Attacking Non-Standard Secure Computation Constructions

Master Thesis

Motivation

By now, demands for privacy can be found across a variety of computer science domains not just restricted to cryptographic research anymore. Top conferences and journals in AI, signal processing, parallel and distributed computing, and many more disciplines include special calls for works dealing with the privacy issues encountered in their area-specific applications.

However, such works often result in non-standard secure computation constructions relying on ad-hoc security notions that might be insufficient and completely insecure. Recently, such a case for a privacy-preserving scalar computation protocol that has found wide adoption in numerous applications was identified and heavily broken in [1]. The work in question violated a fundamental impossibility result of Impagliazzo and Rudich [2] in well-established security notions and, as a result, practical attacks that completely break privacy were found. Based on this, similar works that might already be employed by applications could suffer from undiscovered privacy issues as well.

Goal

The goal of the thesis is to survey a predefined set of high-impact venues for papers considering secure computation tasks. From this, works that violate well-known lower bounds or impossibility results like [2] and/or make use of non-standard techniques need to be identified. Then, for appropriate works, specific attacks and possible fixes need to be proposed, implemented, and verified. Finally, a common characteristic of found deficiencies can be diagnosed.

Requirements

  • Knowledge of cryptography (course “Introduction to Cryptography”)
  • Knowledge of secure computation and cryptographic complexity theory are highly beneficial (e.g., via courses “Cryptographic Protocols” and/or “Cryptoplexity")
  • High motivation + ability to work independently
  • Knowledge of the English language, Git, LaTeX, etc. goes without saying

References

Supervisors