Your search keyword '"Manuel Barbosa"' showing total 10 results

1. SoK: Computer-Aided Cryptography

Author

Gilles Barthe, Karthikeyan Bhargavan, Bryan Parno, Bruno Blanchet, Kevin Liao, Manuel Barbosa, Cas Cremers, Institute for Systems and Computer Engineering, Technology and Science [Porto] (INESC TEC), Faculdade de Ciências da Universidade do Porto (FCUP), Universidade do Porto = University of Porto, Max Planck Institute for Security and Privacy [Bochum] (MPI Security and Privacy), Institute IMDEA Software [Madrid], Programming securely with cryptography (PROSECCO), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Helmholtz Center for Information Security [Saarbrücken] (CISPA), Massachusetts Institute of Technology (MIT), Carnegie Mellon University [Pittsburgh] (CMU), Work by Manuel Barbosa was supported by National Funds through the Portuguese Foundation for Science and Technology (FCT) under project PTDC/CCI-INF/31698/2017. Work by Gilles Barthe was supported by the Office of Naval Research (ONR) under project N00014-15-1-2750. Work by Karthik Bhargavan was supported by the European Research Council (ERC) under the European Unions Horizon 2020 research and innovation programme (grant agreement no.683032 - CIRCUS). Work by Bruno Blanchet was supported by the French National Research Agency (ANR) under project TECAP (decision no. ANR-17-CE39-0004-03). Work by Kevin Liao was supported by the National Science Foundation (NSF) through a Graduate Research Fellowship. Work by Bryan Parno was supported by a gift from Bosch, a fellowship from the Alfred P. Sloan Foundation, the NSF under Grant No.1801369, and the Department of the Navy, Office of Naval Research under Grant No. N00014-18-1-2892., ANR-17-CE39-0004,TECAP,Analyse de protocoles - unir les outils existants(2017), European Project: 683032,H2020 ERC,ERC-2015-CoG,CIRCUS(2016), Universidade do Porto, and Programming securely with cryptography (PROSECCO )

Subjects

Focus (computing), Correctness, Standardization, Scope (project management), business.industry, Computer science, 020207 software engineering, Cryptography, 02 engineering and technology, Data science, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Taxonomy (general), 0202 electrical engineering, electronic engineering, information engineering, Computer-aided, 020201 artificial intelligence & image processing, business

Abstract

International audience; Computer-aided cryptography is an active area of research that develops and applies formal, machine-checkable approaches to the design, analysis, and implementation of cryptography. We present a cross-cutting systematization of the computer-aided cryptography literature, focusing on three main areas: (i) design-level security (both symbolic security and computational security), (ii) functional correctness and efficiency, and (iii) implementation-level security (with a focus on digital side-channel resistance). In each area, we first clarify the role of computer-aided cryptography-how it can help and what the caveats are-in addressing current challenges. We next present a taxonomy of state-of-the-art tools, comparing their accuracy, scope, trustworthiness, and usability. Then, we highlight their main achievements, trade-offs, and research challenges. After covering the three main areas, we present two case studies. First, we study efforts in combining tools focused on different areas to consolidate the guarantees they can provide. Second, we distill the lessons learned from the computer-aided cryptography community's involvement in the TLS 1.3 standardization effort. Finally, we conclude with recommendations to paper authors, tool developers, and standardization bodies moving forward.

Published

2021

2. Algebraic Adversaries in the Universal Composability Framework

Author

Michel Abdalla, Manuel Barbosa, Jonathan Katz, Julian Loss, Jiayu Xu, Laboratoire d'informatique de l'école normale supérieure (LIENS), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Université Paris sciences et lettres (PSL), Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), DFINITY Foundation [Zurich], Faculdade de Ciências da Universidade do Porto (FCUP), Universidade do Porto = University of Porto, Institute for Systems and Computer Engineering, Technology and Science [Porto] (INESC TEC), University of Maryland [Baltimore], Helmholtz Center for Information Security [Saarbrücken] (CISPA), Algorand Foundation, Mehdi Tibouchi, Huaxiong Wang, Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, and Universidade do Porto

Subjects

0303 health sciences, 03 medical and health sciences, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 0302 clinical medicine, 030220 oncology & carcinogenesis, ComputingMilieux_MISCELLANEOUS, 030304 developmental biology

Abstract

International audience; The algebraic-group model (AGM), which lies between the generic group model and the standard model of computation, provides a means by which to analyze the security of cryptosystems against so-called algebraic adversaries. We formalize the AGM within the framework of universal com-posability, providing formal definitions for this setting and proving an appropriate composition theorem. This extends the applicability of the AGM to more-complex protocols, and lays the foundations for analyzing algebraic adversaries in a composable fashion. Our results also clarify the meaning of com-posing proofs in the AGM with other proofs and they highlight a natural form of independence between idealized groups that seems inherent to the AGM and has not been made formal before—these insights also apply to the composition of game-based proofs in the AGM. We show the utility of our model by proving several important protocols universally composable for algebraic adversaries, specifically:(1) the Chou-Orlandi protocol for oblivious transfer, and (2) the SPAKE2 and CPace protocols for password-based authenticated key exchange.

Published

2021

3. Universally Composable Relaxed Password Authenticated Key Exchange

Author

Manuel Barbosa, Michel Abdalla, Jonathan Katz, Jiayu Xu, Tatiana Bradley, Stanislaw Jarecki, Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Institute for Systems and Computer Engineering, Technology and Science [Porto] (INESC TEC), Faculdade de Ciências da Universidade do Porto (FCUP), Universidade do Porto, University of California [Irvine] (UCI), University of California, Department of Computer Science [Fairfax] (Volgenau School of Engineering), George Mason University [Fairfax], Michel Abdalla was supported in part by the ERC Project aSCEND (H2020 639554) and by the French ANR ALAMBIC Project (ANR16-CE39-0006). Work of Manuel Barbosa was supported in part by the grant SFRH/BSAB/143018/2018 awarded by FCT, Portugal, and by the ERC Project aSCEND (H2020 639554). Stanis law Jarecki and Tatiana Bradley were supported by NSF SaTC award #1817143. Work of Jonathan Katz and Jiayu Xu was supported in part under financial assistance award 70NANB15H328 from the U.S. Department of Commerce, National Institute of Standards and Technology., Daniele Micciancio, Thomas Ristenpart, ANR-16-CE39-0006,ALAMBIC,AppLicAtions de la MalléaBIlité en Cryptographie(2016), European Project: 639554,H2020,ERC-2014-STG,aSCEND(2015), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Universidade do Porto = University of Porto, University of California [Irvine] (UC Irvine), University of California (UC), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris

Subjects

Password, 050101 languages & linguistics, SPEKE, Theoretical computer science, Computer science, 05 social sciences, 02 engineering and technology, Adversary, Authenticated Key Exchange, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Relaxation (approximation), Session (computer science)

Abstract

International audience; Protocols for password authenticated key exchange (PAKE) allow two parties who share only a weak password to agree on a cryptographic key. We revisit the notion of PAKE in the universal composabil-ity (UC) framework, and propose a relaxation of the PAKE functionality of Canetti et al. that we call lazy-extraction PAKE (lePAKE). Our relaxation allows the ideal-world adversary to postpone its password guess until after a session is complete. We argue that this relaxed notion still provides meaningful security in the password-only setting. As our main result, we show that several PAKE protocols that were previously only proven secure with respect to a "game-based" definition of security can be shown to UC-realize the lePAKE functionality in the random-oracle model. These include SPEKE, SPAKE2, and TBPEKE, the most efficient PAKE schemes currently known.

Published

2020

4. Certified Compilation for Cryptography: Extended x86 Instructions and Constant-Time Verification

Author

Tiago Oliveira, José B. Almeida, Manuel Barbosa, Gilles Barthe, Vincent Laporte, Institute for Systems and Computer Engineering, Technology and Science [Porto] (INESC TEC), University of Minho [Braga], Faculty of Sciences of the University of Porto (FCUP), Max Planck Institute for Security and Privacy (MPI SP), Institute IMDEA Software [Madrid], Proof techniques for security protocols (PESTO), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Laporte, Vincent, and Universidade do Minho

Subjects

[INFO.INFO-LO] Computer Science [cs]/Logic in Computer Science [cs.LO], Computer science, supercop, Cryptography, 02 engineering and technology, Certification, computer.software_genre, certified compiler, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Constant (computer programming), 0202 electrical engineering, electronic engineering, information engineering, SIMD, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR], Science & Technology, Programming language, business.industry, [INFO.INFO-LO]Computer Science [cs]/Logic in Computer Science [cs.LO], 020207 software engineering, simd, x86, 020201 artificial intelligence & image processing, Compiler, constant-time, Hardware_CONTROLSTRUCTURESANDMICROPROGRAMMING, business, computer

Abstract

We present a new tool for the generation and verification of high-assurance high-speed machine-level cryptography implementations: a certified C compiler supporting instruction extensions to the x86. We demonstrate the practical applicability of our tool by incorporating it into supercop: a toolkit for measuring the performance of cryptographic software, which includes over 2000 different implementations. We show i. that the coverage of x86 implementations in supercop increases significantly due to the added support of instruction extensions via intrinsics and ii. that the obtained verifiably correct implementations are much closer in performance to unverified ones. We extend our compiler with a specialized type system that acts at pre-assembly level; this is the first constant-time verifier that can deal with extended instruction sets. We confirm that, by using instruction extensions, the performance penalty for verifiably constant-time code can be greatly reduced., This work is financed by National Funds through the FCT - Fundação para a Ciência e a Tecnologia (Portuguese Foundation for Science and Technology) within the project PTDC/CCI-INF/31698/2017, and by the Norte Portugal Regional Operational Programme (NORTE 2020) under the Portugal 2020 Partnership Agreement, through the European Regional Development Fund (ERDF) and also by national funds through the FCT, within project NORTE-01-0145-FEDER-028550 (REASSURE).

Published

2020

5. The Last Mile: High-Assurance and High-Speed Cryptographic Implementations

Author

Tiago Oliveira, Adrien Koutsos, José B. Almeida, Pierre-Yves Strub, Vincent Laporte, Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Institute for Systems and Computer Engineering, Technology and Science [Porto] (INESC TEC), Faculdade de Ciências da Universidade do Porto (FCUP), Universidade do Porto, Institute IMDEA Software [Madrid], Max Planck Institute for Security and Privacy [Bochum] (MPI Security and Privacy), Sûreté du logiciel et Preuves Mathématiques Formalisées (STAMP), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Laboratoire Spécification et Vérification (LSV), Université Paris-Saclay-Centre National de la Recherche Scientifique (CNRS)-Ecole Normale Supérieure Paris-Saclay (ENS Paris Saclay), Proof techniques for security protocols (PESTO), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Laboratoire d'informatique de l'École polytechnique [Palaiseau] (LIX), École polytechnique (X)-Centre National de la Recherche Scientifique (CNRS), Universidade do Porto = University of Porto, and Universidade do Minho

Subjects

FOS: Computer and information sciences, Correctness, Computer Science - Cryptography and Security, Computer science, Cryptography, 02 engineering and technology, computer.software_genre, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 0202 electrical engineering, electronic engineering, information engineering, Implementation, Equivalence (measure theory), computer.programming_language, Science & Technology, [INFO.INFO-PL]Computer Science [cs]/Programming Languages [cs.PL], Assembly language, Programming language, business.industry, Proof assistant, Formal equivalence checking, 020207 software engineering, Automated theorem proving, 020201 artificial intelligence & image processing, Compiler, business, Low-level programming language, computer, Cryptography and Security (cs.CR), Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática

Abstract

We develop a new approach for building cryptographic implementations. Our approach goes the last mile and delivers assembly code that is provably functionally correct, protected against side-channels, and as efficient as handwritten assembly. We illustrate our approach using ChaCha20Poly1305, one of the two ciphersuites recommended in TLS 1.3, and deliver formally verified vectorized implementations which outperform the fastest non-verified code.We realize our approach by combining the Jasmin framework, which offers in a single language features of high-level and low-level programming, and the EasyCrypt proof assistant, which offers a versatile verification infrastructure that supports proofs of functional correctness and equivalence checking. Neither of these tools had been used for functional correctness before. Taken together, these infrastructures empower programmers to develop efficient and verified implementations by "game hopping", starting from reference implementations that are proved functionally correct against a specification, and gradually introducing program optimizations that are proved correct by equivalence checking.We also make several contributions of independent interest, including a new and extensible verified compiler for Jasmin, with a richer memory model and support for vectorized instructions, and a new embedding of Jasmin in EasyCrypt., This work is partially supported by project ONR N00014-19-1-2292. Manuel Barbosa was supported by grant SFRH/BSAB/143018/2018 awarded by FCT. This work was partially funded by national funds via FCT in the context of project PTDC/CCI-INF/31698/2017.

Published

2020

6. Machine-Checked Proofs for Cryptographic Standards: Indifferentiability of Sponge and Secure High-Assurance Implementations of SHA-3

Author

José B. Almeida, Alley Stoughton, Benjamin Grégoire, Pierre-Yves Strub, Gilles Barthe, Manuel Barbosa, François Dupressoir, Cécile Baritel-Ruet, Vincent Laporte, Tiago Oliveira, Instituto de Engenharia de Sistemas e Computadores (INESC), Universidade do Porto, Mathematical, Reasoning and Software (MARELLE), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Sûreté du logiciel et Preuves Mathématiques Formalisées (STAMP), Institute IMDEA Software [Madrid], Max Planck Institute for Security and Privacy [Bochum] (MPI Security and Privacy), University of Surrey (UNIS), University of Bristol [Bristol], Proof techniques for security protocols (PESTO), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Formal Methods (LORIA - FM), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Computer Science Department [Boston] (Boston University), Boston University [Boston] (BU), Département d'informatique de l'École polytechnique (X-DEP-INFO), École polytechnique (X), ANR-18-CE25-0014,scrypt,Compilation sécurisée de primitives cryptographiques(2018), ANR-17-CE39-0004,TECAP,Analyse de protocoles - unir les outils existants(2017), Universidade do Porto = University of Porto, Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), and Universidade do Minho

Subjects

Provable security, Science & Technology, Theoretical computer science, Cryptographic primitive, Computer science, business.industry, Hash function, EasyCrypt, SHA-3, 020207 software engineering, Cryptography, 02 engineering and technology, Random oracle, Timing attack, high-assurance cryptography, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Jasmin, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, [INFO]Computer Science [cs], business, indifferentiability

Abstract

We present a high-assurance and high-speed implementation of the SHA-3 hash function. Our implementation is written in the Jasmin programming language, and is formally verified for functional correctness, provable security and timing attack resistance in the EasyCrypt proof assistant. Our implementation is the first to achieve simultaneously the four desirable properties (efficiency, correctness, provable security, and side-channel protection) for a non-trivial cryptographic primitive.Concretely, our mechanized proofs show that: 1) the SHA-3 hash function is indifferentiable from a random oracle, and thus is resistant against collision, first and second preimage attacks; 2) the SHA-3 hash function is correctly implemented by a vectorized x86 implementation. Furthermore, the implementation is provably protected against timing attacks in an idealized model of timing leaks. The proofs include new EasyCrypt libraries of independent interest for programmable random oracles and modular indifferentiability proofs., This work received support from the National Institute of Standards and Technologies under agreement number 60NANB15D248.This work was partially supported by Office of Naval Research under projects N00014-12-1-0914, N00014-15-1-2750 and N00014-19-1-2292.This work was partially funded by national funds via the Portuguese Foundation for Science and Technology (FCT) in the context of project PTDC/CCI-INF/31698/2017. Manuel Barbosa was supported by grant SFRH/BSAB/143018/2018 awarded by the FCT.This work was supported in part by the National Science Foundation under grant number 1801564.This work was supported in part by the FutureTPM project of the Horizon 2020 Framework Programme of the European Union, under GA number 779391.This work was supported by the ANR Scrypt project, grant number ANR-18-CE25-0014.This work was supported by the ANR TECAP project, grant number ANR-17-CE39-0004-01.

Published

2019

7. Indifferentiable Authenticated Encryption

Author

Manuel Barbosa, Pooya Farshim, Universidade do Porto, Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Université Paris sciences et lettres (PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Hovav Shacham, Alexandra Boldyreva, European Project: 339563,EC:FP7:ERC,ERC-2013-ADG,CRYPTOCLOUD(2014), Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), Universidade do Porto = University of Porto, École normale supérieure - Paris (ENS-PSL), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL)

Subjects

0301 basic medicine, Security properties, Authenticated encryption, Theoretical computer science, Composition theorem, Lower bound, Computer science, CAESAR, Indifferentiability, 02 engineering and technology, Upper and lower bounds, 03 medical and health sciences, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 030104 developmental biology, Feistel, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Intuition, Composition

Abstract

International audience; We study Authenticated Encryption with Associated Data (AEAD) from the viewpoint of composition in arbitrary (single-stage) environments. We use the indifferentiability framework to formalize the intuition that a "good" AEAD scheme should have random ciphertexts subject to de-cryptability. Within this framework, we can then apply the indifferentiability composition theorem to show that such schemes offer extra safeguards wherever the relevant security properties are not known, or cannot be predicted in advance, as in general-purpose crypto libraries and standards. We show, on the negative side, that generic composition (in many of its configurations) and well-known classical and recent schemes fail to achieve indifferentiability. On the positive side, we give a provably indifferentiable Feistel-based construction, which reduces the round complexity from at least 6, needed for blockciphers, to only 3 for encryption. This result is not too far off the theoretical optimum as we give a lower bound that rules out the indifferentiability of any construction with less than 2 rounds.

Published

2018

8. Secure Multiparty Computation from SGX

Author

Bernardo Portela, Ahmad-Reza Sadeghi, Guillaume Scerri, Manuel Barbosa, Ferdinand Brasser, Raad Bahmani, Bogdan Warinschi, Technische Universität Darmstadt (TU Darmstadt), Universidade do Porto, University of Minho [Braga], Department of Computer Science, Personal Trusted cloud (PETRUS), Inria Saclay - Ile de France, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Données et algorithmes pour une ville intelligente et durable - DAVID (DAVID), Université de Versailles Saint-Quentin-en-Yvelines (UVSQ)-Université de Versailles Saint-Quentin-en-Yvelines (UVSQ), Données et algorithmes pour une ville intelligente et durable - DAVID (DAVID), Université de Versailles Saint-Quentin-en-Yvelines (UVSQ), Computer Science Department [Bristol], University of Bristol [Bristol], Technische Universität Darmstadt - Technical University of Darmstadt (TU Darmstadt), Universidade do Porto = University of Porto, and ANR-16-CE39-0014,PerSoCloud,Personal and Social Trusted Cloud(2016)

Subjects

business.industry, Computer science, Computation, Cloud computing, 02 engineering and technology, Trusted third party, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Secure multi-party computation, Feature (machine learning), Code (cryptography), 020201 artificial intelligence & image processing, business, Protocol (object-oriented programming), Computer network, PATH (variable)

Abstract

International audience; Isolated Execution Environments (IEE) offered by novel commodity hardware such as Intel's SGX deployed in Skylake processors permit executing software in a protected environment that shields it from a malicious operating system; it also permits a remote user to obtain strong interactive attestation guarantees on both the code running in an IEE and its input/output behaviour. In this paper we show how IEEs provide a new path to constructing general secure multiparty computation (MPC) protocols. Our protocol is intuitive and elegant: it uses code within an IEE to play the role of a trusted third party (TTP), and the attestation guarantees of SGX to bootstrap secure communications between participants and the TTP. In our protocol the load of communications and computations on participants only depends on the size of each party's inputs and outputs and is thus small and independent from the intricacy of the functionality to be computed. The remaining computational load-essentially that of computing the functionality-is moved to an untrusted party running an IEE-enabled machine, an appealing feature for Cloud-based scenarios. However, as often the case even with the simplest cryptographic protocols, we found that there is a large gap between this intuitively appealing solution and a protocol with rigorous security guarantees. We bridge this gap through a comprehensive set of results that include: i. a detailed construction of a protocol for secure computation for arbitrary functionalities; ii. formal security definitions for the security of the overall protocol and that of its components; and iii. a modular security analysis of our protocol that relies on a novel notion of labeled attested computation. We implemented and extensively evaluated our solution on SGX-enabled hardware, providing detailed measurements of our protocol as well as comparisons with software-only MPC solutions. Furthermore, we show the cost induced by using constant-time, i.e., timing side channel resilient, code in our implementation.

Published

2017

9. Private Functional Encryption: Indistinguishability-Based Definitions and Constructions from Obfuscation

Author

Afonso Arriaga, Manuel Barbosa, Pooya Farshim, SnT, University of Luxembourg, Luxembourg, Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg] (SnT), Université du Luxembourg (Uni.lu)-Université du Luxembourg (Uni.lu), Universidade do Porto, École normale supérieure - Paris (ENS Paris), and Université Paris sciences et lettres (PSL)

Subjects

Theoretical computer science, Function privacy, 0102 computer and information sciences, 02 engineering and technology, Encryption, Computer security, computer.software_genre, 01 natural sciences, keyword search, obfuscation, inner-product en- cryption, Multiple encryption, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 0202 electrical engineering, electronic engineering, information engineering, Mathematics, Functional encryption, business.industry, functional encryption, Deterministic encryption, 010201 computation theory & mathematics, Probabilistic encryption, 56-bit encryption, 40-bit encryption, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer

Abstract

International audience; Private functional encryption guarantees that not only the information in ciphertexts is hidden but also the circuits in decryption tokens are protected. A notable use case of this notion is query privacy in searchable encryption. Prior privacy models in the literature were fine-tuned for specific functionalities (namely, identity-based encryption and inner-product encryption), did not model correlations between ciphertexts and decryption tokens, or fell under strong uninstantiability results. We develop a new indistinguishability-based privacy notion that overcomes these limitations and give constructions supporting different circuit classes and meeting varying degrees of security. Obfuscation is a common building block that these constructions share, albeit the obfuscators necessary for each construction are based on different assumptions. Our feasibility results go beyond previous constructions in a number of ways. In particular, a keyword search scheme that we base on point obfuscators tolerates arbitrary and possibly low-entropy correlations between encrypted data and queried keywords, even under (mildly restricted) adaptive token-extraction queries. Our more elaborate keyword search scheme achieves the strongest notion of privacy that we put forth (with no restrictions), but relies on stronger forms of obfuscation. We also develop a composable and distributionally secure hyperplane membership obfuscator and use it to build an inner-product encryption scheme that achieves an unprecedented level of privacy. This, in particular, positively answers a question left open by Boneh, Raghunathan and Segev (ASIACRYPT 2013) concerning the extension and realization of enhanced security for schemes supporting this functionality.

Published

2016

10. Secure Biometric Authentication With Improved Accuracy

Author

Manuel Barbosa, Stéphane Cauchie, Simao Melo de Sousa, Thierry BROUARD, Hubert Cardot, Maurel, Denis, Laboratoire d'Informatique Fondamentale et Appliquée de Tours (LIFAT), Université de Tours (UT)-Institut National des Sciences Appliquées - Centre Val de Loire (INSA CVL), and Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Centre National de la Recherche Scientifique (CNRS)

Subjects

[INFO.INFO-TT]Computer Science [cs]/Document and Text Processing, [INFO.INFO-CV] Computer Science [cs]/Computer Vision and Pattern Recognition [cs.CV], [INFO.INFO-TI] Computer Science [cs]/Image Processing [eess.IV], [INFO.INFO-TI]Computer Science [cs]/Image Processing [eess.IV], [INFO.INFO-CV]Computer Science [cs]/Computer Vision and Pattern Recognition [cs.CV], [INFO.INFO-TT] Computer Science [cs]/Document and Text Processing

Abstract

International audience; We propose a new hybrid protocol for cryptographically secure biometric authentication. The main advantages of the proposed protocol over previous solutions can be summarised as follows: (1) potential for much better accuracy using different types of biometric signals, including behavioural ones; and (2) improved user privacy, since user identities are not transmitted at any point in the protocol execution. The new protocol takes advantage of state-of-the-art identification classifiers, which provide not only better accuracy, but also the possibility to perform authentication without knowing who the user claims to be. Cryptographic security is based on the Paillier public key encryption scheme.

Published

2008