CryptoDB
Thomas Ristenpart
Publications
Year
Venue
Title
2022
EUROCRYPT
A Fast and Simple Partially Oblivious PRF, with Applications
📺
Abstract
We build the first construction of a partially oblivious pseudorandom function (POPRF) that does not rely on bilinear pairings. Our construction can be viewed as combining elements of the 2HashDH OPRF of Jarecki, Kiayias, and Krawczyk with the Dodis-Yampolskiy PRF. We analyze our POPRF’s security in the random oracle model via reduction to a new one-more gap strong Diffie-Hellman inversion assumption. The most significant technical challenge is establishing confidence in the new assumption, which requires new proof techniques that enable us to show that its hardness is implied by the q-DL assumption in the algebraic group model.
Our new construction is as fast as the current, standards-track OPRF 2HashDH protocol, yet provides a new degree of flexibility useful in a variety of applications. We show how POPRFs can be used to prevent token hoarding attacks against Privacy Pass, reduce key management complexity in the OPAQUE password authenticated key exchange protocol, and ensure stronger security for password breach alerting services.
2019
CRYPTO
Asymmetric Message Franking: Content Moderation for Metadata-Private End-to-End Encryption
📺
Abstract
Content moderation is crucial for stopping abusive and harassing messages in online platforms. Existing moderation mechanisms, such as message franking, require platform providers to be able to associate user identifiers to encrypted messages. These mechanisms fail in metadata-private messaging systems, such as Signal, where users can hide their identities from platform providers. The key technical challenge preventing moderation is achieving cryptographic accountability while preserving deniability.In this work, we resolve this tension with a new cryptographic primitive: asymmetric message franking (AMF) schemes. We define strong security notions for AMF schemes, including the first formal treatment of deniability in moderation settings. We then construct, analyze, and implement an AMF scheme that is fast enough to use for content moderation of metadata-private messaging.
2018
CRYPTO
Fast Message Franking: From Invisible Salamanders to Encryptment
📺
Abstract
Message franking enables cryptographically verifiable reporting of abusive messages in end-to-end encrypted messaging. Grubbs, Lu, and Ristenpart recently formalized the needed underlying primitive, what they call compactly committing authenticated encryption (AE), and analyze security of a number of approaches. But all known secure schemes are still slow compared to the fastest standard AE schemes. For this reason Facebook Messenger uses AES-GCM for franking of attachments such as images or videos.We show how to break Facebook’s attachment franking scheme: a malicious user can send an objectionable image to a recipient but that recipient cannot report it as abuse. The core problem stems from use of fast but non-committing AE, and so we build the fastest compactly committing AE schemes to date. To do so we introduce a new primitive, called encryptment, which captures the essential properties needed. We prove that, unfortunately, schemes with performance profile similar to AES-GCM won’t work. Instead, we show how to efficiently transform Merkle-Damgärd-style hash functions into secure encryptments, and how to efficiently build compactly committing AE from encryptment. Ultimately our main construction allows franking using just a single computation of SHA-256 or SHA-3. Encryptment proves useful for a variety of other applications, such as remotely keyed AE and concealments, and our results imply the first single-pass schemes in these settings as well.
2009
EUROCRYPT
2008
CRYPTO
2007
EUROCRYPT
Program Committees
- Crypto 2020 (Program chair)
- Eurocrypt 2018
- Eurocrypt 2016
- Eurocrypt 2014
- Crypto 2013
- Eurocrypt 2012
- FSE 2010
- FSE 2009
Coauthors
- Mihir Bellare (6)
- Zvika Brakerski (1)
- Sofía Celi (1)
- Rahul Chatterjee (1)
- Yevgeniy Dodis (6)
- Adam Everspaugh (1)
- Marc Fischlin (2)
- Chaya Ganesh (1)
- Alexander Golovnev (1)
- Paul Grubbs (4)
- Joseph Jaeger (1)
- Ari Juels (3)
- Sriram Keelveedhi (1)
- Anja Lehmann (1)
- Julia Len (1)
- Jiahui Lu (1)
- Ian Miers (1)
- Moni Naor (1)
- Adam O'Neill (1)
- Kenneth G. Paterson (2)
- Phillip Rogaway (1)
- Samuel Scott (1)
- Gil Segev (1)
- Hovav Shacham (2)
- Thomas Shrimpton (5)
- Martijn Stam (1)
- John P. Steinberger (1)
- Nicholas T. Sullivan (1)
- Qiang Tang (1)
- Stefano Tessaro (4)
- Nirvan Tyagi (2)
- Salil P. Vadhan (1)
- Christopher A. Wood (1)
- Joanne Woodage (2)
- Yuval Yarom (1)
- Scott Yilek (3)