CryptoDB
Foteini Baldimtsi
Publications
Year
Venue
Title
2020
ASIACRYPT
Crowd Verifiable Zero-Knowledge and End-to-end Verifiable Multiparty Computation
📺
Abstract
Auditing a secure multiparty computation (MPC) protocol
entails the validation of the protocol transcript
by a third party that is otherwise untrusted.
In this work we introduce the concept of end-to-end verifiable
MPC (VMPC), that requires the validation to provide a correctness
guarantee even in the setting that all servers, trusted setup
primitives and all the client systems utilized by the input-providing
users of the MPC protocol are subverted by an adversary.
To instantiate VMPC, we introduce a new concept in the setting of
zero-knowlegde protocols that we term crowd verifiable zero-knowledge
(CVZK). A CVZK protocol enables a prover to convince a set of verifiers
about a certain statement, even though each one individually contributes
a small amount of entropy for verification and some of them are adversarially
controlled. Given CVZK, we present a VMPC protocol that
is based on discrete-logarithm related assumptions.
At the high level of adversity that VMPC is meant to withstand,
it is infeasible to ensure perfect correctness,
thus we investigate the classes of functions and
verifiability relations that are feasible in our framework, and
present a number of possible applications the underlying
functions of which can be implemented via VMPC.
2019
ASIACRYPT
Efficient Noninteractive Certification of RSA Moduli and Beyond
Abstract
In many applications, it is important to verify that an RSA public key (N, e) specifies a permutation over the entire space
$$\mathbb {Z}_N$$
, in order to prevent attacks due to adversarially-generated public keys. We design and implement a simple and efficient noninteractive zero-knowledge protocol (in the random oracle model) for this task. Applications concerned about adversarial key generation can just append our proof to the RSA public key without any other modifications to existing code or cryptographic libraries. Users need only perform a one-time verification of the proof to ensure that raising to the power e is a permutation of the integers modulo N. For typical parameter settings, the proof consists of nine integers modulo N; generating the proof and verifying it both require about nine modular exponentiations.We extend our results beyond RSA keys and also provide efficient noninteractive zero-knowledge proofs for other properties of N, which can be used to certify that N is suitable for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for similar languages, our protocols are more efficient and do not require interaction, which enables a broader class of applications.
Program Committees
- Eurocrypt 2021
- Crypto 2018
Coauthors
- Melissa Chase (1)
- Georg Fuchsbauer (1)
- Sharon Goldberg (1)
- Aggelos Kiayias (2)
- Markulf Kohlweiss (1)
- Anna Lysyanskaya (1)
- Leonid Reyzin (1)
- Omar Sagga (1)
- Thomas Zacharias (2)
- Bingsheng Zhang (2)