## CryptoDB

### Ivan Visconti

#### Affiliation: University of Salerno, Italy

#### Publications

**Year**

**Venue**

**Title**

2019

PKC

Publicly Verifiable Proofs from Blockchains
Abstract

A proof system is publicly verifiable, if anyone, by looking at the transcript of the proof, can be convinced that the corresponding theorem is true. Public verifiability is important in many applications since it allows to compute a proof only once while convincing an unlimited number of verifiers.Popular interactive proof systems (e.g., $$\varSigma $$-protocols) protect the witness through various properties (e.g., witness indistinguishability (WI) and zero knowledge (ZK)) but typically they are not publicly verifiable since such proofs are convincing only for those verifiers who contributed to the transcripts of the proofs. The only known proof systems that are publicly verifiable rely on a non-interactive (NI) prover, through trust assumptions (e.g., NIZK in the CRS model), heuristic assumptions (e.g., NIZK in the random oracle model), specific number-theoretic assumptions on bilinear groups or relying on obfuscation assumptions (obtaining NIWI with no setups).In this work we construct publicly verifiable witness-indistinguishable proof systems from any $$\varSigma $$-protocol, based only on the existence of a very generic blockchain. The novelty of our approach is in enforcing a non-interactive verification (thus guaranteeing public verifiability) while allowing the prover to be interactive and talk to the blockchain (this allows us to circumvent the need of strong assumptions and setups). This opens interesting directions for the design of cryptographic protocols leveraging on blockchain technology.

2019

CRYPTO

Universally Composable Secure Computation with Corrupted Tokens
📺
Abstract

We introduce the corrupted token model. This model generalizes the tamper-proof token model proposed by Katz (EUROCRYPT ’07) relaxing the trust assumption on the honest behavior of tokens. Our model is motivated by the real-world practice of outsourcing hardware production to possibly corrupted manufacturers. We capture the malicious behavior of token manufacturers by allowing the adversary to corrupt the tokens of honest players at the time of their creation.We show that under minimal complexity assumptions, i.e., the existence of one-way functions, it is possible to UC-securely realize (a variant of) the tamper-proof token functionality of Katz in the corrupted token model with n stateless tokens assuming that the adversary corrupts at most $$n-1$$ of them (for any $$n>0$$). We apply this result to existing multi-party protocols in Katz’s model to achieve UC-secure MPC in the corrupted token model assuming only the existence of one-way functions. Finally, we show how to obtain the above results using tokens of small size that take only short inputs. The technique in this result can also be used to improve the assumption of UC-secure hardware obfuscation recently proposed by Nayak et al. (NDSS ’17). While their construction requires the existence of collision-resistant hash functions, we can obtain the same result from only one-way functions. Moreover using our main result we can improve the trust assumption on the tokens as well.

2018

CRYPTO

Continuously Non-Malleable Codes in the Split-State Model from Minimal Assumptions
📺
Abstract

At ICS 2010, Dziembowski, Pietrzak and Wichs introduced the notion of non-malleable codes, a weaker form of error-correcting codes guaranteeing that the decoding of a tampered codeword either corresponds to the original message or to an unrelated value. The last few years established non-malleable codes as one of the recently invented cryptographic primitives with the highest impact and potential, with very challenging open problems and applications.In this work, we focus on so-called continuously non-malleable codes in the split-state model, as proposed by Faust et al. (TCC 2014), where a codeword is made of two shares and an adaptive adversary makes a polynomial number of attempts in order to tamper the target codeword, where each attempt is allowed to modify the two shares independently (yet arbitrarily). Achieving continuous non-malleability in the split-state model has been so far very hard. Indeed, the only known constructions require strong setup assumptions (i.e., the existence of a common reference string) and strong complexity-theoretic assumptions (i.e., the existence of non-interactive zero-knowledge proofs and collision-resistant hash functions).As our main result, we construct a continuously non-malleable code in the split-state model without setup assumptions, requiring only one-to-one one-way functions (i.e., essentially optimal computational assumptions). Our result introduces several new ideas that make progress towards understanding continuous non-malleability, and shows interesting connections with protocol-design and proof-approach techniques used in other contexts (e.g., look-ahead simulation in zero-knowledge proofs, non-malleable commitments, and leakage resilience).

2018

ASIACRYPT

Non-interactive Secure Computation from One-Way Functions
Abstract

The notion of non-interactive secure computation (NISC) first introduced in the work of Ishai et al. [EUROCRYPT 2011] studies the following problem: Suppose a receiver R wishes to publish an encryption of her secret input y so that any sender S with input x can then send a message m that reveals f(x, y) to R (for some function f). Here, m can be viewed as an encryption of f(x, y) that can be decrypted by R. NISC requires security against both malicious senders and receivers, and also requires the receiver’s message to be reusable across multiple computations (w.r.t. a fixed input of the receiver).All previous solutions to this problem necessarily rely upon OT (or specific number-theoretic assumptions) even in the common reference string model or the random oracle model or to achieve weaker notions of security such as super-polynomial-time simulation.In this work, we construct a NISC protocol based on the minimal assumption of one way functions, in the stateless hardware token model. Our construction achieves UC security and requires a single token sent by the receiver to the sender.

2013

EUROCRYPT

2010

PKC

2008

EPRINT

Constant-Round Concurrent Non-Malleable Commitments and Decommitments
Abstract

In this paper we consider commitment schemes that are secure against concurrent poly-time man-in-the-middle (cMiM) attacks. Under such attacks, two possible notions of security for commitment schemes have been proposed in the literature: concurrent non-malleability with respect to commitment and concurrent non-malleability with respect to decommitment (i.e., opening).
After the original notion of non-malleability introduced by [Dolev, Dwork and Naor STOC 91] that is based on the independence of the committed and decommitted message, a new and stronger notion of non-malleability has been given in [Pass and Rosen STOC 05] by requiring that for any man-in-the-middle adversary there is a stand-alone adversary that succeeds with the same probability.
Under this stronger security notion, a constant-round commitment scheme that is concurrent non-malleable only with respect to commitment has been given in [Pass and Rosen FOCS 05] for the plain model, thus leaving as an open problem the construction of a constant-round concurrent non-malleable commitments with respect to decommitment. In other words, in [Pass and Rosen FOCS 05] security against adversaries that mount concurrent man-in-the-middle attacks is guaranteed only during the commitment phase (under their stronger notion of non-malleability).
The main result of this paper is a commitment scheme that is concurrent non-malleable with respect to both commitment and
decommitment, under the stronger notion of [Pass and Rosen STOC 05].
This property protects against cMiM attacks mounted during both commitments and decommitments which is a crucial security requirement in several applications, as in some digital auctions, in which players have to perform both commitments and decommitments.
Our scheme uses a constant number of rounds of interaction in the
plain model and is the first scheme that enjoys all these properties
under the definitions of [Pass and Rosen FOCS 05].
We stress that, exactly as in [Pass and Rosen FOCS 05], we assume that commitments and decommitments are performed in two distinct phases that do not overlap in time.

2004

CRYPTO

#### Program Committees

- TCC 2018
- Eurocrypt 2018
- Asiacrypt 2017
- PKC 2017
- Asiacrypt 2016
- Eurocrypt 2016
- TCC 2016
- Crypto 2014
- Eurocrypt 2014
- Eurocrypt 2012
- PKC 2012
- PKC 2010
- PKC 2009
- Asiacrypt 2009

#### Coauthors

- Joël Alwen (3)
- Saikrishna Badrinarayanan (2)
- Zhenfu Cao (1)
- Dario Catalano (1)
- Nishanth Chandran (1)
- Melissa Chase (2)
- Chongwon Cho (1)
- Wutichai Chongchitmate (2)
- Kai-Min Chung (1)
- Michele Ciampi (9)
- Giovanni Di Crescenzo (2)
- Yevgeniy Dodis (1)
- Sanjam Garg (2)
- Vipul Goyal (3)
- Abhishek Jain (3)
- Jonathan Katz (1)
- Dakshita Khurana (1)
- Abishek Kumarasubramanian (1)
- Yehuda Lindell (1)
- Claudio Orlandi (2)
- Rafail Ostrovsky (25)
- Omkant Pandey (1)
- Rafael Pass (1)
- Giuseppe Persiano (13)
- Vanishree Rao (3)
- Silas Richelson (2)
- Amit Sahai (2)
- Alessandra Scafuro (9)
- Abhi Shelat (2)
- Luisa Siniscalchi (10)
- Muthuramakrishnan Venkitasubramaniam (1)
- Carmine Ventre (1)
- Daniele Venturi (1)
- Akshay Wadia (2)
- Zongyang Zhang (1)