Faculty:

1
NYU Cryptography Group at Courant Institute

• Students
• Nelly Fazio
• Michael Freedman
• Anca Ivan
• Antonio Nicolosi
• Roberto Oliveira
• Shabsi Walfish

• Faculty
• Yevgeniy Dodis
• dodis_at_cs.nyu.edu
• Victor Shoup
• shoup_at_cs.nyu.edu

2
Cryptography Reading Group

• Meet every week
• This semester Friday, 1pm, room 101
• Drop by!
• Contact me to be put on the mailing list
• http//www.scs.cs.nyu.edu/crypto

3
Our Main Goals

• Improving the security and/or efficiency of
  cryptographic applications
• Designing new, provably secure cryptographic
  primitives
• Formalization and rigorous analysis of common
  cryptographic practices
• Protecting against key exposure
• Secure distributed/multiparty computation

4
Our Style Provable Security

• Formal definition for the cryptographic task at
  hand
• A concrete scheme which provably satisfies the
  above definition, assuming some commonly believed
  and well studied mathematical problem is hard
• Ensures that the only way to break the
  cryptographic scheme is to break a well studied
  mathematical problem, which is very unlikely
  (e.g., factoring)
• Gives much higher guarantee/assurance than
  commonly utilized heuristic approaches

5
Crypto Skills

• Creativity open mind, love for puzzles
• Formalism (proofs!) and elementary math (number
  theory, probability)
• Ability to ask interesting questions
• Ability to think

6
Some of Our Projects

• Signature and Encryption Schemes
• Authenticated Encryption
• Resilience to Key Exposure
• Distributed and Multi-party Cryptography
• Two-party computation
• Digital Right Management
• Cryptography with Imperfect Randomness
• Ideal Hash Function Methodology
• Fault-tolerant Authentication
• Privacy and Anonymity

7
Some projects I have been involved in _at_ NYU

• Warnings
• Not meant to
• give formal introduction to cryptography
• be crystal clear if you see it for the first time
• Instead
• give vague summary of the kind of things I like
• emphasize joint works with students and faculty
• Talk to me if interested in details!

8
Partial Key Exposure

• "Exposure-Resilient Functions and All-Or-Nothing
  Transforms" , Eurocrypt, 2000.
• "On Perfect and Adaptive Security in
  Exposure-Resilient Cryptography", Eurocrypt,
  2001.
• "Exposure-Resilience for Free the Case of
  Hierarchical ID-based Encryption", IEEE
  International Security In Storage Workshop
  (SISW), 2002.

9
Key Evolving Schemes

• Designed new model of key-insulated security, led
  to intrusion-resilient security
• "Key-Insulated Public Key Cryptosystems",
  Eurocrypt, 2002.
• "Strong Key-Insulated Signature Schemes",
  Workshop on Public Key Cryptography (PKC), 2003.
• "Intrusion-Resilient Public-Key Encryption", RSA
  Conference, Cryptography Track (CT-RSA), 2003.

10
Two-Party Schemes

• Max Krohn, David Mazieres and Antonio Nicolosi,
  "Proactive Two-Party Signatures for User
  Authentication", Network and Distributed System
  Security Symposium (NDSS), 2003.
• Anca Ivan, "Proxy Cryptography Revisited",
  Network and Distributed System Security Symposium
  (NDSS), 2003.
• "Generic Two-party CCA-secure Encryption Scheme
  and its Applications", manuscript

11
Authenticated Encryption

• "On the Security of Joint Signature and
  Encryption", Eurocrypt, 2002.
• "Concealment and Its Applications to
  Authenticated Encryption", Eurocrypt, 2003.
• Michael Freedman and Shabsi Walfish, "Parallel
  Signcryption with OAEP, PSS-R and other Feistel
  Paddings", submitted to Crypto 2003.
• Michael Freedman and Shabsi Walfish, "Universal
  Padding Schemes", manuscript.
• "Parallel Authenticated Encryption", manuscript.

12
Digital Right Management

• Nelly Fazio, "Public Key Broadcast Encryption for
  Stateless Receivers", ACM Workshop on Digital
  Rights Management, 2002.
• Nelly Fazio, "Public Key Broadcast Encryption
  Secure Against Adaptive Chosen Ciphertext
  Attack", Workshop on Public Key Cryptography
  (PKC), 2003.
• Nelly Fazio, "Fully Scalable Public-Key Traitor
  Tracing", submitted, 2003.
• Nelly Fazio, "Forward-Secure Broadcast
  Encryption", manuscript.

13
Imperfect Randomness

• "New Imperfect Random Source with Applications to
  Coin-Flipping", International Colloquium on
  Automata, Languages and Programming (ICALP),
  2001.
• Joel Spencer, "On the (non-)Universality of the
  One-Time Pad", Foundations of Computer Science
  (FOCS), 2002.
• Roberto Oliveira, "On Extracting Private
  Randomness over a Public Channel", manuscript.

14
Distributed Cryptography

• "Parallel Reducibility for Information-Theoretical
  ly Secure Computation", Crypto, 2000.
• "Efficient Construction of (Distributed)
  Verifiable Random Functions", Workshop on Public
  Key Cryptography (PKC), 2003
• Distributed Block Ciphers", manuscript

15
Cryptography Other

• "Lower Bounds for Oblivious Transfer Reductions",
  Eurocrypt, 1999.
• "A Cryptographic Solution to a Game Theoretic
  Problem", Crypto, 2000.
• "On the Power of Claw-Free Permutations",
  Conference on Security in Communication Networks
  (SCN), 2002

16
Algorithmic Game Theory

• Can moderate taxes force selfish users minimize
  global traffic and congestion?
• Richard Cole, "Pricing Network Edges for
  Heterogeneous Selfish Users", Symposium on Theory
  of Computing (STOC), 2003.
• Richard Cole, "The Cost of Taxes for Selfish
  Routing", ACM Conference on Electronic Commerce
  (EC), 2003.

17
My Other Interests

• Algorithms randomized and approx. algorithms,
  network design
• Coding Theory relates to crypto too
• Complexity Theory derandomization
• Combinatorics and Graph Theory
• Anything else that has proofs and requires
  problem solving

18
Recap of some recent group activities
19
Signature Encryption

• First provably secure and yet efficient signature
  and encryption schemes CS98, CS99, CS02
• lead to new standards for PKI
• Efficient schemes utilizing ideal hash functions
  Sho00, Sho01, DR02, DFW03, DFJW03
• Signature / encryption schemes with extended
  functionalities CS03, DF03, NKDM03

20
Authenticated Encryption

• First formal modeling of public-key authenticated
  encryption (signcryption) ADR02
• Parallel authenticated encryption ADR02, DFW03,
  DFJW03, Dod03a
• Designing authenticated encryption for long
  messages DA03

21
Key Exposure Protection

• Exposure-resilient functions and All-or-nothing
  transforms CDH00, DSS01
• Key-insulated signature and encryption scheme
  DKXY02, DKXY03
• Intrusion-Resilient Encryption DKY03
• Remotely-Keyed Encryption DA03
• Server-Aided/Proxy/Proactive Cryptography
  NKDN03, ID03, DY02

22
Distributed Computation

• Byzantine Agreement CKS00, CKPS01, KS01
• Threshold Cryptosystems SG98,Sho00
• Distributed verifiable random functions and block
  ciphers Dod03b, DY03
• Joint generation of special RSA keys ACS02
• Two-party computation NKDN03, ID03
• Concurrent protocols composition DM00

23
Some Other Projects

• Digital right management DF02, DF03, DFKY03
• Ideal Hash Function Methodology Dod03b, DS03
• Basing Cryptography on Imperfect Randomness
  DS02, DO03
• Cryptography and Game Theory DHR00