CS Talk - Qiang Tang
Host: Mariana Raykova
Stretching Cryptography to Foil Intensive Attacks
Despite the laudatory history of development of modern cryptography, applying cryptographic tools to reliably provide security in practice is notoriously difficult. Two fundamental assumptions have to be made in most of the scenarios. (1.) There is a secret key unknown to the adversary; (2.) The implementations faithfully realize the cryptographic algorithms. Unfortunately, we have witnessed real-world scenarios in which those two fundamental assumptions do not necessarily hold.
In this talk, I will present our work on designing cryptographic systems to defend against malicious key owners. In particular, we introduce a new cryptographic primitive called traitor deterring scheme (TDS) to enforce a non-sharing key management policy in a multi-recipient encryption scenario. The distinguishing characteristic of a TDS is that secret-keys are issued to users after they provide some private information as a form of collateral. The traitor deterring property ensures that if a malicious coalition of users (aka “traitors”) produces an unauthorized (aka “pirate”) decryption device, any recipient of the device will be able to recover at least one of the traitors’ collaterals even with only black-box access to the device. On the other hand, honest users’ collaterals are guaranteed to remain hidden. With such new mechanism developed, we show how to use the recently emerged Bitcoin to de-incentivize unauthorized content re-distribution. We model, construct and analyze TDS’s based on various cryptographic assumptions and motivate new cryptographic primitives that are of independent interests.
Also, I will briefly discuss our recent progress on post-Snowden cryptography: designing cryptosystems without trust on the implementations. Our results resolve the central problem in this emerging area about defending against subliminal channel attacks when using subverted randomized algorithms.