Alessandra Scafuro - Academia.edu (original) (raw)

Uploads

Papers by Alessandra Scafuro

Proceedings of the 46th Annual ACM Symposium on Theory of Computing - STOC '14, 2014

Lecture Notes in Computer Science, 2013

The use of Physically Uncloneable Functions (PUFs) in Cryptography is a recent breakthrough that ... more The use of Physically Uncloneable Functions (PUFs) in Cryptography is a recent breakthrough that has caught the interest of both theoreticians and practitioners. A major step towards understanding and securely using PUFs has been done in [CRYPTO 2011] where Brzuska, Fischlin, Schröder and Katzenbeisser augmented the Universal Composition (UC) Framework of Canetti [FOCS 2001] by considering Physically Uncloneable Functions (PUFs). Their model considers trusted PUFs only (i.e., adversaries are assumed to be unable to produce fake/malicious PUFs). Moreover they assumed that the simulator can observe queries made by an adversary to a PUF (i.e., an adversary can access a PUF only in a prescribed detectable way). Since the study of PUFs to achieve cryptographic tasks is still in its infancy, assuming such limitations on the capabilities of the adversaries in misbehaving with PUFs might not correspond to real-world scenarios.

Lecture Notes in Computer Science, 2009

Preface ALGOSENSORS, the International International Workshop on Algorithmic Aspects of Wireless ... more Preface ALGOSENSORS, the International International Workshop on Algorithmic Aspects of Wireless Sensor Networks, is an annual forum for presentation of research on all algorithmic aspects of sensor networks, including the theory, design, analysis, implementation, and application of algorithms for sensor networks. The 5th edition of ALGOSENSORS was held during July 10-11, 2009, on Rhodes, Greece.

Lecture Notes in Computer Science, 2013

ABSTRACT We present a constant-round unconditional black-box compiler that transforms any ideal (... more ABSTRACT We present a constant-round unconditional black-box compiler that transforms any ideal (i.e., statistically-hiding and statistically-binding) straight-line extractable commitment scheme, into an extractable and equivocal commitment scheme, therefore yielding to UC-security [9]. We exemplify the usefulness of our compiler by providing two (constant-round) instantiations of ideal straight-line extractable commitment based on (malicious) PUFs [36] and stateless tamper-proof hardware tokens [26], therefore achieving the first unconditionally UC-secure commitment with malicious PUFs and stateless tokens, respectively. Our constructions are secure for adversaries creating arbitrarily malicious stateful PUFs/tokens. Previous results with malicious PUFs used either computational assumptions to achieve UC-secure commitments or were unconditionally secure but only in the indistinguishability sense [36]. Similarly, with stateless tokens, UC-secure commitments are known only under computational assumptions [13,24,15], while the (not UC) unconditional commitment scheme of [23] is secure only in a weaker model in which the adversary is not allowed to create stateful tokens. Besides allowing us to prove feasibility of unconditional UC-security with (malicious) PUFs and stateless tokens, our compiler can be instantiated with any ideal straight-line extractable commitment scheme, thus allowing the use of various setup assumptions which may better fit the application or the technology available.

Lecture Notes in Computer Science, 2012

ABSTRACT In this paper we revisit previous work in the BPK model and point out subtle problems co... more ABSTRACT In this paper we revisit previous work in the BPK model and point out subtle problems concerning security proofs of concurrent and resettable zero knowledge (cƵƘ and rƵƘ, for short). Our analysis shows that the cƵƘ and rƵƘ simulations proposed for previous (in particular all round-optimal) protocols are distinguishable from real executions. Therefore some of the questions about achieving round optimal cƵƘ and rƵƘ in the BPK model are still open. We then show our main protocol, ΠcƵƘ, that is a round-optimal concurrently sound cƵƘ argument of knowledge (AoK, for short) for NP under standard complexity-theoretic assumptions. Next, using complexity leveraging arguments, we show a protocol ΠrƵƘ that is round-optimal and concurrently sound rƵƘ for NP. Finally we show that ΠcƵƘ and ΠrƵƘ can be instantiated efficiently through transformations based on number-theoretic assumptions. Indeed, starting from any language admitting a perfect Σ-protocol, they produce concurrently sound protocols ΠcƵƘ and ΠrƵƘ, where ΠcƵƘ is a round-optimal cƵƘAoK, and ΠrƵƘ is a 5-round rƵƘ argument. The rƵƘ protocols are mainly inherited from the ones of Yung and Zhao [31].

Lecture Notes in Computer Science, 2012

ABSTRACT Joint work with Rafail Ostrovsky, Alessandra Scafuro, Ivan Visconti.

Lecture Notes in Computer Science, 2013

In [DNRS99, DNRS03], Dwork et al. opened the fundamental question of the existence of commitment ... more In [DNRS99, DNRS03], Dwork et al. opened the fundamental question of the existence of commitment schemes that are secure against selective opening attacks (SOA, for short). In [BHY09] Bellare, Hofheinz, and Yilek, and Hofheinz in [Hof11] solved this open problem by presenting a scheme based on non-black-box use of a one-way permutation and super-constant number of rounds. The recent work of Xiao ([Xia11a]) investigates on how to achieve nearly optimal SOA-secure commitment schemes where optimality is in the sense of both the round complexity and the black-box use of cryptographic primitives. The work of Xiao focuses on a simulation-based security notion of SOA. Moreover, the various results in [Xia11a] focus either on parallel or concurrent SOA.

... Chandran, Goyal and Sahai [CGS08] extended the results of Katz and suggested three main impro... more ... Chandran, Goyal and Sahai [CGS08] extended the results of Katz and suggested three main improvements: first, they considered resettable tokens, second, their construction is based on general assumption (enhanced trapdoor permutations) instead of DDH. ...

... Recently, Paise and Vaudenay presented a general RFID security and privacy model that abstrac... more ... Recently, Paise and Vaudenay presented a general RFID security and privacy model that abstracts and unifies most previous approaches. This model defines mutual authentication (be-tween RFID tags and readers) and several privacy notions that capture adversaries with ...

Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing - STOC '15, 2015

Proceedings of the 46th Annual ACM Symposium on Theory of Computing - STOC '14, 2014

Lecture Notes in Computer Science, 2013

The use of Physically Uncloneable Functions (PUFs) in Cryptography is a recent breakthrough that ... more The use of Physically Uncloneable Functions (PUFs) in Cryptography is a recent breakthrough that has caught the interest of both theoreticians and practitioners. A major step towards understanding and securely using PUFs has been done in [CRYPTO 2011] where Brzuska, Fischlin, Schröder and Katzenbeisser augmented the Universal Composition (UC) Framework of Canetti [FOCS 2001] by considering Physically Uncloneable Functions (PUFs). Their model considers trusted PUFs only (i.e., adversaries are assumed to be unable to produce fake/malicious PUFs). Moreover they assumed that the simulator can observe queries made by an adversary to a PUF (i.e., an adversary can access a PUF only in a prescribed detectable way). Since the study of PUFs to achieve cryptographic tasks is still in its infancy, assuming such limitations on the capabilities of the adversaries in misbehaving with PUFs might not correspond to real-world scenarios.

Lecture Notes in Computer Science, 2009

Preface ALGOSENSORS, the International International Workshop on Algorithmic Aspects of Wireless ... more Preface ALGOSENSORS, the International International Workshop on Algorithmic Aspects of Wireless Sensor Networks, is an annual forum for presentation of research on all algorithmic aspects of sensor networks, including the theory, design, analysis, implementation, and application of algorithms for sensor networks. The 5th edition of ALGOSENSORS was held during July 10-11, 2009, on Rhodes, Greece.

Lecture Notes in Computer Science, 2013

ABSTRACT We present a constant-round unconditional black-box compiler that transforms any ideal (... more ABSTRACT We present a constant-round unconditional black-box compiler that transforms any ideal (i.e., statistically-hiding and statistically-binding) straight-line extractable commitment scheme, into an extractable and equivocal commitment scheme, therefore yielding to UC-security [9]. We exemplify the usefulness of our compiler by providing two (constant-round) instantiations of ideal straight-line extractable commitment based on (malicious) PUFs [36] and stateless tamper-proof hardware tokens [26], therefore achieving the first unconditionally UC-secure commitment with malicious PUFs and stateless tokens, respectively. Our constructions are secure for adversaries creating arbitrarily malicious stateful PUFs/tokens. Previous results with malicious PUFs used either computational assumptions to achieve UC-secure commitments or were unconditionally secure but only in the indistinguishability sense [36]. Similarly, with stateless tokens, UC-secure commitments are known only under computational assumptions [13,24,15], while the (not UC) unconditional commitment scheme of [23] is secure only in a weaker model in which the adversary is not allowed to create stateful tokens. Besides allowing us to prove feasibility of unconditional UC-security with (malicious) PUFs and stateless tokens, our compiler can be instantiated with any ideal straight-line extractable commitment scheme, thus allowing the use of various setup assumptions which may better fit the application or the technology available.

Lecture Notes in Computer Science, 2012

ABSTRACT In this paper we revisit previous work in the BPK model and point out subtle problems co... more ABSTRACT In this paper we revisit previous work in the BPK model and point out subtle problems concerning security proofs of concurrent and resettable zero knowledge (cƵƘ and rƵƘ, for short). Our analysis shows that the cƵƘ and rƵƘ simulations proposed for previous (in particular all round-optimal) protocols are distinguishable from real executions. Therefore some of the questions about achieving round optimal cƵƘ and rƵƘ in the BPK model are still open. We then show our main protocol, ΠcƵƘ, that is a round-optimal concurrently sound cƵƘ argument of knowledge (AoK, for short) for NP under standard complexity-theoretic assumptions. Next, using complexity leveraging arguments, we show a protocol ΠrƵƘ that is round-optimal and concurrently sound rƵƘ for NP. Finally we show that ΠcƵƘ and ΠrƵƘ can be instantiated efficiently through transformations based on number-theoretic assumptions. Indeed, starting from any language admitting a perfect Σ-protocol, they produce concurrently sound protocols ΠcƵƘ and ΠrƵƘ, where ΠcƵƘ is a round-optimal cƵƘAoK, and ΠrƵƘ is a 5-round rƵƘ argument. The rƵƘ protocols are mainly inherited from the ones of Yung and Zhao [31].

Lecture Notes in Computer Science, 2012

ABSTRACT Joint work with Rafail Ostrovsky, Alessandra Scafuro, Ivan Visconti.

Lecture Notes in Computer Science, 2013

In [DNRS99, DNRS03], Dwork et al. opened the fundamental question of the existence of commitment ... more In [DNRS99, DNRS03], Dwork et al. opened the fundamental question of the existence of commitment schemes that are secure against selective opening attacks (SOA, for short). In [BHY09] Bellare, Hofheinz, and Yilek, and Hofheinz in [Hof11] solved this open problem by presenting a scheme based on non-black-box use of a one-way permutation and super-constant number of rounds. The recent work of Xiao ([Xia11a]) investigates on how to achieve nearly optimal SOA-secure commitment schemes where optimality is in the sense of both the round complexity and the black-box use of cryptographic primitives. The work of Xiao focuses on a simulation-based security notion of SOA. Moreover, the various results in [Xia11a] focus either on parallel or concurrent SOA.

... Chandran, Goyal and Sahai [CGS08] extended the results of Katz and suggested three main impro... more ... Chandran, Goyal and Sahai [CGS08] extended the results of Katz and suggested three main improvements: first, they considered resettable tokens, second, their construction is based on general assumption (enhanced trapdoor permutations) instead of DDH. ...

... Recently, Paise and Vaudenay presented a general RFID security and privacy model that abstrac... more ... Recently, Paise and Vaudenay presented a general RFID security and privacy model that abstracts and unifies most previous approaches. This model defines mutual authentication (be-tween RFID tags and readers) and several privacy notions that capture adversaries with ...

Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing - STOC '15, 2015