Antonio Nicolosi

Anonymous Identification in Ad Hoc Groups

We introduce Ad hoc Anonymous Identification schemes, a new multi-user cryptographic primitive that allows participants from a user population to form ad-hoc groups, and then prove membership anonymously in such groups. Our schemes are based on the notion of accumulator with one-way domain, a natural extension of cryptographic accumulators we introduce in this work. We provide a formal model for Ad hoc Anonymous Identification schemes and design secure such schemes both generically (based on any accumulator with one-way domain) and for a specific efficient implementation of such an accumulator based on the Strong RSA Assumption. A salient feature of our approach is that all the identification protocols take time independent of the size of the ad-hoc group. All our schemes and notions can be generally and efficiently amended so that they allow the recovery of the signer’s identity by an authority, if the latter is desired.

Public Key Cryptography – PKC 2011

This book constitutes the thoroughly refereed proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography, PKC 2011, held in Taormina, Italy, in March 2011. The 28 papers presented were carefully reviewed and selected from 103 submissions. The book also contains one invited talk. The papers are grouped in topical sections on signatures, attribute based encryption, number theory, protocols, chosen-ciphertext security, encryption, zero-knowledge, and cryptanalysis.

Verifying and enforcing network paths with icing

We describe a new networking primitive, called a Path Verification Mechanism (pvm). There has been much recent work about how senders and receivers express policies about the paths that their packets take. For instance, a company might want fine-grained control over which providers carry which traffic between its branch offices, or a receiver may want traffic sent to it to travel through an intrusion detection service. While the ability to express policies has been well-studied, the ability to enforce policies has not. The core challenge is: if we assume an adversarial, decentralized, and high-speed environment, then when a packet arrives at a node, how can the node be sure that the packet followed an approved path? Our solution, icing, incorporates an optimized cryptographic construction that is compact, and requires negligible configuration state and no PKI. We demonstrate icings plausibility with a NetFPGA hardware implementation. At 93% more costly than an IP router on the same platform, its cost is significant but affordable. Indeed, our evaluation suggests that icing can scale to backbone speeds.

The NEBULA Future Internet Architecture

The NEBULA Future Internet Architecture (FIA) project is focused on a future network that enables the vision of cloud computing [8,12] to be realized. With computation and storage moving to data centers, networking to these data centers must be several orders of magnitude more resilient for some applications to trust cloud computing and enable their move to the cloud.

Secure acknowledgment of multicast messages in open peer-to-peer networks

We propose a new cryptographic technique, Acknowledgment Compression, permitting senders of multicast data to verify that all interested parties have either received the data or lost network connectivity. Joining the system and acknowledging messages both require bandwidth and computation logarithmic in the size of a multicast group. Thus, the technique is well-suited to large-scale, peer-to-peer multicast groups in which neither the source nor any single peer wishes to download a complete list of participants. In the event that sufficiently many nodes are malicious, a message may fail to verify. However, in such cases the source learns the real network address of a number of malicious nodes.

Traitor tracing with optimal transmission rate

We present the first traitor tracing scheme with efficient black-box traitor tracing in which the ratio of the ciphertext and plaintext lengths (the transmission rate) is asymptotically 1, which is optimal. Previous constructions in this setting either obtained constant (but not optimal) transmission rate [16], or did not support black-box tracing [10]. Our treatment improves the standard modeling of black-box tracing by additionally accounting for pirate strategies that attempt to escape tracing by purposedly rendering the transmitted content at lower quality. Our construction relies on the decisional bilinear Diffie-Hellman assumption, and attains the same features of public traceability as (a repaired variant of) [10], which is less efficient and requires non-standard assumptions for bilinear groups.

Efficient bounded distance decoders for Barnes-Wall lattices

We describe a new family of parallelizable bounded distance decoding algorithms for the Barnes-Wall lattices, and analyze their decoding complexity. The algorithms are parameterized by the number p = 4^k les N² of available processors, work for Barnes-Wall lattices in arbitrary dimension N = 2ⁿ, correct any error up to squared unique decoding radius d² _min / A, and run in worst- case time O (Nlog² N/radic(p)). Depending on the value of the parameter p, this yields efficient decoding algorithms ranging from a fast sequential algorithm with quasi- linear decoding complexity O(N log² N), to a fully parallel decoding circuit with polylogarithmic depth O(log² N) and polynomially many arithmetic gates.

A brief overview of the NEBULA future internet architecture

Nebula is a proposal for a Future Internet Architecture. It is based on the assumptions that: (1) cloud computing will comprise an increasing fraction of the application workload offered to an Internet, and (2) that access to cloud computing resources will demand new architectural features from a network. Features that we have identified include dependability, security, flexibility and extensibility, the entirety of which constitute resilience. Nebula provides resilient networking services using ultrareliable routers, an extensible control plane and use of multiple paths upon which arbitrary policies may be enforced. We report on a prototype system, Zodiac, that incorporates these latter two features.

Generalized learning problems and applications to non-commutative cryptography

We propose a generalization of the learning parity with noise (LPN) and learning with errors (LWE) problems to an abstract class of group-theoretic learning problems that we term learning homomorphisms with noise (LHN). This class of problems contains LPN and LWE as special cases, but is much more general. It allows, for example, instantiations based on non-abelian groups, resulting in a new avenue for the application of combinatorial group theory to the development of cryptographic primitives. We then study a particular instantiation using relatively free groups and construct a symmetric cryptosystem based upon it.

Hardness of learning problems over Burnside groups of exponent 3

In this work, we investigate the hardness of learning Burnside homomorphisms with noise (