Ágnes Kiss

Private Set Intersection for Unequal Set Sizes with Mobile Applications

Abstract Private set intersection (PSI) is a cryptographic technique that is applicable to many privacy-sensitive scenarios. For decades, researchers have been focusing on improving its efficiency in both communication and computation. However, most of the existing solutions are inefficient for an unequal number of inputs, which is common in conventional client-server settings. In this paper, we analyze and optimize the efficiency of existing PSI protocols to support precomputation so that they can efficiently deal with such input sets. We transform four existing PSI protocols into the precomputation form such that in the setup phase the communication is linear only in the size of the larger input set, while in the online phase the communication is linear in the size of the smaller input set. We implement all four protocols and run experiments between two PCs and between a PC and a smartphone and give a systematic comparison of their performance. Our experiments show that a protocol based on securely evaluating a garbled AES circuit achieves the fastest setup time by several orders of magnitudes, and the fastest online time in the PC setting where AES-NI acceleration is available. In the mobile setting, the fastest online time is achieved by a protocol based on the Diffie-Hellman assumption.

Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT

In this work, we analyze all existing RSA-CRT countermeasures against the Bellcore attack that use binary self-secure exponentiation algorithms. We test their security against a powerful adversary by simulating fault injections in a fault model that includes random, zeroing, and skipping faults at all possible fault locations. We find that most of the countermeasures are vulnerable and do not provide sufficient security against all attacks in this fault model. After investigating how additional measures can be included to counter all possible fault injections, we present three countermeasures which prevent both power analysis and many kinds of fault attacks.

More Efficient Universal Circuit Constructions

A universal circuit (UC) can be programmed to simulate any circuit up to a given size n by specifying its program bits. UCs have several applications, including private function evaluation (PFE). The asymptotical lower bound for the size of a UC is proven to be \(\varOmega (n\log n)\). In fact, Valiant (STOC’76) provided two theoretical UC constructions using so-called 2-way and 4-way constructions, with sizes\(~5n\log _2n\) and \(4.75n\log _2n\), respectively. The 2-way UC has recently been brought into practice in concurrent and independent results by Kiss and Schneider (EUROCRYPT’16) and Lipmaa et al. (Eprint 2016/017). Moreover, the latter work generalized Valiant’s construction to any k-way UC.

On the Optimality of Differential Fault Analyses on CLEFIA

In 2012, several Differential Fault Analyses on the AES cipher were analyzed from an information-theoretic perspective. This analysis exposed whether or not the leaked information was fully exploited. We apply the same approach to all existing Differential Fault Analyses on the CLEFIA cipher. We show that only some of these attacks are already optimal. We improve those analyses which did not exploit all information. With one exception, all attacks against CLEFIA-128 reach the theoretical limit after our improvement. Our improvement of an attack against CLEFIA-192 and CLEFIA-256 reduces the number of fault injections to the lowest possible number reached so far.

Faster privacy-preserving location proximity schemes

In the last decade, location information became easily obtainable using off-the-shelf mobile devices. This gave a momentum to developing Location Based Services (LBSs) such as location proximity detection, which can be used to find friends or taxis nearby. LBSs can, however, be easily misused to track users, which draws attention to the need of protecting privacy of these users.