Citation Context

... routing (PB-OR) circuit construction protocols in an IBC setting [1–3]. In parallel, we found a variant of our PB-OR protocols to be applicable to achieve anonymity in delay tolerant networks (DTNs) =-=[4]-=-. Recently, using multi-exponentiation techniques for the discrete log setting, we proposed a significantly more efficient OR protocol (Ace) [5], which is under consideration to be incorporated in Tor...

Citation Context

...luations are used to achieve verifiability for VSS in the computational complexity setting. We defined the concept of polynomial commitments, and presented a constantsize polynomial commitment scheme =-=[16]-=- that significantly reduces communication complexity for computational VSS [17] and several cloud computing applications. The three-round Pedersen synchronous VSS scheme has been the norm for distribu...

Citation Context

... broadcast channels. We observed the need for Byzantine agreement for DKG in an asynchronous communication setting, and designed a DKG protocol in a system model that arguably represents the Internet =-=[10]-=-. We implemented and extensively tested our DKG protocol on the PlanetLab platform, and found it to be efficient and reliable for use over the Internet [11]. Furthermore, we demonstrated its utility b...

Citation Context

...cant communication cost in order to achieve message routing. As our second application, we obtained two robust communication protocols for DHTs by adding threshold signatures on top of our DKG system =-=[13, 14]-=-. Both of these protocols asymptotically reduce the communication costs of previous solutions against a computationally bounded Byzantine adversary, and importantly, without using a trusted third part...

Citation Context

...hat ORAM algorithms incur only a poly-logarithmic (in data size) computation overhead rather than a (nearly) linear overhead required by PIR protocols. Based on this observation, we proposed ObliviAd =-=[19]-=-, a provably secure architecture for privacy preserving OBA, which provides brokers an economical alternative that preserves the privacy of users without hampering the precision of ad selection using ...

Citation Context

...As the first application, we formalized distributed PKG setup and private key extraction primitives for IBE, and designed provably secure distributed PKG constructions for three prominent IBE schemes =-=[12]-=-. (b) Application to Distributed Hash Tables. For quorum-based distributed hash tables (DHTs), there exist several analytical results that can tolerate malicious faults. Unfortunately, these results a...

Citation Context

...and existing OR anonymity analyses. In ongoing work, we address these issues with onion routing: As a first step, we define a provably secure OR protocol in the universal composability (UC) framework =-=[6]-=-. While our UC-secure OR protocol is practical for deploying in the next generation Tor network, our OR definition (i.e., ideal functionality) greatly simplifies the process of analyzing OR anonymity ...

Citation Context

...cant communication cost in order to achieve message routing. As our second application, we obtained two robust communication protocols for DHTs by adding threshold signatures on top of our DKG system =-=[13, 14]-=-. Both of these protocols asymptotically reduce the communication costs of previous solutions against a computationally bounded Byzantine adversary, and importantly, without using a trusted third part...

Citation Context

...are, I am looking forward to tackling the security, privacy, and economic challenges with the decentralized payment systems. As a first step in this direction, we have recently introduced CoinShuffle =-=[23]-=- a decentralized Bitcoin mixing protocol that allows users to utilize Bitcoin in a truly anonymous manner by mixing their coins with those of others. Unlike its predecessors (i.e., Zerocoin and Zeroca...

Citation Context

... to achieve anonymity in delay tolerant networks (DTNs) [4]. Recently, using multi-exponentiation techniques for the discrete log setting, we proposed a significantly more efficient OR protocol (Ace) =-=[5]-=-, which is under consideration to be incorporated in Tor. Analyzing Tor and Quantifying Anonymity. A comprehensive security analysis of the OR protocol has been lacking. This has resulted in a signifi...

Citation Context

...r the protection of privacy, and for Tor, this calls for combining the seemingly contradictory goals of anonymity and accountability. In this direction, our reactive accountability mechanism, BackRef =-=[9]-=-, provides practical repudiation for the OR proxy nodes 1 Aniket Kate Research Statement by tracing back the selected outbound traffic to the predecessor node through a novel verifiable chain of signa...

Citation Context

...onality) greatly simplifies the process of analyzing OR anonymity metrics. We then define a framework (AnoA) that generalizes the notion of adjacency from differential privacy to anonymity properties =-=[7]-=-; in particular, we formalize sender anonymity, unlinkability and relationship anonymity properties, and using our OR definition, demonstrate that those properties carry over to secure cryptographic i...

Citation Context

... for distributed cryptography for the last twenty years. In another effort, we showed that two rounds are actually necessary and sufficient for synchronous VSS, and defined a new two-round VSS scheme =-=[15]-=-. Our contributions to VSS not only complement our DKG system but also are of interest to MPC. In particular, we combined our tworound VSS with floating-point MPC primitives to define PrivaDA [18], a ...

Citation Context

...ning an oblivious algorithm for landmark routing in a credit network graph, and executing it on a server-side hardware module for performing credit network transactions in a privacy preserving manner =-=[20]-=-. Non-equivocation in SDC. A higher replication factor has been an important reason behind practitioners’ lack of enthusiasm towards Byzantine fault tolerant distributed computing (DC) systems. In rec...

Citation Context

...VSS or MPC. We filled this gap by composing non-equivocation with public-key encryptions and zero-knowledge proofs, which has resulted in novel VSS and MPC protocols with a reduced replication factor =-=[22]-=-. IV. Emerging Research Goal: Decentralized Payment Systems Over the last five years we have been observing a rather unexpected growth of crypto-currencies such as Bitcoin and payment networks such as...

Citation Context

...DC, we first defined non-equivocation formally. This led us to find that in contrast to previous perceptions non-equivocation alone does not allow for reducing the replication factor in DC primitives =-=[21]-=-; however, it is possible to use non-equivocation along with signatures to transform any crash tolerant protocol into a protocol that tolerates Byzantine faults, without requiring an increase in the r...

Citation Context

...trate that those properties carry over to secure cryptographic instantiations of the Tor protocol. Finally, we extend our formal AnoA framework to develop a client-side real-time light-weight monitor =-=[8]-=- for rigorously assessing the degree of various anonymity properties in practice, and use the monitor to study the temporal evolution of anonymity provided by Tor. Anonymity with Accountability. Tor l...

Citation Context

...ity setting. We defined the concept of polynomial commitments, and presented a constantsize polynomial commitment scheme [16] that significantly reduces communication complexity for computational VSS =-=[17]-=- and several cloud computing applications. The three-round Pedersen synchronous VSS scheme has been the norm for distributed cryptography for the last twenty years. In another effort, we showed that t...

Citation Context

...eme [15]. Our contributions to VSS not only complement our DKG system but also are of interest to MPC. In particular, we combined our tworound VSS with floating-point MPC primitives to define PrivaDA =-=[18]-=-, a distributed noise generation framework for differential privacy (DP) mechanisms. This allows PrivaDA to achieve the best possible tradeoff between privacy and utility for DP mechanisms in the trul...