MACS Project Meeting, May 2017

Date:
Friday, May 19, 2017

Location:
Northeastern University, West Village H, room 366.

Schedule:

9:00 – 9:20 Breakfast (provided)
9:20 – 10:20
  • Aanchal Malhotra, Securing the Network Time Protocol
  • Yossi Gilad, Algorand: Scaling Byzantine Agreements for Cryptocurrencies
10:20 – 10:40 Break
10:40 – 12
  • Frank Wang, Splinter: Practical Private Queries on Public Data (slides)
  • Srini Devadas, Towards a formally verified Sanctum processor
  • Haibin Zhang, Secure causal atomic broadcast, revisited (slides)
12 – 1:30 Lunch (provided), and faculty-only meeting in WVH 362
1:30 – 2:30
  • Kyle Hogan, Enhancing the Privacy Offered by Monero (slides)
  • Mor Weiss, How to Construct a Leakage-Resilient Trusted Party
2:30 – 3 Break
3 – 4
  • Oxana Poburinnaya, Better Two-Round Adaptive Multi-Party Computation (slides)
  • Jason Hennessey, Bolted: Securing Bare Metal Clouds
4 – 4:30 Discussion

Selected abstracts:

Yossi Gilad, Algorand: Scaling Byzantine Agreements for Cryptocurrencies

Algorand is a new cryptocurrency system that can confirm transactions with latency on the order of a minute while scaling to many users. Algorand ensures that users never have divergent views of confirmed transactions, even if some of the users are malicious and the network is partitioned.  In contrast, existing cryptocurrencies allow for temporary forks and therefore require a long time, on the order of an hour, to confirm transactions with high confidence.

Algorand uses a new Byzantine Agreement (BA) protocol to reach consensus among users on the next set of transactions. To scale the consensus to many users, Algorand uses a novel mechanism based on Verifiable Random Functions that allows users to privately check whether they are selected to participate in the BA to agree on the next set of transactions, and to include a proof of their selection in their network messages. In Algorand’s BA protocol, users do not keep any private state except for their private keys, which allows Algorand to replace participants immediately after they send a message.  This mitigates targeted attacks on chosen participants after their identity is revealed. We implement Algorand and evaluate its performance on 1,000 EC2 virtual machines, simulating up to 500,000 users.  Experimental results show that Algorand confirms transactions in under a minute, achieves 30x Bitcoin’s throughput, and incurs almost no penalty for scaling to more users.

 

Mor WeissHow to Construct a Leakage-Resilient Trusted Party

Trusted parties and devices are commonly used in the real world to securely perform computations on secret inputs. However, their security can often be compromised by side-channel attacks in which the adversary obtains partial leakage on intermediate computation values. This gives rise to the following natural question: to what extent can one protect the trusted party against leakage?

Our goal is to design a hardware device T that allows m ≥ 1 parties to securely evaluate a function f(x1,…,xm) of their inputs, by feeding T with encoded inputs that are obtained using local secret randomness. Security should hold in the presence of an active adversary that can corrupt a subset of parties, and obtain restricted leakage on the internal computations in T. We design hardware devices T in this setting both for zero-knowledge proofs and for general multi-party computations. Our constructions can unconditionally resist either AC0 leakage, or a strong form of “only computation leaks” (OCL) leakage that captures realistic side-channel attacks, providing different tradeoffs between efficiency and security.

Joint work with Daniel Genkin and Yuval Ishai.

 

Oxana Poburinnaya, Better Two-Round Adaptive Multi-Party Computation

The only known two-round multi-party computation protocol that withstands adaptive corruption of all parties is the ingenious protocol of Garg and Polychroniadou [TCC 15]. We present protocols that improve on the GP protocol in a number of ways. First, concentrating on the semi-honest case and taking a different approach than GP, we show a two-round, adaptively secure protocol where: Only a global (i.e., non-programmable) reference string is needed. In contrast, in GP the reference string is programmable, even in the semi-honest case.

Only polynomially-secure indistinguishability obfuscation for circuits and injective one way functions are assumed. In GP, sub-exponentially secure IO is assumed.

Second, we show how to make the GP protocol have only RAM complexity, even for Byzantine corruptions. For this we construct the first statistically-sound non-interactive Zero-Knowledge scheme with RAM complexity.

Joint work with Ran Canetti and Muthuramakrishnan Venkitasubramaniam.

 

Jason Hennessey, Bolted: Securing Bare Metal Clouds

This work introduces Bolted, an architecture for increasing a tenant’s trust of the firmware and software installed on a leased bare metal server. In general, when executing in a cloud environment, the tenant must trust all the software on top of which it executes. When tenants make use of bare metal nodes, there is less software to trust, but more opportunities for previous tenants to compromise the privileged software and firmware, introducing persistent malware to a machine.

To increase a tenant’s trust in the bare metal node, we propose that the boot process consist of open and simple components, each of which is measured prior to being executed with remote attestation on a machine trusted by the tenant. Bolted makes use of Coreboot and Heads (a hardened, minimal Linux) as the main firmware infrastructure; Keylime, a distributed, tenant-operated attestation infrastructure that leverages a node’s TPM; HIL, a network isolation and maximal tenant control; and BMI, for very fast imagine provisioning under tenant’s control. In this way, tenants can have a level of confidence in the components based on two mechanisms: they can be inspected for correct functionality; and attestations can be provided based on their measurements to show that no modifications had been made between boots.

A collaboration between BU, Northeastern, Two Sigma and MIT Lincoln Lab.