January 2025
·
1 Read
·
1 Citation
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
January 2025
·
1 Read
·
1 Citation
December 2024
·
1 Read
December 2024
·
4 Citations
December 2024
January 2024
·
9 Reads
·
1 Citation
December 2023
·
32 Reads
·
3 Citations
Proceedings of the VLDB Endowment
We propose GraphOS, a system that allows a client that owns a graph database to outsource it to an untrusted server for storage and querying. It relies on doubly-oblivious primitives and trusted hardware to achieve a very strong privacy and efficiency notion which we call oblivious graph processing : the server learns nothing besides the number of graph vertexes and edges, and for each query its type and response size. At a technical level, GraphOS stores the graph on a doubly-oblivious data structure , so that all vertex/edge accesses are indistinguishable. For this purpose, we propose Omix++, a novel doubly-oblivious map that outperforms the previous state of the art by up to 34×, and may be of independent interest. Moreover, to avoid any leakage from CPU instruction-fetching during query evaluation, we propose algorithms for four fundamental graph queries (BFS/DFS traversal, minimum spanning tree, and single-source shortest paths) that have a fixed execution trace , i.e., the sequence of executed operations is independent of the input. By combining these techniques, we eliminate all information that a hardware adversary observing the memory access pattern within the protected enclave can infer. We benchmarked GraphOS against the best existing solution, based on oblivious relational DBMS (translating graph queries to relational operators). GraphOS is not only significantly more performant (by up to two orders of magnitude for our tested graphs) but it eliminates leakage related to the graph topology that is practically inherent when a relational DBMS is used unless all operations are "padded" to the worst case.
November 2023
·
10 Reads
·
2 Citations
Lecture Notes in Computer Science
In Private Information Retrieval (PIR), a client wishes to access an index i from a public n-bit database without revealing any information about i. Recently, a series of works starting with the seminal paper of Corrigan-Gibbs and Kogan (EUROCRYPT 2020) considered PIR with client preprocessing and no additional server storage. In this setting, we now have protocols that achieve (amortized) server time and (amortized) bandwidth in the two-server model (Shi et al., CRYPTO 2021) as well as server time and bandwidth in the single-server model (Corrigan-Gibbs et al., EUROCRYPT 2022). Given existing lower bounds, a single-server PIR scheme with (amortized) server time and (amortized) bandwidth is still feasible, however, to date, no known protocol achieves such complexities. In this paper we fill this gap by constructing the first single-server PIR scheme with (amortized) server time and (amortized) bandwidth. Our scheme achieves near-optimal (optimal up to polylogarithmic factors) asymptotics in every relevant dimension. Central to our approach is a new cryptographic primitive that we call an adaptable pseudorandom set: With an adaptable pseudorandom set, one can represent a large pseudorandom set with a succinct fixed-size key k, and can both add to and remove from the set a constant number of elements by manipulating the key k, while maintaining its concise description as well as its pseudorandomness (under a certain security definition).
November 2023
·
5 Reads
·
3 Citations
August 2023
·
6 Reads
·
10 Citations
Lecture Notes in Computer Science
In Private Information Retrieval (PIR), a client wishes to retrieve the value of an index i from a public database of N values without leaking any information about i. In their recent seminal work, Corrigan-Gibbs and Kogan (EUROCRYPT 2020) introduced the first two-server PIR protocol with sublinear amortized server time and sublinear bandwidth. In a followup work, Shi et al. (CRYPTO 2021) reduced the bandwidth to polylogarithmic by proposing a construction based on privately puncturable pseudorandom functions, a primitive whose only construction known to date is based on heavy cryptographic primitives such as LWE. Partly because of this, their PIR protocol does not achieve concrete efficiency. In this paper we propose TreePIR, a two-server PIR protocol with sublinear amortized server time and polylogarithmic bandwidth whose security can be based on just the DDH assumption. TreePIR can be partitioned in two phases that are both sublinear: The first phase is remarkably simple and only requires pseudorandom generators. The second phase is a single-server PIR protocol on only indices, for which we can use the protocol by Döttling et al. (CRYPTO 2019) based on DDH, or, for practical purposes, the most concretely efficient single-server PIR protocol. Not only does TreePIR achieve better asymptotics than previous approaches while resting on weaker cryptographic assumptions, it also outperforms existing two-server PIR protocols in practice. The crux of our protocol is a new cryptographic primitive that we call weak privately puncturable pseudorandom functions, which we believe can have further applications.KeywordsPrivate Information RetrievalPuncturable Pseudorandom FunctionsPrivacy-Preserving Primitives
May 2023
·
7 Reads
·
9 Citations
Lecture Notes in Computer Science
Time-lock puzzles (TLP) are a fascinating type of cryptographic problem that is easy to generate, but takes a certain time to solve, even when arbitrary parallel speedup is allowed. TLPs have wide-ranging applications including fairness, round efficient computation, and more. To reduce the effort needed to solve large numbers of TLPs, prior work has proposed batching techniques to reduce the cost of solving. However, these proposals either require: (1) a trusted setup or (2) the puzzle size be linear in the maximum batch size, which implies setting an a priori bound on the maximum size of the batch. Any of these limitations restrict the utility of TLPs in decentralized and dynamic settings like permissionless blockchains. In this work, we demonstrate the feasibility and usefulness of a TLP that overcomes all the above limitations using indistinguishability obfuscation to show that there are no fundamental barriers to achieving such a TLP construction.As a main application of our TLP, we show how to improve the resilience of consensus protocols toward network-level adversaries in the following settings: (1) We show a generic compiler that boosts the resilience of a Byzantine broadcast protocol as follows: if is secure against weakly adaptive corruptions, then the compiled protocol is secure against strongly adaptive corruptions. Here, ‘strong’ refers to adaptively corrupting a party and deleting messages that it sent while still honest. Our compiler is round and communication preserving, and gives the first expected constant-round Byzantine broadcast protocol against a strongly adaptive adversary for the dishonest majority setting. (2) We adapt the Nakamoto consensus protocol to a weak model of synchrony where the adversary can adaptively create minority partitions in the network. Unlike prior works, we do not assume that all honest messages are delivered within a known upper bound on the message delay. This is the first work to show that it is possible to achieve consensus in the permissionless setting even after relaxing the standard synchrony assumption.KeywordsTime-lock puzzlesBatch solvingDistributed consensusByzantine broadcastMobile-sluggish faults
... These developments have further been integrated into real-world systems, including Symmetria [28], which leverages HE for secure database queries, and Rache [29], which optimizes range and equality queries on encrypted datasets. More recent works on FHE include [8,13,16,30,33,34]. ...
December 2024
... Note that PIR schemes without a preprocessing phase can achieve polylogarithmic communication cost per query, but require linear computation cost per query for the server [BIM00]. Many recent works construct practical single-server PIR protocols in the client-dependent preprocessing model [HHC + 23, ZPZS24,MIR23,GZS24]. Practical constructions of twoserver PIR schemes also work in this client-dependent preprocessing model [KC21,LP23]. To further amortize sender communication and computation, one would ideally like to combine our re-usable sender setup phase described above with a PIR scheme with a re-usable, client-independent preprocessing phase. ...
August 2023
Lecture Notes in Computer Science
... Ben-Or [13] and Rabin [14], showed that this lower bound can be overcome using randomization, leading to probabilistic protocols with expected-constant number of rounds in the honest-majority setting, e.g., [37][38][39]. In the dishonest-majority setting, Garay et al. [40] presented a lower bound of (n/(n − t)) rounds for any protocol tolerating t > n/2 corruptions; a fruitful line of work devised sublinear-round broadcast protocols [24,[40][41][42][43][44]; notably, the work of [42] matches the lower bound of [40] for any constant fraction of corruptions. In some sense, our main lower bound (Theorem 2) can be viewed as an analogue of the lower bound from [40] for the case of communication complexity. ...
May 2023
Lecture Notes in Computer Science
... Authors are endorsing the claim of using a stash in case of insertion failure in Cuckoo Hashing because data loss decreases with an increase in the ML. So a small-size stash can be introduced to deal with this situation [27]. As at ML=200, Sequential Cuckoo Hashing shows data loss of a key thus ML=200 has been considered as a standard. ...
March 2023
Information Processing Letters
... There are some methods that follow a similar objective as this paper, namely, structured encryption and, more specifically, searchable encryption and variants of both. They describe ways to store data and perform actions, e.g. by searching through it via an untrusted server, while the server cannot learn any information about the data [4,12,25,41,42,44,72,74]. Most research, however, sees the use case for this in the storage of large databases [46], wherein the storing and accessing of data is done by the same person [3,11,33,52,58], contrary to the approach presented here. ...
November 2022
... The scheme achieves unforgeability, anonymity, multishow unlinkability, data minimization, public verifiability, threshold traceability, revocability and so on. Our definitions follow the security definitions sequential aggregate signatures [30], threshold traceable dynamic group signatures [28], anonymous credentials [21], dynamic accumulator [43], zero-knowledge proofs, ElGamal encryption [41]. ...
November 2022
... Here, the most communication-efficient broadcast constructions are based on the protocol of Dolev and Strong [5], and broadcast with o(nt) messages has not been achieved even using randomization and cryptography. The state-of-the-art protocols, for a constant fraction t = (n) of corruptions, are due to Chan et al. [24] in the weakly adaptive setting under a trusted setup assumption, and to Tsimos et al. [25] in the static setting under a weaker setup assumption; however, both works require (nt) communication, namelyÕ(n 2 ). 2 On the other hand, the only nontrivial ω(n) communication lower bounds are those discussed above, restricted to deterministic protocols, or against strong adaptive adversaries. ...
October 2022
Lecture Notes in Computer Science
... However, none of the aforementioned works found or addressed the robustness problem in DSSE. Besides the forward and backward security, there are also many DSSE works diving into higher security to eliminate harmful information leakage [37] and mitigate attacks [38], [39], [40]. Among those works, there is an important research line that leverage real-world security techniques to achieve the security goal. ...
May 2021
... Mirage. Mirage [89] is a universal zk-SNARK scheme and aptly named Java framework [5] implementing such scheme. Mirage's main contribution is a universal trusted setup, such that trusted setup does not have to be performed everytime the circuit changes, as is done in zk-SNARKs. ...
August 2020
... Time series data-observations recorded sequentially over time-unlocks a chronological perspective, allowing security systems to discern patterns and anomalies that sporadic data points may obscure. However, the complexities of time series data and the analytical challenges it presents have led to its underutilization in intrusion detection [12,13]. ...
May 2020