Vincenzo Iovino

On the Achievability of Simulation-Based Security for Functional Encryption

This work attempts to clarify to what extent simulation-based security (SIM-security) is achievable for functional encryption (FE) and its relation to the weaker indistinguishability-based security (IND-security). Our main result is a compiler that transforms any FE scheme for the general circuit functionality (which we denote by Circuit-FE) meeting indistinguishability-based security (IND-security) to a Circuit-FE scheme meeting SIM-security, where:

Secure and Policy-Private Resource Sharing in an Online Social Network

Providing functionalities that allow online social network users to manage in a secure and private way the publication of their information and/or resources is a relevant and far from trivial topic that has been under scrutiny from various research communities. In this work, we provide a framework that allows users to define highly expressive access policies to their resources in a way that the enforcement does not require the intervention of a (trusted or not) third party. This is made possible by the deployment of a newly defined cryptographic primitives that provides - among other things - efficient access revocation and access policy privacy.

Mergeable Functional Encryption

In this paper we put forward a new generalization of Functional Encryption (FE) that we call Mergeable FE (mFE). In a mFE system, given a ciphertext \(c_1\) encrypting \(m_1\) and a ciphertext \(c_2\) encrypting \(m_2\), it is possible to produce in an oblivious way a ciphertext encrypting the merged string \(m_1||m_2\) under the security constraint that the new ciphertext does not leak more information about the original ciphertexts. For instance, let us suppose to have a token for a program (for inputs of variable length) \(P_x\) that, on input a string D representing a list of elements, checks if a given element x is in D, and suppose that \(c_1\) (resp. \(c_2\)) encrypts a list \(D_1\) (resp. \(D_2\)). Then the token evaluated on \(c_1\) (resp. \(c_2\)) reveals if x is in list \(D_1\) (resp. \(D_2\)) but the same token evaluated on c, the ciphertext resulting from the merge of \(c_1\) and \(c_2\), should only reveal if x is in \(D_1\) or x is in \(D_2\) but not in which of the two lists it is in.

Controlled Homomorphic Encryption: Definition and Construction

Fully Homomorphic Encryption schemes (FHEs) and Functional Encryption schemes (FunctEs) have a tremendousimpact in cryptography both for the natural questions that they address and for the wide range of applications in which they have been (sometimes critically) used.

On the Possibility of Non-Interactive E-Voting in the Public-key Setting

In 2010 Hao, Ryan and Zielinski proposed a simple decentralized e-voting protocol that only requires 2 rounds of communication. Thus, for k elections their protocol needs 2k rounds of communication. Observing that the first round of their protocol is aimed to establish the public-keys of the voters, we propose an extension of the protocol as a non-interactive e-voting scheme in the public-key setting (NIVS) in which the voters, after having published their public-keys, can use the corresponding secret-keys to participate in an arbitrary number of one-round elections.

On the Power of Public-key Function-Private Functional Encryption

The past ten years have seen tremendous progress in the uptake of side channel analysis in various applications. Among them, Side Channel Analysis for Reverse Engineering (SCARE) is an especially fruitful area. Taking the side channel leakage into account, SCARE efficiently recovers secret ciphers in a non-destructive and nonintrusive manner. Unfortunately, most previous works focus on customizing SCARE for a certain type of ciphers or implementations. In this paper, we ask whether the attacker can loosen these restrictions and reverse secret block ciphers in a more general manner. To this end, we propose a SCARE based on Linear Regression Attack (LRA), which simultaneously detects and analyzes the power leakages of the secret encryption process. Compared with the previous SCAREs, our approach uses less a priori knowledge, covers more block cipher instances in a completely non-profiled manner. Moreover, we further present a complete SCARE flow with realistic power measurements of an unprotected software implementation. From traces that can barely recognize the encryption rounds, our experiments demonstrate how the underlying cipher can be recovered step-by-step. Although our approach still has some limitations, we believe it can serve as an alternative tool for reverse engineering in the future.

Power of public-key function-private functional encryption

In the public-key setting, known constructions of function-private functional encryption (FPFE) were limited to very restricted classes of functionalities like inner-product. Moreover, its power has not been well investigated. The authors construct FPFE for general functions and explore its powerful applications, both for general and specific functionalities. One key observation entailed by their results is that attribute-based encryption with function privacy implies FE, a notable fact that sheds light on the importance of the function privacy property for FE.

Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol

We introduce the notion of privacy-preserving verifiabilityfor security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of information about the protocol’s execution than those required to run the test. Our definition of privacy-preserving verifiability is general and applies to cryptographic protocols as well as to human security protocols. In this paper we exemplify it in the domain of e-exams. We prove that the notion is meaningful by studying an existing exam protocol that is verifiable but whose verifiability tests are not privacy-preserving. We prove that the notion is applicable: we review the protocol using functional encryption so that it admits a verifiability test that preserves privacy according to our definition. We analyse, in ProVerif, that the verifiability holds despite malicious parties and that the new protocol maintains all the security properties of the original protocol, so proving that our privacy-preserving verifiability can be achieved starting from existing security.

On the Relation Between SIM and IND-RoR Security Models for PAKEs

Password-based Authenticated Key-Exchange (PAKE) protocols allow users, who need only to share a password, to compute a high-entropy shared session key despite passwords being taken from a dictionary. Security models for PAKE protocols aim to capture the desired security properties that such protocols must satisfy when executed in the presence of an active adversary. They are usually classified into i) indistinguishabilitybased (IND-based) or ii) simulation-based (SIM-based). The relation between these two security notions is unclear and mentioned as a gap in the literature. In this work, we prove that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND-RoR security from Abdalla et al. (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security.

Using Selene to Verify your Vote in JCJ

We show how to combine the individual verification mechanism of Selene with the coercion-resistant e-voting scheme from Juels, Catalano and Jakobsson (JCJ). This results in an e-voting scheme which allows the voter to check directly that her vote is counted as intended, but still allows her to mitigate coercion.