Use the red “Join on YouTube” button above to join the livestream. If you cannot see this button, make sure you are logged in (see the upper-right corner of your screen).
Session chair: Markulf Kohlweiss
Reputable List Curation from Decentralized Voting
Elizabeth Crites (University College London), Mary Maller (Ethereum Foundation), Sarah Meiklejohn (University College London), and Rebekah Mercer (O(1) Labs)
Token-curated registries (TCRs) are a mechanism by which a set of users are able to jointly curate a reputable list about real-world information. Entries in the registry may have any form, so this primitive has been proposed for use -- and deployed -- in a variety of decentralized applications, ranging from the simple joint creation of lists to helping to prevent the spread of misinformation online. Despite this interest, the security of this primitive is not well understood, and indeed existing constructions do not achieve strong or provable notions of security or
privacy. In this work, we provide a formal cryptographic treatment of TCRs as well as a construction that provably hides the votes cast by individual curators. Along the way, we provide a model and proof of security for an underlying voting scheme, which may be of independent interest.
Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements
Mihir Bellare (UC San Diego), Wei Dai (UC San Diego), and Phillip Rogaway (UC Davis)
We describe a reformulation of classical secret-sharing that aims to crate a safer and more versatile primitive. In particular, we describe how, and why, to add authenticity, correct errors, and reduce randomness requirements. These concerns arise organically from a desire to create general-purpose libraries and apps for secret sharing that can withstand both strong adversaries and routine operational errors.
Mind the Gap: Ceremonies for Applied Secret Sharing
Bailey Kacsmar (University of Waterloo), Chelsea H. Komlo (University of Waterloo), Florian Kerschbaum (University of Waterloo), and Ian Goldberg (University of Waterloo)
Secret sharing schemes are desirable across a variety of real-world settings due to the security and privacy properties they can provide, such as availability and separation of privilege. However, transitioning secret sharing schemes from theoretical research to practical use must account for gaps in achieving these properties that arise due to the realities of concrete implementations, threat models, and use cases. We present a formalization and analysis, using Ellison's notion of ceremonies, that demonstrates how simple variations in use cases of secret sharing schemes result in the potential loss of some security properties, a result that cannot be derived from the analysis of the underlying cryptographic protocol alone. Our framework accounts for such variations in the design and analysis of secret sharing implementations by presenting a more detailed user-focused process and defining previously overlooked assumptions about user roles and actions within the scheme to support analysis when designing such ceremonies. We identify existing mechanisms that, when applied to an appropriate implementation, close the security gaps we identified. We present our implementation including these mechanisms and a corresponding security assessment using our framework.
Tandem: Securing Keys by Using a Central Server While Preserving Privacy
Wouter Lueks (EPFL), Brinda Hampiholi (Radboud University / Philips), Greg Alpár (Open University), and Carmela Troncoso (EPFL)
Users' devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys. We present Tandem, a novel set of protocols for securing cryptographic keys with support from a central server. Tandem uses one-time-use key-share tokens to preserve users' privacy with respect to a malicious central server. Additionally, Tandem enables users to block their keys if they lose their device, and it enables the server to limit how often an adversary can use an unblocked key. We prove Tandem's security and privacy properties, apply Tandem to attribute-based credentials, and implement a Tandem proof of concept to show that it causes little overhead.