Elena Pagnin

Multi-key Homomorphic Authenticators

Homomorphic authenticators HAs enable a client to authenticate a large collection of data elements

Privacy-Preserving Biometric Authentication: Challenges and Directions

m_1, \ldots , m_t

\(\mathsf {HIKE}\): Walking the Privacy Trail

and outsource them, along with the corresponding authenticators, to an untrusted server. At any later point, the server can generate a short authenticator vouching for the correctness of the output y of a function f computed on the outsourced data, i.e.,

HB+DB: Distance bounding meets human based authentication

y=fm_1, \ldots , m_t

Attacks on Privacy-Preserving Biometric Authentication

. Recently researchers have focused on HAs as a solution, with minimal communication and interaction, to the problem of delegating computation on outsourced data. The notion of HAs studied so far, however, only supports executions and proofs of correctness of computations over data authenticated by a single user. Motivated by realistic scenarios ubiquitous computing, sensor networks, etc. in which large datasets include data provided by multiple users, we study the concept of multi-key homomorphic authenticators. In a nutshell, multi-key HAs are like HAs with the extra feature of allowing the holder of public evaluation keys to compute on data authenticated under different secret keys. In this paper, we introduce and formally define multi-key HAs. Secondly, we propose a construction of a multi-key homomorphic signature based on standard lattices and supporting the evaluation of circuits of bounded polynomial depth. Thirdly, we provide a construction of multi-key homomorphic MACs based only on pseudorandom functions and supporting the evaluation of low-degree arithmetic circuits. Albeit being less expressive and only secretly verifiable, the latter construction presents interesting efficiency properties.

Two-Hop Distance-Bounding Protocols: Keep Your Friends Close

Distance-bounding protocols allow devices to cryptographically verify the physical proximity of two parties and is a prominent secure neighbour detection method. We describe how existing distance-bounding protocols could be modified to verify the proximity of both next-hop and two-hop neighbours. This approach allows a node to verify that another node is a physical next-hop neighbour, and also detects legitimate neighbours who make dishonest claims as to who their neighbours are. This approach could prevent dishonest neighbours from hoarding traffic as the result of advertising false two-hop routes.