Contact discovery allows new users of a messaging service to find existing contacts that already use that service. Existing users are similarly informed of new users that join. Current contact discovery protocols allow the server to reconstruct the social graph (i.e. the graph describing who is a contact of who), which is a serious privacy issue, unless they use trusted hardware to prevent this. But even in the latter case, privacy is still at stake: anyone already on the service that has your number on their contact list gets notified that you joined. Even if you don't know that person, or if it is an ex or former colleague that you long parted with and whose contact details you deleted long ago.
To solve this, we propose a *mutual* contact discovery protocol, that only allow users to discover each other when *both* are (still) in each other's contact list. Mutual contact discovery has the additional advantage that it can be implemented in a more privacy friendly fashion (e.g. protecting the social graph from the server) than traditional, one-sided contact discovery, without necessarily relying on trusted hardware.
This seminar presents research on anonymous credentials with Publicly Auditable Privacy Revocation (PAPR). PAPR credentials simultaneously provide conditional user privacy and auditable privacy revocation for credential systems.
Alley will argue in favor of using the real/ideal paradigm for defining security in a programming languages context, even when systems are entirely non-probabilistic.
HTTPS is a cornerstone of privacy in the modern Web. The public key
infrastructure underlying HTTPS, however, is a frequent target of
attacks. We introduce LogPicker, a novel protocol for strengthening
the public key infrastructure of HTTPS. LogPicker enables a pool of
Certificate Transparency (CT) logs to collaborate, where a randomly
selected log includes the certificate while the rest witness and
testify the certificate issuance process. As a result, CT logs
become capable of auditing the log in charge independently without
the need for a trusted third party.
Common verification procedures for digital signatures return a
decision (accept/reject) only at the very end of the execution. If
interrupted prematurely, however, the verification process cannot
infer any meaningful information about the validity of the given
signature. This limitation is due to the algorithm design solely,
and it is not inherit to signature verification. In this talk, I
will present a formal framework to handle interruptions during
signature verification and a generic way to devise alternative
verification procedures that progressively build confidence on the
final decision. Our transformation applies to a wide range of
post-quantum secure schemes including the NIST finalist Rainbow.
High-assurance cryptography leverages methods from program verification and cryptography engineering to deliver efficient cryptographic software with machine-checked proofs of memory safety, functional correctness, provable security, and absence of …