Joseph K. LiuInstitute for Infocomm Research
Joseph K. Liu
About
245
Publications
37,763
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
8,683
Citations
Introduction
Skills and Expertise
Publications
Publications (245)
Recent developments in the field of Dynamic Searchable Symmetric Encryption (DSSE) with forward and backward privacy have attracted much attention from both research and industrial communities. However, most DSSE schemes with forward and backward privacy schemes only support single keyword queries, which impedes its prevalence in practice. Although...
In this paper, we test the hypothesis that although OpenAI's GPT-4 performs well generally, we can fine-tune open-source models to outperform GPT-4 in smart contract vulnerability detection. We fine-tune two models from Meta's Code Llama and a dataset of 17k prompts, Detect Llama - Foundation and Detect Llama - Instruct, and we also fine-tune OpenA...
Recent years have witnessed a marked increase in both academic proposals and industrial adoptions of blockchain technology. However, a majority of the projects remain at the stage of prototype proposals and their real-world deployment has not met the anticipated level. This gap can be attributed to three major barriers - technical difficulties, hum...
In this chapter, we are going to give some potential future enhancement on the privacy-preserving blockchain protocol, the Ring Confidential Transaction (RingCT) protocol, which is currently used in the largest cryptocurrency Monero. Our future enhancements include the shortening of the size significantly, from linear to logarithm to the number of...
Multi-source multi-client (M/M) searchable encryption has drawn increasing attention as data sharing becomes prevalent in the digital economics era. It allows data from multiple sources to be securely outsourced to third parties and queried by authorized clients. In response to these demands, various schemes sprung up in the last few years. However...
Users have personal or business need to share most private and confidential documents; however, often at the expense of privacy and security. A sought after feature in the trending ephemeral context is to set download constraints of a particular file - a file can only be downloaded a limited number of times and/or for a limited period of time. Emer...
The application of blockchain technology in education has gained increased attention from researchers and practitioners in the past few years. However, most pilots are stuck in the prototype stage and meet industrial adoption barriers. In this study, targeting the identified hindering factors, we develop an education credentials management and veri...
Searchable symmetric encryption (SSE) has been introduced for secure outsourcing the encrypted database to cloud storage, while maintaining searchable features. Of various SSE schemes, most of them assume the server is honest but curious, while the server may be trustless in the real world. Considering a malicious server not honestly performing the...
Blockchain technology provides efficient and secure solutions to various online activities by utilizing a wide range of cryptographic tools. In this paper, we survey the existing literature on post-quantum secure digital signatures that possess exotic advanced features and which are crucial cryptographic tools used in the blockchain ecosystem for (...
DualRing is a novel generic construction introduced by Yuen et al. (CRYPTO’21), which can transform a special kind of (Type-T*) canonical identification scheme to a ring signature scheme. Compared with the classical approaches, this method can get a shorter signature. In this paper, we construct a new middle-product learning with errors (MPLWE)-bas...
Verifiable Random Functions (VRFs) play a key role in Proof-of-Stake blockchains such as Algorand to achieve highly scalable consensus, but currently deployed VRFs lack post-quantum security, which is crucial for future-readiness of blockchain systems. This work presents the first quantum-safe VRF scheme based on symmetric primitives. Our main prop...
When used maliciously, deepfake can pose detrimental implications to political and social forces including reducing public trust in institutions, damaging the reputation of prominent individuals, and influencing public opinions. As there is currently no specific law to address deepfakes, thus deepfake detection, which is an action to discriminate p...
Blockchain technology is reshaping fundamental structures in many industries. Similarly, there is an increasing interest in adopting blockchain as a new solution to addressing educational credentialing problems. However, none of the existing blockchain initiatives in educational credentialing seems to meet their original goal of global adoption. Ba...
Ring signatures and ID-based cryptography are considered promising in terms of application. A ring signature authenticates messages while the author of the message remains anonymous. ID-based cryptographic primitives suppress the need for certificates in public key infrastructures (PKI). In this work, we propose a generic construction for post-quan...
Driven by the cloud-first initiative taken by various governments and companies, it has become a common practice to outsource spatial data to cloud servers for a wide range of applications such as location-based services and geographic information systems. Searchable encryption is a common practice for outsourcing spatial data which enables search...
Face recognition has been extensively employed in practice, such as attendance system and public security. Linear discriminant analysis (LDA) algorithm is one of the most significant ones in the field of face recognition, but it is very difficult for many clients to employ it in their resource-constrained devices (e.g., smartphones and notebook com...
The clustering algorithm is a useful tool for analyzing medical data. For instance, the k-means clustering can be used to study precipitating factors of a disease. In order to implement the clustering algorithm efficiently, data computation is outsourced to cloud servers, which may leak the private data. Encryption is a common method for solving th...
Privacy-preserving pattern matching enables a user to find all occurrences of a pattern in a text without revealing any sensitive information. However, many previous works designed on homomorphic encryption suffer from expensive computational overhead and potential input leakage via access pattern during the matching process. In this paper, we prop...
People have personal and/or business need to share private and confidential documents; however, often at the expense of privacy. Privacy aware users demand that their data is secure during the entire life cycle, and not residing in clouds indefinitely. A trending feature in industry is to set download constraints of shared files - a file can be dow...
In this paper, we propose a privacy-preserving contact tracing protocol for smart phones, and more specifically Android and iOS phones. The protocol allows users to be notified, if they have been a close contact of a confirmed patient. The protocol is designed to strike a balance between privacy, security, and scalability. Specifically, the app all...
Cloud storage systems have seen a growing number of clients due to the fact that more and more businesses and governments are shifting away from in-house data servers and seeking cost-effective and ease-of-access solutions. However, the security of cloud storage is underestimated in current practice, which resulted in many large-scale data breaches...
Monero is a cryptocurrency that provides anonymity by default for its senders and receivers. The recorded Monero transactions are infeasible to trace without additional information. Monero utilises Proof-of-Work (PoW) as its consensus method. Miners contribute their computing power in exchange for a reward. To stabilise their income, the miners joi...
Driven by the cloud-first initiative taken by various governments and companies, it has become a common practice to outsource spatial data to cloud servers for a wide range of applications such as location-based services and geographic information systems. Searchable encryption is a common practice for outsourcing spatial data which enables search...
We introduce a novel generic ring signature construction, called DualRing, which can be built from several canonical identification schemes (such as Schnorr identification). DualRing differs from the classical ring signatures by its formation of two rings: a ring of commitments and a ring of challenges. It has a structural difference from the commo...
In this paper we provide an efficient construction of a lattice-based polynomial argument and a polynomial batch-protocol, where the latter contains the polynomial argument as a building block. Our contribution is motivated by the discrete log based construction (EUROCRYPT’16), where in our case we employ different techniques to obtain a communicat...
Dynamic searchable symmetric encryption (DSSE) can enable a cloud server to search and update over the encrypted data. Recently, forward and backward privacy in DSSE receive wide attention due to the rise in a number of emerging attacks exploiting the leakage in data update operations. Forward privacy ensures newly added data is not related to quer...
In this work, we propose new lattice-based protocols which are used to prove additive and multiplicative relations of committed integers. We introduce three new protocols. The first protocol proves additive relation of integers. In this framework, we introduce a new computational technique which splits the integers into chunks helping to achieve a...
Network Function Virtualisation (NFV) advances the adoption of composable software middleboxes. Accordingly, cloud data centres become major NFV vendors for enterprise traffic processing. Due to the privacy concern of traffic redirection to the cloud, secure middlebox systems (e.g., BlindBox) draw much attention; they can process encrypted packets...
This book constitutes the proceedings of the 24rd International Conference on Information Security, ISC 2021, held virtually, in November 2021.
The 21 full papers presented in this volume were carefully reviewed and selected from 87 submissions. The papers categorized into the following topical subheadings: cryptology; web and OS security; network...
Proxy re-encryption (PRE) allows a proxy to transform one ciphertext to another under different encryption keys while keeping the underlying plaintext secret. Because of the ciphertext transformability of PRE, there are many potential private communicating applications of this feature. However, existing PRE schemes are not as full-fledged as expect...
Searchable encryption (SE) is one of the key enablers for building encrypted databases. It allows a cloud server to search over encrypted data without decryption. Dynamic SE additionally includes data addition and deletion operations to enrich the functions of encrypted databases. Recent attacks exploiting the leakage in dynamic operations drive th...
In this paper, we propose the most efficient blockchain ring confidential transaction protocol (RingCT3.0) for protecting the privacy of the sender’s identity, the recipient’s identity and the confidentiality of the transaction amount. For a typical 2-input transaction with a ring size of 1024, the ring signature size of our RingCT3.0 protocol is 9...
Outsourcing encrypted data to cloud servers that has become a prevalent trend among Internet users to date. There is a long list of advantages on data outsourcing, such as the reduction cost of local data management. How to securely operate encrypted data (remotely), however, is the top-rank concern over data owner. Liang
et al.
proposed a novel...
Due to its capabilities of searches and updates over the encrypted database, the dynamic searchable symmetric encryption (DSSE) has received considerable attention recently. To resist leakage abuse attacks, a secure DSSE scheme usually requires forward and backward privacy. However, the existing forward and backward private DSSE schemes either only...
We revisit the method of designing public-key puncturable encryption schemes and present a generic conversion by leveraging the techniques of distributed key-distribution and revocable encryption. In particular, we first introduce a refined version of identity-based revocable encryption, named key-homomorphic identity-based revocable key encapsulat...
This paper presents two dynamic symmetric searchable encryption schemes for geometric range search. Our constructions are the first to provide forward/backward security in the context of SSE-based schemes supporting geometric range search. Besides, we define a security notion called content privacy. This security notion captures the leakages that a...
The security of our data stores is underestimated in current practice, which resulted in many large-scale data breaches. To change the status quo, this paper presents the design of ShieldDB, an encrypted document database. ShieldDB adapts the searchable encryption technique to preserve the search functionality over encrypted documents without havin...
Sharding has been a highly expected solution for the blockchain scalability problem. But with computation power of honest miners (or stakes in PoS based systems) distributed in shards, it becomes easier for attackers to attack a single shard. In this research, we propose a new consensus algorithm, Greedy Observed Largest Forest (GOLF), aiming to co...
In this paper, we construct a revocable and linkable ring signature (RLRS) scheme, which enables a revocation authority to revoke the anonymity of the real signer in linkable ring signature scheme under any circumstances. In other words, the revocability of RLRS is mandatory. The proposed RLRS scheme inherits the desired properties of group signatu...
An escrow protocol for Bitcoin allows fair trading using bitcoins. To ensure fairness, the existing proposals made various trade-offs between trust, privacy, and efficiency. In this work, we evaluate the existing escrow protocols for cryptocurrency and propose a practical escrow protocol for Bitcoin that is: (a) computationally efficient; (b) round...
In this work, we introduce a new mechanism for constructing multi-client searchable encryption (SE). By tactfully leveraging the RSA-function, we propose the first multi-client SE protocol that successfully avoids per-query interaction between data owner and client. Therefore, our approach significantly reduces the communication cost by eliminating...
Searchable Encryption (SE) enables a data owner to outsource encrypted data to an untrusted server while preserving the keyword search functionality. Typically, the server learns whether or not a query has been performed more than once, which is usually called the search pattern. However, such kind of information leakage might be leveraged to break...
Searchable encryption (SE) is one of the key enablers for building encrypted databases. It allows a cloud server to search over encrypted data without decryption. Dynamic SE additionally includes data addition and deletion operations to enrich the functions of encrypted databases. Recent attacks exploiting the leakage in dynamic operations drive ra...
Network Function Virtualisation (NFV) advances the development of composable software middleboxes. Accordingly, cloud data centres become major NFV vendors for enterprise traffic processing. Due to the privacy concern of traffic redirection to the cloud, secure middlebox systems (e.g., BlindBox) draw much attention; they can process encrypted packe...
Outlier detection is widely used in practice to track the anomaly on incremental datasets such as network traffic and system logs. However, these datasets often involve sensitive information, and sharing the data to third parties for anomaly detection raises privacy concerns. In this paper, we present a privacy-preserving outlier detection protocol...
We introduce MatRiCT, an efficient RingCT protocol for blockchain confidential transactions, whose security is based on "post-quantum'' (module) lattice assumptions. The proof length of the protocol is around two orders of magnitude shorter than the existing post-quantum proposal, and scales efficiently to large anonymity sets, unlike the existing...
We propose a multi-client Symmetric Searchable Encryption (SSE) scheme based on the single-user protocol (Cash et al., CRYPTO 2013). The scheme allows any user to generate a search query by interacting with any θ-1 (θ is a threshold parameter) ‘helping’ users. It preserves the privacy of a database content against the server assuming a leakage of u...
Outlier detection is widely used in practice to track the anomaly on incremental datasets such as network traffic and system logs. However, these datasets often involve sensitive information, and sharing the data to third parties for anomaly detection raises privacy concerns. In this paper, we present a privacy-preserving outlier detection protocol...
In recent years, we have seen a massive blockchain adoption in cryptocurrencies such as Bitcoin. Following the success of blockchain in cryptocurrency industry, many people start to explore the possibility of implementing blockchain technology in different fields. In this paper, we propose Smart Stamp Duty, a system which can revolutionize the way...
Group signatures are considered as one of the most prominent cryptographic primitives to ensure privacy. In essence, group signatures ensure the authenticity of messages while the author of the message remains anonymous. In this study, we propose a dynamic post-quantum group signature (GS) extending the static G-Merkle group signature (PQCRYPTO 201...
Dynamic Searchable Symmetric Encryption (DSSE) enables a client to perform updates and searches on encrypted data which makes it very useful in practice. To protect DSSE from the leakage of updates (leading to break query or data privacy), two new security notions, forward and backward privacy, have been proposed recently. Although extensive attent...
Although searchable encryption schemes allow secure search over the encrypted data, they mostly support conventional Boolean keyword search, without capturing any relevance of the search results. This leads to a large amount of post-processing overhead to find the most matching documents and causes an unnecessary communication cost between the serv...
We devise new techniques for design and analysis of efficient lattice-based zero-knowledge proofs (ZKP). First, we introduce one-shot proof techniques for non-linear polynomial relations of degree \(k\ge 2\), where the protocol achieves a negligible soundness error in a single execution, and thus performs significantly better in both computation an...
In this talk, I will cover the basic applications of blockchain, in particular for fintech, supply chain and food safety area. I will discuss the blockchain technology behind these applications and will further discuss the use cases in Australia.
In this paper, we propose GraphSE\textsuperscript2, an encrypted graph database for online social network services to address massive data breaches. GraphSE\textsuperscript2 ~preserves the functionality of social search, a key enabler for quality social network services, where social search queries are conducted on a large-scale social graph and me...
Monero, ranked as one of the top privacy-preserving cryptocurrencies by market cap, introduced semi-annual hard fork in 2018. Although hard fork is not an uncommon event in the cryptocurrency industry, the two hard forks in 2018 caused an anonymity risk to Monero where transactions became traceable due to the problem of key reuse. Thisproblem was t...
As the fundamental component of blockchains, proof-of-work (PoW) scheme has been widely leveraged to provide consensus for maintaining a distributed public ledger. However, the long confirmation time, and hence the slow finality rate, is far from satisfactory. Alternative paradigms with performance improvement emerge. Nevertheless, there are fewer...
In a cryptocurrency system, the protocol incorporated in the node application runs without human intervention. Cryptographic techniques are implemented to determine the ownership of the coins; they enable the owners to transfer the ownership of the coins to other users. Consensus protocols are employed to determine the source of the truth of the in...
Improving the throughput of blockchain systems such as Bitcoin and Ethereum has been an important research problem. Off-chain payments are one of the most promising technologies to tackle this challenge. Once a payment channel, however, is established there exists a strict one-one correspondence between a payee and prepayments, which reduces the fl...
This paper presents the Lattice-based Ring Confidential Transactions “Lattice RingCT v2.0” protocol. Unlike the previous Lattice RingCT v1.0 (LRCT v1.0) protocol, the new protocol supports Multiple-Input and Multiple-Output (MIMO) wallets in transactions, and it is a fully functional protocol construction for cryptocurrency applications such as Hca...
In this work, we construct a short one-out-of-many proof from (module) lattices, allowing one to prove knowledge of a secret associated with one of the public values in a set. The proof system builds on a combination of ideas from the efficient proposals in the discrete logarithm setting by Groth and Kohlweiss (EUROCRYPT ’15) and Bootle et al. (ESO...
We revisit the problem of constructing public key encryption (PKE) secure against both key-leakage and tampering attacks. First, we present an enhanced security against both kinds of attacks, namely strong leakage and tamper-resilient chosen-ciphertext (sLTR-CCA) security, which imposes only minimal restrictions on the adversary’s queries and thus...
Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward privacy and backward privacy have been proposed. Nevertheless, the existing forward/ba...
In this paper, we propose GraphSE$^2$, an encrypted graph database for online social network services to address massive data breaches. GraphSE$^2$ preserves the functionality of social search, a key enabler for quality social network services, where social search queries are conducted on a large-scale social graph and meanwhile perform set and com...
E-medical record is an emerging health information exchange model based on cloud computing. As cloud computing allows companies and individuals to outsource their data and computation, the medical data is always stored at a third party such as cloud, which brings a variety of risks, such as data leakage to the untrusted cloud server, unauthorized a...
E-medical records are sensitive and should be stored in a medical database in encrypted form. However, simply encrypting these records will eliminate data utility and interoperability of the existing medical database system because encrypted records are no longer searchable. Moreover, multiple authorities could be involved in controlling and sharin...
The number of Android smartphone and tablet users has experienced a rapid growth in the past few years and it raises users' awareness on privacy and security issues of their mobile devices. There are lots of users rooting their Android devices for some useful functions, which are not originally provided to developers and users, such as taking scree...
Threshold password-authenticated secret sharing (TPASS) protocols allow a client to distribute a secret s amongst n servers and protect it with a password pw, so that the client can later recover the secret s from any subset of t of the servers using the password pw. In this paper, we present two efficient TPASS protocols, one is built on two-phase...
In this chapter, we discuss the basics of ring signature—a kind of anonymous signature that allows a user to sign on behalf of a self-formed group such that the verifier only knows that the signer is one of the users of this group but cannot find out the identification information (such as public key) of the real signer. We give the security model...
This book constitutes the proceedings of the 13th International Conference on Network and System Security, NSS 2019, held in Sapporo, Japan, in December 2019.
The 36 full papers and 7 short papers presented together with 4 invited papers in this book were carefully reviewed and selected from 89 initial submissions. The papers cover a wide range of...
In this paper, we present a generic construction of tightly secure signature schemes in the multi-user setting, which is in turn used to construct tightly secure identity-based signature schemes. Both of the securities of the constructions are based on the hardness of some subset membership problems (SMP). By instantiating SMP with the Decisional C...
The recently proposed Oblivious Cross-Tags (OXT) protocol (CRYPTO 2013) has broken new ground in designing efficient searchable symmetric encryption (SSE) protocol with support for conjunctive keyword search in a single-writer single-reader framework. While the OXT protocol offers high performance by adopting a number of specialised data-structures...
Symmetric Searchable Encryption (SSE) has received wide attention due to its practical application in searching on encrypted data. Beyond search, data addition and deletion are also supported in dynamic SSE schemes. Unfortunately, these update operations leak some information of updated data. To address this issue, forward-secure SSE is actively ex...
IOTA, one of the largest cryptocurrencies in the world, is a platform that links together Internet of Things (IoT) devices and is specifically built for fee-free machine-to-machine micropayments and messaging. One of IOTA’s core features is the Tangle - which is a new distributed ledger concept that tracks all payments and interactions. Despite its...
Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward security and backward security have been proposed. Nevertheless, the existing forward/...
Searchable Symmetric Encryption (SSE) enables a client to securely outsource large encrypted database to a server while supporting efficient keyword search. Most of the existing works are designed against the honest-but-curious server. That is, the server will be curious but execute the protocol in an honest manner. Recently, some researchers prese...
With cloud computing becoming increasingly popular, there has been a rapid increase in the number of data owners who outsource their data to the cloud while allowing users to retrieve the data. To preserve the privacy of data, data owners usually encrypt their data before outsourcing them to the cloud, and cloud servers can search across the cipher...
Prior to outsourcing sensitive data, users need to encrypt the data and outsource the ciphertexts to cloud servers. Therefore, efficient search techniques on encrypted data are required. Attribute-based keyword search (ABKS) is a public key encryption with keyword search scheme where a legal user can authorize a proxy to test whether a ciphertext i...
In this paper, we construct a Lattice-based one-time Linkable Ring Signature (L2RS) scheme, which enables the public to verify if two or more signatures were generated by same signatory, whilst still preserving the anonymity of the signatory. The L2RS provides unconditional anonymity and security guarantees under the Ring Short Integer Solution (Ri...