BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Malleability in Modern Cryptography - Markulf Kohlweiss\, MSRC
DTSTART:20120314T100000Z
DTEND:20120314T110000Z
UID:TALK36850@talks.cam.ac.uk
CONTACT:Microsoft Research Cambridge Talks Admins
DESCRIPTION:In recent years\, malleable cryptographic primitives have adva
 nced from being seen as a weakness allowing for attacks\, to being conside
 red a potentially useful feature. Malleable primitives are cryptographic o
 bjects that allow for meaningful computations\, as most notably in the exa
 mple of fully homomorphic encryption. Malleability is\, however\, a notion
  that is difficult to capture both in the hand-written and the formal secu
 rity analysis of protocols.\n\nIn my work\, I look at malleability from bo
 th angles. On one hand\, it is a source of worrying attacks that have\, e.
 g.\, to be mitigated in a verified implementation of the transport layer s
 ecurity (TLS) standard used for securing the Internet. On the other hand\,
  malleability is a feature that helps to build efficient protocols\, such 
 as delegatable anonymous credentials and fast and resource friendly proofs
  of computations for smart metering. We are building a zero-knowledge comp
 iler for a high-level relational language (ZQL)\, that systematically opti
 mizes and verifies the use of such cryptographic evidence.\n\nWe recently 
 discovered that malleability is also applicable to verifiable shuffles\, a
 n important building block for universally verifiable\, multi-authority el
 ection schemes. We construct a publicly verifiable shuffle that for the fi
 rst time uses one compact proof to prove the correctness of an entire mult
 i-step shuffle. In our work\, we examine notions of malleability for non-i
 nteractive zero-knowledge (NIZK) proofs. We start by defining a malleable 
 proof system\, and then consider ways to meaningfully ‘control’ the ma
 lleability of the proof system. In our shuffle application controlled-mall
 eable proofs allow each mixing authority to take as input a set of encrypt
 ed votes and a controlled-malleable NIZK proof that these are a shuffle of
  the original encrypted votes submitted by the voters\; it then permutes a
 nd re-randomizes these votes and updates the proof by exploiting its contr
 olled malleability.\n
LOCATION:Large lecture theatre\, Microsoft Research Ltd\, 7 J J Thomson Av
 enue (Off Madingley Road)\, Cambridge
END:VEVENT
END:VCALENDAR