HotPETs _ Session 3: Whodunnit

To join this session, simply click on the button above. If you cannot see this button, make sure you are logged in (see the upper-right corner of your screen).

Talk: The current state of denial

Authors: Sofía Celi and Iraklis Symeonidis

Abstract: What is deniability? Although it might sound trivial, these questions have sparked a series of debates on the privacy community ranging from a legal to a technical perspective. In the context of private communications, this question is notoriously difficult to approach and analyze. To answer it, one needs to look at the broader picture in which deniability applies. In this paper, we aim to provide a notion of deniability by making more explicit the definitions given in the work of Canetti et al. [1], Unger [2], and Walfish [3]. We provide this definition by studying the system model in which deniability in private messaging occurs. We do this by looking at the key features and types of deniability on peer-to-peer communications, and by introducing the notion of an “accuser” as the main adversary and considering judges as oracles. Thus, we create an outline of a general model for defining deniability.

What our paper also aims is to emphasize on the open questions on deniability. For example, whether the current model can be generalized to group messaging, whether metadata can be deniable, and whether both coerced participants can break deniability. Additionally, we will analyze the means to examine the current private messaging applications. Currently, there is limited research that examines the deployed private messaging protocols. We will investigate whether the existing private messaging applications preserve the definitions of deniability and how. Thus, this paper aims to provide the main highlights and directions for these focus-points as an introduction to the current study in progress. Future research will aim at answering the open questions and will examine how private messaging protocols approach deniability.

[1] CANETTI, R., PARK, S., AND POBURINNAYA, O. Fully deniable interactive encryption.

https://eprint.iacr.org/2018/1244. Accessed June, 2017.

[2] UNGER, N. Deniable key exchanges for secure messaging.

https://uwspace.uwaterloo.ca/bitstream/handle/10012/9406/Unger_Nik.pdf. Accessed March, 2020.

[3] WALFISH, S. Enhanced security models for network

Protocols.https://cs.nyu.edu/media/publications/walfish_shabsi.pdf. Accessed March, 2020.

Talk: Probably private protocols

Author: Ryan Henry

Abstract: Cryptographers are a curious bunch. In one breath, we insist upon ultra-rigorous threat models and elaborate, if cryptic, formal definitions precision-crafted to thwart implausibly strong attackers hell-bent on expending astronomical resources for the sole purpose of plundering… Alice’s collection of cat memes. In the next breath, we conjure up some bodacious new computational problems and mathemagically “prove” that our constructions are secure in a brave new world (to borrow a phrase from Koblitz and Menezes) where these fledgling problems are presumed—sans compelling evidence—to be wholly intractable.

This talk forges ahead with this peculiar cryptographic tradition by advocating unironically on behalf of the unimpeachably bodacious and indubitably precarious assumption ofnon-collusion. Specifically, the talk will outline my vision for what I dub the HotPETs probably private protocols paradigm (HP6)†, a moniker I settled on after mistyping “provably” as “probably” for the umpteen-and-a-half’th time‡. Essentially, HP6 protocols vow exceptionally strong privacy if—and only if—Mercury is in retrograde not a single member of some (user-selected) ad hoc cohort happens to be in cahoots with any other. In particular, the HP6 design philosophy pursues extreme performance at the expense of making strong assumptions and leaving risky bets unhedged.

Footnotes:

†The extra P is for privacy (à la DP5).

‡ After all, the words “provably” and “probably” are virtually synonymic in the brave new world of bodacious assumptions.