple layers of nested decoy volumes, so to improve user experience and make deniability of the existence of these partitions really plausible. Shufflecake is the result of a multi-year research aimed at solving fundamental limitations of plausible deniability tools. It is under active development, and after the initial success (DEF CON Demo Labs, ACM CCS, and others) the community of contributors is growing, bringing new ideas and results to the table. In this talk we will present the history and limitations of other existing solutions, we will show how Shufflecake works and solves such limitations, and we will highlight recent improvements, both theoretical and practical. In particular, we will announce the release of the “Lite” version of Shufflecake, and we will present the official roadmap and plans for the release of the first Shufflecake-powered fully hidden OS. |
||
| 15:35-15:55 | Break | |
| 15:55-16:25 | Giacomo Fenzi (EPFL) | |
| STIR: Reed–Solomon Proximity Testing with Fewer Queries slides We present STIR (Shift To Improve Rate), an interactive oracle proof of proximity (IOPP) for Reed–Solomon codes that achieves the best known query complexity of any concretely efficient IOPP for this problem. For λ bits of security, STIR has query complexity O(log d+λ· loglog d), while FRI, a popular protocol, has query complexity O(λ·log d) (including variants of FRI based on conjectured security assumptions). STIR relies on a new technique for recursively improving the rate of the tested Reed–Solomon code. We provide an implementation of STIR compiled to a SNARK. Compared to a highly optimized implementation of FRI, STIR achieves an improvement in argument size that ranges from 1.25× to 2.46× depending on the chosen parameters, with similar prover and verifier running times. For example, in order to achieve 128 bits of security for degree 226 and rate 1/4, STIR has argument size 114 KiB, compared to 211 KiB for FRI. |
||
| 16:25-16:55 | Ziyi Guan (EPFL) | |
| Security Bounds for Proof-Carrying Data from Straightline Extractors slides Proof-carrying data (PCD) is a widely used cryptographic primitive that can be obtained by recursively-composing SNARKs or related primitives. However, these constructions do not come with security analyses that yield useful concrete security bounds. In this work we show that the PCD obtained from SNARKs with straightline knowledge soundness has essentially the same security as the underlying SNARK. In this setting, recursive composition incurs no security loss. As a notable application, our work offers an idealized model that provides useful, albeit heuristic, guidance for setting the security parameters of recursive STARKs currently used in blockchain systems. Based on https://eprint.iacr.org/2023/1646.pdf, joint work with Alessandro Chiesa, Shahar Samocha, and Eylon Yogev. |
||
| 16:55-17:10 | Closing Remarks slides | |
Mentoring Event
We are excited to announce a special mentoring session during the Swiss Crypto Day workshop on September 2nd at HSG. This session will take place during the 12:15 - 13:15 lunch break and offers a unique opportunity for students to engage in 1:1 mentoring with experienced professionals from academia and industry. We kindly invite all students to register with the following link. Spaces are limited, so be sure to secure your spot early!
Sponsors
 |
 |
 |
Mailing list
To subscribe to the mailing list, please visit list.inf.unibe.ch or send an empty email to: swisscryptoday-join@list.inf.unibe.ch.