Christian Janson

Revocation in Publicly Verifiable Outsourced Computation

The combination of software-as-a-service and the increasing use of mobile devices gives rise to a considerable difference in computational power between servers and clients. Thus, there is a desire for clients to outsource the evaluation of complex functions to an external server. Servers providing such a service may be rewarded per computation, and as such have an incentive to cheat by returning garbage rather than devoting resources and time to compute a valid result.

Access Control in Publicly Verifiable Outsourced Computation

Publicly Verifiable Outsourced Computation (PVC) allows devices with restricted resources to delegate computations to more powerful external servers, and to verify the correctness of results. Whilst beneficial in many situations, this increases the visibility and availability of potentially sensitive data, so we may wish to limit the sets of entities that can view input data and results. Additionally, it is highly unlikely that all users have identical and uncontrolled access to all functionality within an organization. Thus there is a need for access control mechanisms in PVC environments. In this work, we define a new framework for Publicly Verifiable Outsourced Computation with Access Control (PVC-AC) and discuss the security models and forms of access control policies that are necessary in such environments.

PRF-ODH: Relations, Instantiations, and Impossibility Results

The pseudorandom-function oracle-Diffie–Hellman (PRF-ODH) assumption has been introduced recently to analyze a variety of DH-based key exchange protocols, including TLS 1.2 and the TLS 1.3 candidates, as well as the extended access control (EAC) protocol. Remarkably, the assumption comes in different flavors in these settings and none of them has been scrutinized comprehensively yet. In this paper here we therefore present a systematic study of the different PRF-ODH variants in the literature. In particular, we analyze their strengths relative to each other, carving out that the variants form a hierarchy. We further investigate the boundaries between instantiating the assumptions in the standard model and the random oracle model. While we show that even the strongest variant is achievable in the random oracle model under the strong Diffie–Hellman assumption, we provide a negative result showing that it is implausible to instantiate even the weaker variants in the standard model via algebraic black-box reductions to common cryptographic problems.

Hybrid Publicly Verifiable Computation

Publicly Verifiable Outsourced Computation PVC allows weak devices to delegate computations to more powerful servers, and to verify the correctness of results. Delegation and verification rely only on public parameters, and thus PVC lends itself to large multi-user systems where entities need not be registered. In such settings, individual user requirements may be diverse and cannot be realised with current PVC solutions. In this paper, we introduce Hybrid PVC HPVC which, with a single setup stage, provides a flexible solution to outsourced computation supporting multiple modes: i standard PVC, ii PVC with cryptographically enforced access control policies restricting the servers that may perform a given computation, and iii a reversed model of PVC which we call Verifiable Delegable Computation VDC where data is held remotely by servers. Entities may dynamically play the role of delegators or servers as required.

Extended Functionality in Verifiable Searchable Encryption

When outsourcing the storage of sensitive data to an (untrusted) remote server, a data owner may choose to encrypt the data beforehand to preserve confidentiality. However, it is then difficult to efficiently retrieve specific portions of the data as the server is unable to identify the relevant information. Searchable encryption well studied as a solution to this problem, allowing data owners and other authorised users to generate search queries which the server may execute over the encrypted data to identify relevant data portions.