In 1977 Dalenius articulated a desideratum for statistical databases: nothing about an individual should be learnable from the database that cannot be learned without access to the database. We give a general impossibility result showing that a formalization of Dalenius' goal along the lines of semantic security cannot be achieved. Contrary to intuition, a variant of the result threatens the privacy even of someone not in the database. This state of affairs suggests a new measure, differential privacy, which, intuitively, captures the increased risk to one's privacy incurred by participating in a database. The techniques developed in a sequence of papers [8, 13, 3], culminating in those described in [12], can achieve any desired level of privacy under this measure. In many cases, extremely accurate information about the database can be provided while simultaneously ensuring very high levels of privacy

Differential privacy

We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.

In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.

/pdf/fuzzy-identity-based-encryption-21je831ql2.pdf

Fuzzy identity-based encryption

We propose a novel paradigm for defining security of cryptographic protocols, called universally composable security. The salient property of universally composable definitions of security is that they guarantee security even when a secure protocol is composed of an arbitrary set of protocols, or more generally when the protocol is used as a component of an arbitrary system. This is an essential property for maintaining security of cryptographic protocols in complex and unpredictable environments such as the Internet. In particular, universally composable definitions guarantee security even when an unbounded number of protocol instances are executed concurrently in an adversarially controlled manner, they guarantee non-malleability with respect to arbitrary protocols, and more. We show how to formulate universally composable definitions of security for practically any cryptographic task. Furthermore, we demonstrate that practically any such definition can be realized using known techniques, as long as only a minority of the participants are corrupted. We then proceed to formulate universally composable definitions of a wide array of cryptographic tasks, including authenticated and secure communication, key-exchange, public-key encryption, signature, commitment, oblivious transfer, zero knowledge and more. We also make initial steps towards studying the realizability of the proposed definitions in various settings.

/pdf/universally-composable-security-a-new-paradigm-for-3kyhnjofve.pdf

Universally composable security: a new paradigm for cryptographic protocols

/pdf/fuzzy-identity-based-encryption-1d5v9a6tyj.pdf

Fuzzy Identity Based Encryption.

Digital watermarking is a key ingredient to copyright protection. It provides a solution to illegal copying of digital material and has many other useful applications such as broadcast monitoring and the recording of electronic transactions. Now, for the first time, there is a book that focuses exclusively on this exciting technology. Digital Watermarking covers the crucial research findings in the field: it explains the principles underlying digital watermarking technologies, describes the requirements that have given rise to them, and discusses the diverse ends to which these technologies are being applied. As a result, additional groundwork is laid for future developments in this field, helping the reader understand and anticipate new approaches and applications.

Digital Watermarking

We provide formal definitions and efficient secure techniques for 


turning biometric information into keys usable for any cryptographic application, and


reliably and securely authenticating biometric data.

/pdf/fuzzy-extractors-how-to-generate-strong-keys-from-biometrics-3ft5jjgesl.pdf

Fuzzy extractors: How to generate strong keys from biometrics and other noisy data

We provide formal definitions and efficient secure techniques for turning noisy information into keys usable for any cryptographic application, and, in particular, reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor reliably extracts nearly uniform randomness $R$ from its input; the extraction is error-tolerant in the sense that $R$ will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, $R$ can be used as a key in a cryptographic application. A secure sketch produces public information about its input $w$ that does not reveal $w$ and yet allows exact recovery of $w$ given another value that is close to $w$. Thus, it can be used to reliably reproduce error-prone biometric inputs without incurring the security risk inherent in storing them. We define the primitives to be both formally secure and versatile, generalizing much prior work. In addition, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.

/pdf/fuzzy-extractors-how-to-generate-strong-keys-from-biometrics-3jizcwtwjh.pdf

Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

In outsourced database (ODB)systems the database owner publishes its data through a number of remote servers, with the goal of enabling clients at the edge of the network to access and query the data more efficiently. As servers might be untrusted or can be compromised, query authentication becomes an essential component of ODB systems. Existing solutions for this problem concentrate mostly on static scenarios and are based on idealistic properties for certain cryptographic primitives. In this work, first we define a variety of essential and practical cost metrics associated with ODB systems. Then, we analytically evaluate a number of different approaches, in search for a solution that best leverages all metrics. Most importantly, we look at solutions that can handle dynamic scenarios, where owners periodically update the data residing at the servers. Finally, we discuss query freshness, a new dimension in data authentication that has not been explored before. A comprehensive experimental evaluation of the proposed and existing approaches is used to validate the analytical models and verify our claims. Our findings exhibit that the proposed solutions improve performance substantially over existing approaches, both for static and dynamic environments.

/pdf/dynamic-authenticated-index-structures-for-outsourced-2uo629ihnv.pdf

Dynamic authenticated index structures for outsourced databases

Complexity-theoretic cryptography considers only abstract notions of computation, and hence cannot protect against attacks that exploit the information leakage (via electromagnetic fields, power con- sumption, etc.) inherent in the physical execution of any cryptographic al- gorithm. Such "physical observation attacks" bypass the impressive bar- rier of mathematical security erected so far, and successfully break math- ematically impregnable systems. The great practicality and the inherent availability of physical attacks threaten the very relevance of complexity- theoretic security. To respond to the present crisis, we put forward physically observable cryptography: a powerful, comprehensive, and precise model for defining and delivering cryptographic security against an adversary that has ac- cess to information leaked from the physical execution of cryptographic algorithms. Our general model allows for a variety of adversaries. In this paper, however, we focus on the strongest possible adversary, so as to capture what is cryptographically possible in the worst possible, physi- cally observable setting. In particular, we - consider an adversary that has full (and indeed adaptive) access to any leaked information; - show that some of the basic theorems and intuitions of traditional cryptography no longer hold in a physically observable setting; and - construct pseudorandom generators that are provably secure against all physical-observation attacks.

/pdf/physically-observable-cryptography-extended-abstract-5f5ptj5obq.pdf

Physically Observable Cryptography (Extended Abstract).

Complexity-theoretic cryptography considers only abstract notions of computation, and hence cannot protect against attacks that exploit the information leakage (via electromagnetic fields, power consumption, etc.) inherent in the physical execution of any cryptographic algorithm. Such “physical observation attacks” bypass the impressive barrier of mathematical security erected so far, and successfully break mathematically impregnable systems. The great practicality and the inherent availability of physical attacks threaten the very relevance of complexity-theoretic security.

/pdf/physically-observable-cryptography-5fycrm9vl3.pdf

Leonid Reyzin

Papers

Fuzzy extractors: How to generate strong keys from biometrics and other noisy data

Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

Dynamic authenticated index structures for outsourced databases

Physically Observable Cryptography (Extended Abstract).

Physically observable cryptography