February 10th, Sunday 11:15, Room 570, Education Building
** NOTE SPECIAL TIME AND PLACE **
In recent years, malleable cryptographic primitives have advanced from
being seen as a weakness allowing for attacks, to being considered a
potentially useful feature. Malleable primitives are cryptographic
objects that allow for meaningful computations, as most notably in the
example of fully homomorphic encryption. Malleability is, however, a
notion that is difficult to capture both in the hand-written and the
formal security analysis of protocols.
In my work, I look at malleability from both angles. On one hand, it
is a source of worrying attacks that have, e.g., to be mitigated in a
verified implementation of the transport layer security (TLS) standard
used for securing the Internet. On the other hand, malleability is a
feature that helps to build efficient protocols, such as delegatable
anonymous credentials and fast and resource friendly proofs of
computations for smart metering. We are building a zero-knowledge
compiler for a high-level relational language (ZQL), that
systematically optimizes and verifies the use of such cryptographic
evidence.
We recently discovered that malleability is also applicable to
verifiable shuffles, an important building block for universally
verifiable, multi-authority election schemes. We construct a publicly
verifiable shuffle that for the first time uses one compact proof to
prove the correctness of an entire multi-step shuffle. In our work, we
examine notions of malleability for non-interactive zero-knowledge
(NIZK) proofs. We start by defining a malleable proof system, and then
consider ways to meaningfully control the malleability of the proof
system. In our shuffle application controlled-malleable proofs allow
each mixing authority to take as input a set of encrypted votes and a
controlled-malleable NIZK proof that these are a shuffle of the
original encrypted votes submitted by the voters; it then permutes and
re-randomizes these votes and updates the proof by exploiting its
controlled malleability.
Short Bio:
I am a researcher at Microsoft Research Cambridge in the Programming
Principles and Tools group. I did my PhD at the COSIC (Computer
Security and Industrial Cryptography) group at the K.U.Leuven, and my
master thesis at IBM Research Zurich. My research focus is on
privacy-enhancing protocols and formal verification of cryptographic
protocols.