| 1. |
- Brunetta, Carlo, 1992, et al.
(author)
-
A Differentially Private Encryption Scheme
- 2017
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 10599 LNCS, s. 309-326
-
Conference paper (peer-reviewed)abstract
- Encrypting data with a semantically secure cryptosystem guarantees that nothing is learned about the plaintext from the ciphertext. However, querying a database about individuals or requesting for summary statistics can leak information. Differential privacy (DP) offers a formal framework to bound the amount of information that an adversary can discover from a database with private data, when statistical findings of the stored data are communicated to an untrusted party. Although both encryption schemes and differential private mechanisms can provide important privacy guarantees, when employed in isolation they do not guarantee full privacy-preservation. This paper investigates how to efficiently combine DP and an encryption scheme to prevent leakage of information. More precisely, we introduce and instantiate differentially private encryption schemes that provide both DP and confidentiality. Our contributions are five-fold, we: (i) define an encryption scheme that is not correct with some probability i.e., an -correct encryption scheme and we prove that it satisfies the DP definition; (ii) prove that combining DP and encryption, is equivalent to using an -correct encryption scheme and provide a construction to build one from the other; (iii) prove that an encryption scheme that belongs in the DP-then-Encrypt class is at least as computationally secure as the original base encryption scheme; (iv) provide an -correct encryption scheme that achieves both requirements (i.e., DP and confidentiality) and relies on Dijk et al.’s homomorphic encryption scheme (EUROCRYPT 2010); and (v) perform some statistical experiments on our encryption scheme in order to empirically check the correctness of the theoretical results.
|
|
| 2. |
- Brunetta, Carlo, 1992, et al.
(author)
-
Code-Based Zero Knowledge PRF Arguments
- 2019
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 11723, s. 171-189
-
Conference paper (peer-reviewed)abstract
- Pseudo-random functions are a useful cryptographic primitive that, can be combined with zero-knowledge proof systems in order to achieve privacy-preserving identification. Libert et al. (ASIACRYPT 2017) has investigated the problem of proving the correct evaluation of lattice-based PRFs based on the Learning-With-Rounding (LWR) problem. In this paper, we go beyond lattice-based assumptions and investigate, whether we can solve the question of proving the correct evaluation of PRFs based on code-based assumptions such as the Syndrome Decoding problem. The answer is affirmative and we achieve it by firstly introducing a very efficient code-based PRG based on the Regular Syndrome Decoding problem and subsequently, we give a direct construction of a code-based PRF. Thirdly, we provide a zero-knowledge protocol for the correct evaluation of a code-based PRF, which allows a prover to convince a verifier that a given output y is indeed computed from the code-based PRF with a secret key k on an input x, i.e., {\$}{\$}y=f(k,x){\$}{\$}. Finally, we analytically evaluate the protocol's communication costs.
|
|
| 3. |
- Brunetta, Carlo, 1992
(author)
-
Cryptographic Tools for Privacy Preservation
- 2021
-
Doctoral thesis (other academic/artistic)abstract
- Data permeates every aspect of our daily life and it is the backbone of our digitalized society. Smartphones, smartwatches and many more smart devices measure, collect, modify and share data in what is known as the Internet of Things. Often, these devices don’t have enough computation power/storage space thus out-sourcing some aspects of the data management to the Cloud. Outsourcing computation/storage to a third party poses natural questions regarding the security and privacy of the shared sensitive data. Intuitively, Cryptography is a toolset of primitives/protocols of which security prop- erties are formally proven while Privacy typically captures additional social/legislative requirements that relate more to the concept of “trust” between people, “how” data is used and/or “who” has access to data. This thesis separates the concepts by introducing an abstract model that classifies data leaks into different types of breaches. Each class represents a specific requirement/goal related to cryptography, e.g. confidentiality or integrity, or related to privacy, e.g. liability, sensitive data management and more. The thesis contains cryptographic tools designed to provide privacy guarantees for different application scenarios. In more details, the thesis: (a) defines new encryption schemes that provide formal privacy guarantees such as theoretical privacy definitions like Differential Privacy (DP), or concrete privacy-oriented applications covered by existing regulations such as the European General Data Protection Regulation (GDPR); (b) proposes new tools and procedures for providing verifiable computation’s guarantees in concrete scenarios for post-quantum cryptography or generalisation of signature schemes; (c) proposes a methodology for utilising Machine Learning (ML) for analysing the effective security and privacy of a crypto-tool and, dually, proposes a secure primitive that allows computing specific ML algorithm in a privacy-preserving way; (d) provides an alternative protocol for secure communication between two parties, based on the idea of communicating in a periodically timed fashion.
|
|
| 4. |
- Brunetta, Carlo, 1992
(author)
-
Cryptographic Tools for Privacy Preservation and Verifiable Randomness
- 2018
-
Licentiate thesis (other academic/artistic)abstract
- Our society revolves around communication. The Internet is the biggest, cheapest and fastest digital communication channel used nowadays. Due to the continuous increase of daily communication among people worldwide, more and more data might be stolen, misused or tampered. We require to protect our communications and data by achieving privacy and confidentiality. Despite the two terms, "privacy" and "confidentiality",are often used as synonymous, in cryptography they are modelled in very different ways. Intuitively, cryptography can be seen as a tool-box in which every scheme, protocol or primitive is a tool that can be used to solve specific problems and provide specific communication security guarantees such as confidentiality. Privacy is instead not easy to describe and capture since it often depends on "which" information is available, "how" are these data used and/or "who" has access to our data. This licentiate thesis raises research questions and proposes solutions related to: the possibility of defining encryption schemes that provide both strong security and privacy guarantees; the importance of designing cryptographic protocols that are compliant with real-life privacy-laws or regulations; and the necessity of defining a post-quantum mechanism to achieve the verifiability of randomness. In more details, the thesis achievements are: (a) defining a new class of encryption schemes, by weakening the correctness property, that achieves Differential Privacy (DP), i.e., a mathematically sound definition of privacy; (b) formalizing a security model for a subset of articles in the European General Data Protection Regulation (GDPR), designing and implementing a cryptographic protocol based on the proposed GDPR-oriented security model, and; (c) proposing a methodology to compile a post-quantum interactive protocol for proving the correct computation of a pseudorandom function into a non-interactive one, yielding a post-quantum mechanism for verifiable randomness.
|
|
| 5. |
- Brunetta, Carlo, 1992, et al.
(author)
-
Lattice-Based Simulatable VRFs: Challenges and Future Directions
- 2018
-
In: Journal of Internet Services and Information Security. - 2182-2069 .- 2182-2077. ; 8:4, s. 57-69
-
Journal article (peer-reviewed)abstract
- Lattice-based cryptography is evolving rapidly and is often employed to design cryptographic primitives that hold a great promise to be post-quantum resistant and can be employed in multiple application settings such as: e-cash, unique digital signatures, non-interactive lottery and others. In such application scenarios, a user is often required to prove non-interactively the correct computation of a pseudo-random function F_k(x) without revealing the secret key k used. Commitment schemes are also useful in application settings requiring to commit to a chosen but secret value that could be revealed later. In this short paper, we provide our insights on constructing a lattice-based simulatable verifiable random function (sVRF) using non interactive zero knowledge arguments and dual-mode commitment schemes and we point out the main challenges that need to be addressed in order to achieve it.
|
|
| 6. |
- Brunetta, Carlo, 1992, et al.
(author)
-
Modelling Cryptographic Distinguishers Using Machine Learning
- 2022
-
In: Journal of Cryptographic Engineering. - : Springer Science and Business Media LLC. - 2190-8508 .- 2190-8516. ; 12:2, s. 123-135
-
Journal article (peer-reviewed)abstract
- Cryptanalysis is the development and study of attacks against cryptographic primitives and protocols. Many cryptographic properties rely on the difficulty of generating an adversary who, given an object sampled from one of two classes, correctly distinguishes the class used to generate that object. In the case of cipher suite distinguishing problem, the classes are two different cryptographic primitives. In this paper, we propose a methodology based on machine learning to automatically generate classifiers that can be used by an adversary to solve any distinguishing problem. We discuss the assumptions, a basic approach for improving the advantage of the adversary as well as a phenomenon that we call the “blind spot paradox”. We apply our methodology to generate distinguishers for the NIST (DRBG) cipher suite problem. Finally, we provide empirical evidence that the distinguishers might statistically have some advantage to distinguish between the DRBG used.
|
|
| 7. |
- Brunetta, Carlo, 1992, et al.
(author)
-
Non-Interactive, Secure Verifiable Aggregation for Decentralized, Privacy-Preserving Learning
- 2021
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 13083 LNCS, s. 510-5128
-
Conference paper (peer-reviewed)abstract
- We propose a novel primitive called NIVA that allows the distributed aggregation of multiple users’ secret inputs by multiple untrusted servers. The returned aggregation result can be publicly verified in a non-interactive way, i.e. the users are not required to participate in the aggregation except for providing their secret inputs. NIVA allows the secure computation of the sum of a large amount of users’ data and can be employed, for example, in the federated learning setting in order to aggregate the model updates for a deep neural network. We implement NIVA and evaluate its communication and execution performance and compare it with the current state-of- the-art, i.e. Segal et al. protocol (CCS 2017) and Xu et al. VerifyNet protocol (IEEE TIFS 2020), resulting in better user’s communicated data and execution time.
|
|
| 8. |
- Brunetta, Carlo, 1992, et al.
(author)
-
Towards Stronger Functional Signatures
- 2021
-
Journal article (other academic/artistic)abstract
- Functional digital Signatures (FS) schemes introduced by Boyle, Goldwasser and Ivan (PKC 2014) provide a method to generate fine-grained digital signatures in which a master key-pair $(\msk,\mvk)$ is used to generate a signing secret-key $\sk_\function$ for a function $f$ that allows to sign any message $\msg$ into the message $f(\msg)$ and signature $\sigma$. The verification algorithm takes the master verification-key $\mvk$ and checks that the signature $\sigma$ corresponding to $f(\msg)$ is valid. In this paper, we enhance the FS primitive by introducing a function public-key $\pk_f$ that acts as a commitment for the specific signing key $\sk_f$. This public-key is used during the verification phase and guarantees that the message-signature pair is indeed the result generated by employing the specific key $\sk_f$ in the signature phase, a property not achieved by the original FS scheme. This enhanced FS scheme is defined as Strong Functional Signatures (SFS) for which we define the properties of unforgeability as well as the function hiding property. Finally, we provide an unforgeable, function hiding SFS instance in the random oracle model based on Boneh-Lynn-Shacham signature scheme (ASIACRYPT 2001) and Fiore-Gennaro's publicly verifiable computation scheme (CCS 2012).
|
|
| 9. |
- Brunetta, Carlo, 1992, et al.
(author)
-
Turn Based Communication Channel
- 2021
-
Journal article (other academic/artistic)abstract
- We introduce the concept of turn-based communication channel between two mutually distrustful parties with communication consistency, i.e. both parties have the same message history, and happens in sets of exchanged messages across a limited number of turns. Our construction leverages on timed primitives. Namely, we introduce a novel ∆-delay hash function definition in order to establish turns in the channel. Concretely, we introduce the one-way turn-based communication scheme and the two-way turn-based communication protocol and provide a concrete instantiation that achieves communication consistency.
|
|
| 10. |
- Brunetta, Carlo, 1992, et al.
(author)
-
Turn-Based Communication Channels
- 2021
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 13059 LNCS, s. 376-392
-
Conference paper (peer-reviewed)abstract
- We introduce the concept of turn-based communication channel between two mutually distrustful parties with communication consistency, i.e. both parties have the same message history, and happens in sets of exchanged messages across a limited number of turns. Our construction leverages on timed primitives. Namely, we consider a Δ -delay hash function definition and use it to establish turns in the channel. Concretely, we introduce the one-way turn-based communication scheme and the two-way turn-based communication protocol and provide a concrete instantiation that achieves communication consistency.
|
|
