权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

SaTC: CORE: Small: Practice-Driven Cryptographic Theory

SaTC：核心：小型：实践驱动的密码理论

基本信息

批准号：
2154272
负责人：
Mihir Bellare
金额：
$ 50万
依托单位：
University of California-San Diego
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2022
资助国家：
美国
起止时间：
2022-06-01 至 2025-05-31
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2154272&HistoricalAwards=false
关键词：
SaTC CORE Small Practice Driven

项目摘要

When users go to a popular Internet site, their browser will show a lock symbol, indicating that cryptography is being used to secure the communications. This cryptography has different components, including signature schemes and schemes for authenticated encryption. The same cryptography is also the basis of security in popular messaging apps, and used in many cryptocurrencies. Similarly, Callisto, a tool that allows victims to report sexual assault while protecting their privacy, uses a new and advanced form of cryptography called a two-party secure computation protocol, and usage of this tool is expanding. But does all this cryptography actually work, meaning provide the expected security? This question is not moot: recent years have witnessed attacks breaking widely-deployed cryptography, and this impacts millions of people. This project aims to validate existing cryptography via mathematical proofs of security, an approach that is now well accepted as reducing the likelihood of failures. The work aims to provide such proofs for widely-used signature schemes, authenticated encryption schemes and two-party secure computation protocols, increasing security assurance for the cryptography in use today. The project will likewise identify forms of cryptography that are important to future capabilities and needs, and build this next-generation cryptography, accompanying it again by proof-based validation so as to reduce the risk of future failure. The broader impacts include a software tool called PlayCrypt that will educate students in the design of high-assurance cryptography as needed in industry today. The project will also seek to broaden participation by confronting paucity of women in academia as something to be addressed early in the pipeline, not later, and focus on identifying promising women undergraduates and, through research, advancing them to PhD positions; then, working with women PhD students, advancing them to faculty positions. EdDSA is a signature scheme that is a government standard and widely used on the Internet. Existing security proofs for it, however, suffer from three limitations: they fail to prove security of the scheme that is actually in use due to improper modeling of the hash functions; the reductions underlying the proofs are so loose that the quantitative security guarantee, for the 256-but curves in which the scheme is implemented, is almost nil; the quantitative security guarantees in the multi-user setting relevant to the Internet are even worse. This project aims to fill all these gaps, by introducing the filtered Random Oracle Model and a corresponding notion of filtered indifferentiability; and a reduction from the classical Schnorr signature scheme rather than from an algebraic problem. The project will also consider authenticated encryption schemes like Galois/Counter Mode (GCM) that are currently used to encrypt data over the Internet, and explain that they fail to provide security for certain choices of nonces, a gap to be filled with a framework that allows users to pick, with confidence, nonces we show, via proofs, to result in secure encryption. The project will also show how to extend current authenticated encryption schemes to ones that commit to their key, thereby preventing certain new classes of attacks on password-based encryption, and moreover show how key-committing authenticated encryption results in secure password-based authenticated encryption. Finally, the project will revisit the foundations of two-party secure computation, giving definitions amenable to a concrete-security treatment, and giving security proofs that deliver protocols whose security is quantitatively as high as possible, leading to the best possible efficiency for a desired level of security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

当用户访问一个流行的互联网网站时，他们的浏览器将显示一个锁定符号，表明正在使用加密技术来保护通信。这种加密有不同的组成部分，包括签名方案和认证加密方案。同样的加密技术也是流行的消息应用程序的安全基础，并用于许多加密货币。类似地，Callisto是一种允许受害者在保护隐私的同时报告性侵犯的工具，它使用了一种新的高级密码学形式，称为双方安全计算协议，这种工具的使用正在扩大。但是，所有这些加密技术真的有效吗？也就是说提供了预期的安全性吗？这个问题并不是没有意义的：近年来，已经有攻击破坏了广泛部署的密码学，这影响了数百万人。该项目旨在通过安全性的数学证明来验证现有的密码学，这种方法现在被广泛接受为减少失败的可能性。该工作旨在为广泛使用的签名方案，认证加密方案和两方安全计算协议提供这样的证明，提高当今使用的密码学的安全性保证。该项目还将确定对未来能力和需求至关重要的加密形式，并构建这种下一代加密技术，同时再次进行基于证据的验证，以降低未来失败的风险。更广泛的影响包括一个名为PlayCrypt的软件工具，该工具将教育学生设计当今行业所需的高保证加密技术。该项目还将寻求扩大参与，将学术界中妇女人数不足的问题作为一个问题及早解决，而不是在以后解决，并将重点放在确定有前途的女本科生，通过研究，将她们提升到博士职位;然后，与女博士生合作，将她们提升到教师职位。EdDSA是一种签名方案，是政府标准，广泛用于互联网。现有的安全性证明存在三个局限性：由于对散列函数的建模不当，无法证明实际使用的方案的安全性;证明中的归约过于松散，以至于对256-but曲线的安全性保证几乎为零;在与因特网相关的多用户设置中的定量安全保证甚至更差。该项目旨在填补所有这些空白，通过引入过滤随机Oracle模型和过滤不可微性的相应概念;以及从经典Schnorr签名方案而不是从代数问题中减少。该项目还将考虑目前用于在互联网上加密数据的Galois/Counter Mode（GCM）等认证加密方案，并解释它们无法为某些随机数的选择提供安全性，这一空白将由一个框架填补，该框架允许用户有信心地选择我们通过证明显示的随机数，以实现安全加密。该项目还将展示如何将当前的认证加密方案扩展到提交其密钥的方案，从而防止对基于密码的加密的某些新类别的攻击，并展示密钥提交认证加密如何导致安全的基于密码的认证加密。最后，该项目将重新审视双方安全计算的基础，给出适合具体安全处理的定义，并给出安全证明，以提供安全性尽可能高的协议，该奖项反映了NSF的法定使命，并通过使用基金会的智力价值进行评估，被认为值得支持和更广泛的影响审查标准。

项目成果

期刊论文数量（4）

专著数量（0）

科研奖励数量（0）

会议论文数量（0）

专利数量（0）

Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA

通过 Derive-then-Derandomize 强化签名方案：EdDSA 的更强安全证明

DOI：
发表时间：
2023
期刊：
26th IACR International Conference on Practice and Theory of Public-Key Cryptography
影响因子：
0
作者：
Bellare, Mihir;Davis, Hannah;Di, Zijing
通讯作者：
Di, Zijing

When Messages Are Keys: Is HMAC a Dual-PRF?

当消息成为密钥时：HMAC 是双 PRF 吗？