# cB

## Carlo Brunetta

Email: brunetta@chalmers.se

Room: EDIT - 5125

Hej! I’m Carlo and I’m a Cryptography PhD student.

I ❤ Music, Nature and the Universe and I love Math ❤

I’m TAing the Cryptography, Computer Security and Network Security courses at Chalmers.

“If a man’s wit be wandering, let him study the mathematics.” - Francis Bacon

### Master Thesis

Do you want to do a master thesis in Cryptography? Just contact me or drop in my office!

I’m happy to talk and see if we can collaborate!

WIP on some specific proposal

### Research Interests

#### Block Cipher

Wiki

Block ciphers are fundamental primitives to build security and they have to be as secure as possible. The security that a BC (alone) has to achieve is directly connected on how a BC is defined in the mathematical terms.

#### Blockchain

Wiki

Blockchain is a database with really peculiar cryptographic rules. Or can it be a highly-reliable turn based communication-channel?

### Publications

#### Code-Based Zero Knowledge PRF Arguments

Open PDF

ISC 2019

Abstract: Pseudo-random functions are a useful cryptographic primitive that, can be combined with zero-knowledge proof systems in order to achieve privacy-preserving identification. Libert et al. (ASIACRYPT 2017) has investigated the problem of proving the correct evaluation of lattice-based PRFs based on the Learning-With-Rounding (LWR) problem. In this paper, we go beyond lattice-based assumptions and investigate, whether we can solve the question of proving the correct evaluation of PRFs based on code-based assumptions such as the Syndrome Decoding problem. The answer is affirmative and we achieve it by firstly introducing a very efficient code-based PRG based on the *Regular Syndrome Decoding* problem and subsequently, we give a direct construction of a code-based PRF. Thirdly, we provide a zero-knowledge protocol for the correct evaluation of a code-based PRF, which allows a prover to convince a verifier that a given output \$y\$ is indeed computed from the code-based PRF with a secret key k on an input x, i.e., y=f(k,x). Finally, we analytically evaluate the protocol's communication costs.

#### Cryptographic Tools for Privacy Preservation and Verifiable Randomness

Open Thesis

Licentiate Thesis

Abstract: Our society revolves around communication. The Internet is the biggest, cheapest and fastest digital communication channel used nowadays. Due to the continuous increase of daily communication among people worldwide, more and more data might be stolen, misused or tampered. We require to protect our communications and data by achieving privacy and confidentiality. Despite the two terms, "privacy" and "confidentiality",are often used as synonymous, in cryptography they are modelled in very different ways. Intuitively, cryptography can be seen as a tool-box in which every scheme, protocol or primitive is a tool that can be used to solve specific problems and provide specific communication security guarantees such as confidentiality. Privacy is instead not easy to describe and capture since it often depends on "which" information is available, "how" are these data used and/or "who" has access to our data. This licentiate thesis raises research questions and proposes solutions related to: the possibility of defining encryption schemes that provide both strong security and privacy guarantees; the importance of designing cryptographic protocols that are compliant with real-life privacy-laws or regulations; and the necessity of defining a post-quantum mechanism to achieve the verifiability of randomness. In more details, the thesis achievements are: + defining a new class of encryption schemes, by weakening the correctness property, that achieves Differential Privacy (DP), i.e., a mathematically sound definition of privacy; + formalizing a security model for a subset of articles in the European General Data Protection Regulation (GDPR), designing and implementing a cryptographic protocol based on the proposed GDPR-oriented security model, and; + proposing a methodology to compile a post-quantum interactive protocol for proving the correct computation of a pseudorandom function into a non-interactive one, yielding a post-quantum mechanism for verifiable randomness.

#### Lattice-Based Simulatable VRFs - Challenges and Future Directions

Open PDF

ProvSec 2018 - Workshop

Abstract: Lattice-based cryptography is evolving rapidly and is often employed to design cryptographic primitives that hold a great promise for being post-quantum resistant and can be employed in multiple applications such as: e-cash, unique digital signatures, non-interactive lottery and others. In such application scenarios, a user is often required to prove non-interactively the correct computation of a pseudo-random function F_k(x) without revealing the secret key k used. Commitment schemes are also useful in such application settings to commit to a chosen value, while keeping it hidden to others but being able to reveal the committed value later. In this paper, we define the first lattice-based dual-mode commitment scheme and prove that it is perfectly binding and computationally hiding. As an application, we employ our commitment scheme in order to obtain the first lattice-based non-interactive zero knowledge (NIZK) PRF argument. Furthermore, we investigate how we may construct the first lattice-based verifiable random function (VRF), and in particular a simulatable VRF (CRYPTO 2007), by employing our proposed lattice-based NIZK PRF argument.

A journal version can be found in the journal Journal of Internet Services and Information Security (JISIS) (Vol.8 Issue 4)

#### HIKE - Walking the Privacy Trail

Open PDF

CANS 2018

Abstract: We consider the problem of privacy-preserving processing of outsourced data in the context of user-customised services. Clients store their data on a server. In order to provide user-dependent services, service providers may ask the server to compute functions on the users’ data. We propose a new solution to this problem that guarantees data privacy (i.e., an honest-but-curious server cannot access plaintexts), as well as that service providers can correctly decrypt only –functions on– the data the user gave them access to (i.e., service providers learn nothing more than the result of user-selected computations). Our solution has as base point a new secure labelled homomorphic encryption scheme (LEEG). LEEG supports additional algorithms (FEET) that enhance the scheme’s functionalities with extra privacy-oriented features. Equipped with LEEG and FEET, we define HIKE: a lightweight protocol for private and secure storage, computation and disclosure of users’ data. Finally, we implement HIKE and benchmark its performances demonstrating its succinctness and efficiency.

#### A Differentially Private Encryption Scheme

Open PDF

ISC 2017

Abstract: Encrypting data with a semantically secure cryptosystem guarantees that nothing is learned about the plaintext from the ciphertext. However, querying a database about individuals or requesting for summary statistics can leak information. Differential privacy (DP) offers a formal framework to bound the amount of information that an adversary can discover from a database with private data, when statistical findings of the stored data are communicated to an untrusted party. Although both encryption schemes and differential private mechanisms can provide important privacy guarantees, when employed in isolation they do not guarantee full privacy-preservation. This paper investigates how to efficiently combine DP and an encryption scheme to prevent leakage of information. More precisely, we introduce and instantiate differentially private encryption schemes that provide both DP and confidentiality.

#### Hidden sums and their application on block ciphers

Open PDF

WCC 2017

Abstract: We report the recent results on hidden sums obtained in the unpublished preprints by Brunetta, Calderini, and Sala. These hidden sums could be used to exploit some particular trapdoors in block ciphers. Each hidden sum is related to an elementary abelian regular subgroup. Focusing on the subgroups of the affine general linear group, we are able to characterize the maps generating these groups. From the characterization we obtain a polynomial-time algorithm to represent the elements of a binary vector space with respect to the hidden sum. Such an algorithm can be used to exploit the trapdoor in a block cipher. Then we design an efficient algorithm to perform the necessary preprocessing on the components of a cipher for the exploitation of the trapdoor.

This paper is the conference version of my master thesis “On some Computational Aspects for Hidden Sums in Boolean Functions” that can be found in the Trento University Library (link) or in pdf.

A complete journal version can be found in the journal Discrete Mathematics (Vol. 342)

#### Towards the Verification of Image Integrity in Online News

DOI Version
Open PDF

ICMEW 2015

Abstract: The widespread of social networking services allows users to share and quickly spread an enormous amount of digital contents. Currently, a low level of security and trustworthiness is applied to such information, whose reliability cannot be taken for granted due to the large availability of image editing software which allow any user to easily manipulate digital contents. This has a huge impact on the deception of users, whose opinion can be seriously influenced by altered media. In this work, we face the challenge of verifying online news by analyzing the images related to the particular news article. Our goal is to create an empirical system which helps in verifying the consistency of visually and semantically similar images used within different news articles on the same topic.