Showing papers on "Verifiable secret sharing published in 2020"

VerifyNet: Secure and Verifiable Federated Learning

Abstract: As an emerging training model with neural networks, federated learning has received widespread attention due to its ability to update parameters without collecting users’ raw data. However, since adversaries can track and derive participants’ privacy from the shared gradients, federated learning is still exposed to various security and privacy threats. In this paper, we consider two major issues in the training process over deep neural networks (DNNs): 1) how to protect user’s privacy (i.e., local gradients) in the training process and 2) how to verify the integrity (or correctness) of the aggregated results returned from the server. To solve the above problems, several approaches focusing on secure or privacy-preserving federated learning have been proposed and applied in diverse scenarios. However, it is still an open problem enabling clients to verify whether the cloud server is operating correctly, while guaranteeing user’s privacy in the training process. In this paper, we propose VerifyNet, the first privacy-preserving and verifiable federated learning framework. In specific, we first propose a double-masking protocol to guarantee the confidentiality of users’ local gradients during the federated learning. Then, the cloud server is required to provide the Proof about the correctness of its aggregated results to each user. We claim that it is impossible that an adversary can deceive users by forging Proof , unless it can solve the NP-hard problem adopted in our model. In addition, VerifyNet is also supportive of users dropping out during the training process. The extensive experiments conducted on real-world data also demonstrate the practical performance of our proposed scheme.

Efficient verifiable delay functions

Abstract: We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor VDF. A trapdoor VDF is essentially a VDF which can be evaluated efficiently by parties who know a secret (the trapdoor). By setting up this scheme in a way that the trapdoor is unknown (not even by the party running the setup, so that there is no need for a trusted setup environment), we obtain a simple VDF. Our construction is based on groups of unknown order such as an RSA group or the class group of an imaginary quadratic field. The output of our construction is very short (the result and the proof of correctness are each a single element of the group), and the verification of correctness is very efficient.

A Secure and Verifiable Data Sharing Scheme Based on Blockchain in Vehicular Social Networks

Abstract: The vehicular social networks (VSNs) supports diverse kinds of services such as traffic management, road safety, and sharing data (videos, audios, roads photos, air quality, and so on). However, its complex, large-scale and dynamic network structure poses new security challenges. Among these challenges, secure data transmission has turned to be a spotlight. Ciphertext-policy attribute-based encryption (CP-ABE) may be adopted to realize one-to-many data sharing in VSNs. In traditional CP-ABE schemes, access policy is stored and granted by the could, which lacks credibility due to centralization. In this article, we propose a secure and verifiable one-to-many data sharing scheme to solve the above problem. We use blockchain to record the access policy, realizing user self-certification and cloud non-repudiation. Considering the computing capabilities of the vehicular user, we propose an effective scheme for certificating. Meanwhile, considering the sensitive information included in the access policy, we propose a policy hiding scheme. Our scheme also supports data revocation when a vehicular user no longer wants to share the data in VSNs. Finally, security analysis and simulation show our scheme is both secure and efficient.

VFL: A Verifiable Federated Learning with Privacy-Preserving for Big Data in Industrial IoT

Abstract: Due to the strong analytical ability of big data, deep learning has been widely applied to model on the collected data in industrial IoT. However, for privacy issues, traditional data-gathering centralized learning is not applicable to industrial scenarios sensitive to training sets, such as face recognition and medical systems. Recently, federated learning has received widespread attention, since it trains a model by only sharing gradients without accessing training sets. But existing researches reveal that the shared gradient still retains the sensitive information of the training set. Even worse, a malicious aggregation server may return forged aggregated gradients. In this paper, we propose the VFL, a verifiable federated learning with privacy-preserving for big data in industrial IoT. Specifically, we use Lagrange interpolation to elaborately set interpolation points for verifying the correctness of the aggregated gradients. Compared with existing schemes, the verification overhead of VFL remains constant regardless of the number of participants. Moreover, we employ the blinding technology to protect the privacy of the privacy gradients. If no more than n-2 of n participants collude with the aggregation server, VFL could guarantee the encrypted gradients of other participants not being inverted. Experimental evaluations corroborate the practical performance of the presented VFL with high accuracy and efficiency.

Asynchronous Distributed Key Generation for Computationally-Secure Randomness, Consensus, and Threshold Signatures.

Abstract: In this paper, we present the first Asynchronous Distributed Key Generation (ADKG) algorithm which is also the first distributed key generation algorithm that can generate cryptographic keys with a dual (f,2f+1)-threshold (where f is the number of faulty parties). As a result, using our ADKG we remove the trusted setup assumption that the most scalable consensus algorithms make. In order to create a DKG with a dual (f,2f+1)- threshold we first answer in the affirmative the open question posed by Cachin et al. [7] on how to create an Asynchronous Verifiable Secret Sharing (AVSS) protocol with a reconstruction threshold of f+1

Multi-User Verifiable Searchable Symmetric Encryption for Cloud Storage

Abstract: In a cloud data storage system, symmetric key encryption is usually used to encrypt files due to its high efficiency. In order allow the untrusted/semi-trusted cloud storage server to perform searching over encrypted data while maintaining data confidentiality, searchable symmetric encryption (SSE) has been proposed. In a typical SSE scheme, a users stores encrypted files on a cloud storage server and later can retrieve the encrypted files containing specific keywords. The basic security requirement of SSE is that the cloud server learns no information about the files or the keywords during the searching process. Some SSE schemes also offer additional functionalities such as detecting cheating behavior of a malicious server (i.e., verifiability) and allowing update (e.g., modifying, deleting and adding) of documents on the server. However, the previous (verifiable) SSE schemes were designed for single users, which means the searching can only be done by the data owner, whereas in reality people often use cloud storage to share files with other users. In this paper we present a multi-user verifiable searchable symmetric encryption (MVSSE) scheme that achieves all the desirable features of a verifiable SSE and allows multiple users to perform searching. We then define an ideal functionality for MVSSE under the Universally Composable (UC-) security framework and prove that our ideal functionality implies the security requirements of a secure MVSSE, and our multi-user verifiable SSE scheme is UC-secure. We also implement our scheme to verify its high performance based on some real dataset.

LVPDA: A Lightweight and Verifiable Privacy-Preserving Data Aggregation Scheme for Edge-Enabled IoT

Abstract: Edge computing is envisioned to be a powerful platform that provides efficient data storage and computation services in the smart Internet-of-Things (IoT) systems. In this data-intensive architecture, protecting user-side data privacy is one of the most critical concerns to prevent privacy leakage from any other untrusted entities. Aiming to resist this concern, many privacy-preserving data aggregation (PPDA) schemes have been proposed for various cloud-enabled IoT applications. However, due to the resource-constrained nature of the smart IoT devices, the conventional PPDA solutions, in terms of both privacy and performance requirements, are unsuitable in edge computing. To address this challenge, we propose a lightweight and verifiable PPDA scheme, named LVPDA, for the edge-computing-enabled IoT system, where the Paillier homomorphic encryption method and an online/offline signature technique are combined to ensure the privacy preserving and integrity verification during the data aggregation process. A detailed security analysis indicates that LVPDA is existentially unforgeable under the chosen message attack (EU-CMA) and the data integrity can be guaranteed with formal proof under $q$ -strong Diffie–Hellman ( $q$ -SDH) assumptions. Compared with other PPDA methods, our scheme can achieve lightweight PPDA in terms of less computational complexity and communication overhead.

Advantage distillation for device-independent quantum key distribution

Abstract: Device-independent quantum key distribution (DIQKD) offers the prospect of distributing secret keys with only minimal security assumptions, by making use of a Bell violation. However, existing DIQKD security proofs have low noise tolerances, making a proof-of-principle demonstration currently infeasible. We investigate whether the noise tolerance can be improved by using advantage distillation, which refers to using two-way communication instead of the one-way error correction currently used in DIQKD security proofs. We derive an efficiently verifiable condition to certify that advantage distillation is secure against collective attacks in a variety of DIQKD scenarios, and use this to show that it can indeed allow higher noise tolerances, which could help to pave the way towards an experimental implementation of DIQKD.

Towards Scalable Threshold Cryptosystems

Abstract: The resurging interest in Byzantine fault tolerant systems will demand more scalable threshold cryptosystems. Unfortunately, current systems scale poorly, requiring time quadratic in the number of participants. In this paper, we present techniques that help scale threshold signature schemes (TSS), verifiable secret sharing (VSS) and distributed key generation (DKG) protocols to hundreds of thousands of participants and beyond. First, we use efficient algorithms for evaluating polynomials at multiple points to speed up computing Lagrange coefficients when aggregating threshold signatures. As a result, we can aggregate a 130,000 out of 260,000 BLS threshold signature in just 6 seconds (down from 30 minutes). Second, we show how "authenticating" such multipoint evaluations can speed up proving polynomial evaluations, a key step in communication-efficient VSS and DKG protocols. As a result, we reduce the asymptotic (and concrete) computational complexity of VSS and DKG protocols from quadratic time to quasilinear time, at a small increase in communication complexity. For example, using our DKG protocol, we can securely generate a key for the BLS scheme above in 2.3 hours (down from 8 days). Our techniques improve performance for thresholds as small as 255 and generalize to any Lagrange-based threshold scheme, not just threshold signatures. Our work has certain limitations: we require a trusted setup, we focus on synchronous VSS and DKG protocols and we do not address the worst-case complaint overhead in DKGs. Nonetheless, we hope it will spark new interest in designing large-scale distributed systems.

A Smart Contract System for Decentralized Borda Count Voting

Abstract: In this article, we propose the first self-tallying decentralized e-voting protocol for a ranked-choice voting system based on Borda count. Our protocol does not need any trusted setup or tallying authority to compute the tally. The voters interact through a publicly accessible bulletin board for executing the protocol in a way that is publicly verifiable. Our main protocol consists of two rounds. In the first round, the voters publish their public keys, and in the second round they publish their randomized ballots. All voters provide Non-interactive Zero-Knowledge (NIZK) proofs to show that they have been following the protocol specification honestly without revealing their secret votes. At the end of the election, anyone including a third-party observer will be able to compute the tally without needing any tallying authority. We provide security proofs to show that our protocol guarantees the maximum privacy for each voter. We have implemented our protocol using Ethereum's blockchain as a public bulletin board to record voting operations as publicly verifiable transactions. The experimental data obtained from our tests show the protocol's potential for the real-world deployment.

A Blockchain Platform for User Data Sharing Ensuring User Control and Incentives

Abstract: We propose a new platform for user modelling with blockchains that allows users to share data without losing control and ownership of it and applied it to the domain of travel booking. Our platform provides solution to three important problems: ensuring privacy and user control, and incentives for sharing. It tracks who shared what, with whom, when, by what means and for what purposes in a verifiable fashion. The paper presents a case study of applying the framework for a hotel reservation system as one of the enterprise nodes of Multichain which collects users’ profile data and allows users to receive rewards while sharing their data with other travel service providers according to their privacy preferences expressed in smart contracts. The user data from the repository is converted into an open data format and shared via stream in the blockchain so that other nodes can efficiently process and use the data. The smart contract verifies and executes the agreed terms of use of the data and transfers digital tokens as a reward to the user. The smart contract imposes double deposit collateral to ensure that all participants act honestly. The paper also presents a performance evaluation of the platform by analyzing latency and memory consumption with selected three test-scenarios and measuring the transaction cost for smart contracts deployment. The results show that the node responded quickly in all our cases with a befitting transaction cost.

A Privacy-Preserving and Verifiable Federated Learning Scheme

Abstract: Due to the complexity of the data environment, many organizations prefer to train deep learning models together by sharing training sets. However, this process is always accompanied by the restriction of distributed storage and privacy. Federated learning addresses this challenge by only sharing gradients with the server without revealing training sets. Unfortunately, existing research has shown that the server could extract information of the training sets from shared gradients. Besides, the server may falsify the calculated result to affect the accuracy of the trained model. To solve the above problems, we propose a privacy-preserving and verifiable federated learning scheme. Our scheme focuses on processing shared gradients by combining the Chinese Remainder Theorem and the Paillier homomorphic encryption, which can realize privacy-preserving federated learning with low computation and communication costs. In addition, we introduce the bilinear aggregate signature technology into federated learning, which effectively verifies the correctness of aggregated gradient. Moreover, the experiment shows that even with the added verification function, our scheme still has high accuracy and efficiency.

Verifiable Searchable Encryption Framework against Insider Keyword-Guessing Attack in Cloud Storage

Abstract: Searchable encryption (SE) allows cloud tenants to retrieve encrypted data while preserving data confidentiality securely. Many SE solutions have been designed to improve efficiency and security, but most of them are still susceptible to insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. Also in existing SE solutions, a semi-honest-but-curious cloud server may deliver incorrect search results by performing only a fraction of retrieval operations honestly (e.g., to save storage space). To address these two challenging issues, we first construct the basic Verifiable SE Framework (VSEF), which can withstand the inside KGA and achieve verifiable searchability. Based on the basic VSEF, we then present the enhanced VSEF to support multi-keyword search, multi-key encryption and dynamic updates (e.g., data modification, data insertion, and data deletion) at the same time, which highlights the importance of practicability and scalability of SE in real-world application scenarios. We conduct extensive experiments using the Enron email dataset to demonstrate that the enhanced VSEF achieves high efficiency while resisting to the inside KGA and supporting the verifiability of search results.

ALBATROSS: Publicly AttestabLe BATched Randomness Based On Secret Sharing

Abstract: In this paper we present ALBATROSS, a family of multiparty randomness generation protocols with guaranteed output delivery and public verification that allows to trade off corruption tolerance for a much improved amortized computational complexity Our basic stand alone protocol is based on publicly verifiable secret sharing (PVSS) and is secure under in the random oracle model under the decisional Diffie-Hellman (DDH) hardness assumption We also address the important issue of constructing Universally Composable randomness beacons, showing two UC versions of Albatross: one based on simple UC NIZKs and another one based on novel efficient “designated verifier” homomorphic commitments Interestingly this latter version can be instantiated from a global random oracle under the weaker Computational Diffie-Hellman (CDH) assumption An execution of ALBATROSS with n parties, out of which up to \(t=(1/2-\epsilon )\cdot n\) are corrupt for a constant \(\epsilon >0\), generates \(\varTheta (n^2)\) uniformly random values, requiring in the worst case an amortized cost per party of \(\varTheta (\log n)\) exponentiations per random value We significantly improve on the SCRAPE protocol (Cascudo and David, ACNS 17), which required \(\varTheta (n^2)\) exponentiations per party to generate one uniformly random value This is mainly achieved via two techniques: first, the use of packed Shamir secret sharing for the PVSS; second, the use of linear t-resilient functions (computed via a Fast Fourier Transform-based algorithm) to improve the randomness extraction

VOD-ADAC: Anonymous Distributed Fine-Grained Access Control Protocol with Verifiable Outsourced Decryption in Public Cloud

Abstract: Remote data access control is of crucial importance in public cloud. Based on its own inclinations, the data owner predefines the access policy. When the user satisfies the data owner's access policy, it has the right to access the data owner's remote data. In order to improve flexibility and efficiency of remote data access control, attribute-based encryption (for short, ABE) is used to realize the remote data fine-grained access control. For the low-capacity terminals, verifiable outsourced decryption is a very attractive technique. In the real application scenarios, the user's attributes are usually managed by many authorities. When some authorized users access some sensitive remote data, they hope to preserve their identity privacy. From the two points, we propose an anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud (for short, VOD-ADAC). VOD-ADAC is a novel concept which is proposed for the first time in the paper. By adopting the pseudonym technique, the user's high anonymity can be achieved by frequently changing the independent pseudonyms at some highly social spots. This paper formalizes the system model and security model of VOD-ADAC protocol. Then, by using hybrid encryption technique of distributed ABE and symmetric encryption, a concrete VOD-ADAC protocol is designed from the bilinear pairings. Through security analysis and performance analysis, our proposed VOD-ADAC protocol is provably secure and efficient.

Drynx: Decentralized, Secure, Verifiable System for Statistical Queries and Machine Learning on Distributed Datasets

Abstract: Data sharing has become of primary importance in many domains such as big-data analytics, economics and medical research, but remains difficult to achieve when the data are sensitive. In fact, sharing personal information requires individuals’ unconditional consent or is often simply forbidden for privacy and security reasons. In this paper, we propose Drynx, a decentralized system for privacy-conscious statistical analysis on distributed datasets. Drynx relies on a set of computing nodes to enable the computation of statistics such as standard deviation or extrema, and the training and evaluation of machine-learning models on sensitive and distributed data. To ensure data confidentiality and the privacy of the data providers, Drynx combines interactive protocols, homomorphic encryption, zero-knowledge proofs of correctness, and differential privacy. It enables an efficient and decentralized verification of the input data and of all the system’s computations thus provides auditability in a strong adversarial model in which no entity has to be individually trusted. Drynx is highly modular, dynamic and parallelizable. Our evaluation shows that it enables the training of a logistic regression model on a dataset (12 features and 600,000 records) distributed among 12 data providers in less than 2 seconds. The computations are distributed among 6 computing nodes, and Drynx enables the verification of the query execution’s correctness in less than 22 seconds.

A Secure Flexible and Tampering-Resistant Data Sharing System for Vehicular Social Networks

Abstract: Vehicular social networks (VSNs) have emerged as the promising paradigm of vehicular networks that can improve traffic safety, relieve traffic congestion and even provide comprehensive social services by sharing vehicular sensory data. To selectively share the sensory data with other vehicles in the vicinity and reduce the local storage burden of vehicles, the vehicular sensory data are usually outsourced to vehicle cloud server for sharing and searching. However, existing data sharing systems for VSNs can neither provide secure selective one-to-many data sharing and verifiable data retrieval over encrypted data nor ensure that the integrity of retrieved data. In this paper, we propose FTDS, a secure flexible and tampering-resistant data sharing system for VSNs by introducing a novel secure key-aggregate search encryption scheme and a tampering-resistant blockchain technology. With the proposed FTDS system for VSNs, the vehicular sensory data can be selectively shared and retrieved in a fine-grained way. Besides, our system allows vehicle data users to detect any unauthorized manipulation. Then, we present the detailed security analysis to prove that the proposed data sharing system can achieve both selective security and verifiability. We also evaluate its performance and demonstrate that it is efficient and practical for the VSNs scenarios.

Boomerang: Redundancy Improves Latency and Throughput in Payment-Channel Networks

Abstract: In multi-path routing schemes for payment-channel networks, Alice transfers funds to Bob by splitting them into partial payments and routing them along multiple paths. Undisclosed channel balances and mismatched transaction fees cause delays and failures on some payment paths. For atomic transfer schemes, these straggling paths stall the whole transfer. We show that the latency of transfers reduces when redundant payment paths are added. This frees up liquidity in payment channels and hence increases the throughput of the network. We devise Boomerang, a generic technique to be used on top of multi-path routing schemes to construct redundant payment paths free of counterparty risk. In our experiments, applying Boomerang to a baseline routing scheme leads to 40% latency reduction and 2\({\times }\) throughput increase. We build on ideas from publicly verifiable secret sharing, such that Alice learns a secret of Bob iff Bob overdraws funds from the redundant paths. Funds are forwarded using Boomerang contracts, which allow Alice to revert the transfer iff she has learned Bob’s secret. We implement the Boomerang contract in Bitcoin Script.

Verifiable Timed Signatures Made Practical

Abstract: A verifiable timed signature (VTS) scheme allows one to time-lock a signature on a known message for a given amount of time T such that after performing a sequential computation for time T anyone can extract the signature from the time-lock. Verifiability ensures that anyone can publicly check if a time-lock contains a valid signature on the message without solving it first, and that the signature can be obtained by solving the same for time T. This work formalizes VTS, presents efficient constructions compatible with BLS, Schnorr, and ECDSA signatures, and experimentally demonstrates that these constructions can be employed in practice. On a technical level, we design an efficient cut-and-choose protocol based on the homomorphic time-lock puzzles to prove the validity of a signature encapsulated in a time-lock puzzle. We also present a new efficient range proof protocol that significantly improves upon existing proposals in terms of the proof size, and is also of independent interest. While VTS is a versatile tool with numerous existing applications, we demonstrate VTS's applicability to resolve three novel challenging issues in the space of cryptocurrencies. Specifically,we show how VTS is the cryptographic cornerstone to construct:(i) Payment channel networks with improved on-chain unlinkability of users involved in a transaction, (ii) multi-party signing of transactions for cryptocurrencies without any on-chain notion oftime and (iii) cryptocurrency-enabled fair multi-party computation protocol.

Oblivious Pseudorandom Functions from Isogenies

Abstract: An oblivious PRF, or OPRF, is a protocol between a client and a server, where the server has a key k for a secure pseudorandom function F, and the client has an input x for the function. At the end of the protocol the client learns F(k, x), and nothing else, and the server learns nothing. An OPRF is verifiable if the client is convinced that the server has evaluated the PRF correctly with respect to a prior commitment to k. OPRFs and verifiable OPRFs have numerous applications, such as private-set-intersection protocols, password-based key-exchange protocols, and defense against denial-of-service attacks. Existing OPRF constructions use RSA-, Diffie-Hellman-, and lattice-type assumptions. The first two are not post-quantum secure.

Incrementally Aggregatable Vector Commitments and Applications to Verifiable Decentralized Storage

Abstract: Vector commitments with subvector openings (SVC) [Lai-Malavolta, Boneh-Bunz-Fisch; CRYPTO’19] allow one to open a committed vector at a set of positions with an opening of size independent of both the vector’s length and the number of opened positions.

Boosting Verifiable Computation on Encrypted Data

Abstract: We consider the setting in which an untrusted server stores a collection of data and is asked to compute a function over it. In this scenario, we aim for solutions where the untrusted server does not learn information about the data and is prevented from cheating. This problem is addressed by verifiable and private delegation of computation, proposed by Gennaro, Gentry and Parno (CRYPTO’10), a notion that is close to both the active areas of homomorphic encryption and verifiable computation (VC). However, in spite of the efficiency advances in the respective areas, VC protocols that guarantee privacy of the inputs are still expensive. The only exception is a protocol by Fiore, Gennaro and Pastro (CCS’14) that supports arithmetic circuits of degree at most 2. In this paper we propose new efficient protocols for VC on encrypted data that improve over the state of the art solution of Fiore et al. in multiple aspects. First, we can support computations of degree higher than 2. Second, we achieve public delegatability and public verifiability whereas Fiore et al. need the same secret key to encode inputs and verify outputs. Third, we achieve a new property that guarantees that verifiers can be convinced about the correctness of the outputs without learning information on the inputs. The key tool to obtain our new protocols is a new SNARK that can efficiently handle computations over a quotient polynomial ring, such as the one used by Ring-LWE somewhat homomorphic encryption schemes. This SNARK in turn relies on a new commit-and-prove SNARK for proving evaluations on the same point of several committed polynomials. We propose a construction of this scheme under an extractability assumption over bilinear groups in the random oracle model.

Verifiable hybrid secret sharing with few qubits

Abstract: We consider the task of sharing a secret quantum state in a quantum network in a verifiable way. We propose a protocol that achieves this task, while reducing the number of required qubits, as compared to the existing protocols. To achieve this, we combine classical encryption of the quantum secret with an existing verifiable quantum secret sharing scheme based on Calderbank-Shor-Steane quantum error correcting codes. In this way we obtain a verifiable hybrid secret sharing scheme for sharing qubits, which combines the benefits of quantum and classical schemes. Our scheme does not reveal any information to any group of less than half of the $n$ nodes participating in the protocol. Moreover, for sharing a one-qubit state each node needs a quantum memory to store $n$ single-qubit shares, and requires a workspace of at most $3n$ qubits in total to verify the quantum secret. Importantly, in our scheme an individual share is encoded in a single qubit, as opposed to previous schemes requiring $\mathrm{\ensuremath{\Omega}}(logn)$ qubits per share. Furthermore, we define a ramp verifiable hybrid scheme. We give explicit examples of various verifiable hybrid schemes based on existing quantum error correcting codes.

Verifiable and Forward-secure Encrypted Search Using Blockchain Techniques

Abstract: Dynamic Symmetric Searchable Encryption (SSE) is a practical cryptographic primitive that enables data owners to search and update encrypted data hosted on untrusted servers. Recently, there is a growing interest to design dynamic SSE schemes with forward security. That is, the server cannot learn the association between the updated data and any query made in the past. However, due to the complexity of update operations, this security property introduces a great challenge of designing verifiable SSE schemes. It is difficult to verify the correctness of updated search results while preserving forward privacy. In this work, we explore how blockchain techniques can help us achieve a verifiable and dynamic SSE construction with forward security. First, we propose a new dynamic SSE scheme based on blockchain techniques, and apply it as the underlying building blocks to preserve forward-secure updates. Second, we resort to the emerging smart contract technique to customize a verification scheme, making updated results easily verifiable. Based on this new primitive, the robustness of the encrypted search service is ensured and forward security is preserved for update operations. Finally, we implement the prototype in Python and Solidity, and conduct performance evaluations on Ethereum. The extensive security analysis and performance evaluations on the real-world dataset demonstrate that our blockchain-assisted SSE scheme is secure and feasible.

An active and verifiable trust evaluation approach for edge computing

Abstract: Billions of Internet of Thing (IoT) devices are deployed in edge network. They are used to monitor specific event, process and to collect huge data to control center with smart decision based on the collected data. However, some malicious IoT devices may interrupt and interfere with normal nodes in data collection, causing damage to edge network. Due to the open character of the edge network, how to identify the credibility of these nodes, thereby identifying malicious IoT devices, and ensure reliable data collection in the edge network is a great challenge. In this paper, an Active and Verifiable Trust Evaluation (AVTE) approach is proposed to identify the credibility of IoT devices, so to ensure reliable data collection for Edge Computing with low cost. The main innovations of the AVTE approach compared with the existing work are as follows: (1) In AVTE approach, the trust of the device is obtained by an actively initiated trusted detection routing method. It is fast, accurate and targeted. (2) The acquisition of trust in the AVTE approach is based on a verifiable method and it ensures that the trust degree has higher reliability. (3) The trust acquisition method proposed in this paper is low-cost. An encoding returned verification method is applied to obtain verification messages at a very low cost. This paper proposes an encoding returned verification method, which can obtain verification messages at a very low cost. In addition, the strategy of this paper adopts initiation and verification of adaptive active trust detection according to the different energy consumption of IoT devices, so as to reliably obtain the trust of device under the premise of ensuring network lifetime. Theoretical analysis shows that AVTE approach can improve the data collection rate by 0.5 ~ 23.16% while ensuring long network lifetime compared with the existing scheme.

SVkNN: Efficient Secure and Verifiable k-Nearest Neighbor Query on the Cloud Platform *

Abstract: With the boom in cloud computing, data outsourcing in location-based services is proliferating and has attracted increasing interest from research communities and commercial applications. Nevertheless, since the cloud server is probably both untrusted and malicious, concerns of data security and result integrity have become on the rise sharply. However, there exist little work that can commendably assure the data security and result integrity using a unified way. In this paper, we study the problem of secure and verifiable k nearest neighbor query (SVkNN). To support SVkNN, we first propose a novel unified structure, called verifiable and secure index (VSI). Based on this, we devise a series of secure protocols to facilitate query processing and develop a compact verification strategy. Given an SVkNN query, our proposed solution can not merely answer the query efficiently while can guarantee: 1) preserving the privacy of data, query, result and access patterns; 2) authenticating the correctness and completeness of the results without leaking the confidentiality. Finally, the formal security analysis and complexity analysis are theoretically proven and the performance and feasibility of our proposed approaches are empirically evaluated and demonstrated.

Tight Verifiable Delay Functions

Abstract: A Verifiable Delay Function (VDF) is a function that takes at least T sequential steps to evaluate and produces a unique output that can be verified efficiently, in time essentially independent of T. In this work we study tight VDFs, where the function can be evaluated in time not much more than the sequentiality bound T.

Insured MPC: Efficient Secure Computation with Financial Penalties

Abstract: Fairness in Secure Multiparty Computation (MPC) is known to be impossible to achieve in the presence of a dishonest majority. Previous works have proposed combining MPC protocols with cryptocurrencies in order to financially punish aborting adversaries, providing an incentive for parties to honestly follow the protocol. The focus of existing work is on proving that this approach is possible and unfortunately they present monolithic and mostly inefficient constructions. In this work, we put forth the first UC secure modular construction of “Insured MPC”, where either the output of the private computation (which describes how to distribute funds) is fairly delivered or a proof that a set of parties has misbehaved is produced, allowing for financial punishments. Moreover, both the output and the proof of cheating are publicly verifiable, allowing third parties to independently validate an execution. We present an efficient compiler that implements Insured MPC from an MPC protocol with certain properties, a standard (non-private) Smart Contract and a publicly verifiable homomorphic commitment scheme. As an intermediate step, we propose the first construction of a publicly verifiable homomorphic commitment scheme with composability guarantees.

Secure Verifiable Database Supporting Efficient Dynamic Operations in Cloud Computing

Abstract: Storage is one of the main services that the cloud provides users. Utilizing the cloud to store large amounts of data can alleviate the cost of storage and the hardware investment on the local side, which is very important for resource-restricted clients. An emerging issue for clients is how to verify the database in the could after outsourcing their data to the cloud. Many verifiable database (VDB) schemes have been proposed by researchers that can solve this issue. However, some of the existing schemes cannot satisfy the practical requirements of database verifiability. In this paper, we propose a secure verifiable database scheme that is based on the polynomial commitment for cloud computing, which can realize the verifiability of database records in the cloud. Moreover, the proposed scheme can support public verifiability in that all clients in the system can verify the database. In addition, we use the BLS signature and the index-hash table to construct dynamic operations for the database. Security analysis shows that our scheme can achieve real-world security requirements. The simulation results show that our scheme is more efficient than similar schemes.