One of main challenges hindering the widespread adoption of permissionless cryptocurrency systems is their limited scalability. During the talk I will present some recent results on protocols that allow blockchain based systems to scale.

The recently deployed Zcash cryptocurrency supports private transactions
where sender, receiver and amount are not revealed; and yet, an outside
observer can still distinguish between a valid and non-valid transaction.
In this talk, I will describe how Zcash private transactions work,
and, time permitting, give some intuition on the tool underlying them -
zero-knowledge proofs.

ההרצאה תינתן באנגלית - Lecture will be given in English

ביום רביעי 14/6/2017 הוא יקיים הרצאה למומחים במסגרת סמינר בקריפטולוגיה. פרטים כאן.

The cryptographic hash function SHA-1 is an important industry standard used for various applications such as digital signatures, file deduplication and Git.
The security of many applications depends on that it is infeasible to find hash collisions, i.e. two files with the same hash.
However, SHA-1 has been known to be weak since 2004 when the first theoretical collision attack faster than a brute force attack was presented.
Collision attacks have improved since then, but actually finding a collision remained just out of reach for more than a decade.
In this talk I will discuss the ideas and impact of the first SHA-1 collision that we announced last February
after a 2-year collaboration between CWI and Google.

Joint work with Ange Albertini, Elie Bursztein, Pierre Karpman and Yarik Markov.

Proof-of-work (PoW) schemes play a crucial role in maintaining consensus in cryptocurrency networks.
Ideally, a PoW scheme should not promote centralization by incentivizing miners (provers) to collaborate,
as such concentration of power is contradictory to the philosophy of cryptocurrencies.
Unfortunately, the simple prover's algorithm in Bitcoin's PoW scheme has a very efficient implementation on dedicated hardware,
and as a result a significant portion of Bitcoin mining today is performed by centralized mining rigs.
In this talk I will present a recent PoW scheme (called MTP) designed by Biryukov and Khovratovich in order to combat mining centralization.
I will then describe a gap in MTP's security analysis and use it to break its security claims.

Voting is one of the most recognized symbols of democracy. Having been around for over two millennia, we might expect voting mechanisms to be a solved problem. However, it turns out that this is not the case. The reason is a "contradiction" in our security requirements from voting. We want voting to be resistant to vote buying and coercion---implying ballots must be secret---but at the same time *verifiably* resistant to tampering---implying that the ballot counting must be public.
Surprisingly, this contradiction can be resolved! Using cryptography, we can construct "end-to-end-verifiable" voting systems with secret ballots *and* verifiable integrity.
In this talk, I will give an introduction to cryptographic voting schemes and highlight some unexpected advantages over their non-verifiable brethren: a potential for increased robustness, flexibility and 'traditional' (non-cryptographic) auditability.

A distributed computation in which nodes are connected by a partial communication graph is called topology-hiding if it does not reveal information about the graph (beyond what is revealed by the output of the function). Previous results [Moran-Orlov-Richelson TCC'15; Hirt-Maurer-Tschudi-Zikas CRYPTO’16] have shown that topology-hiding computation protocols exist for graphs of logarithmic diameter (in the number of nodes), but the feasibility question for graphs of larger diameter was open even for very simple graphs such as chains, cycles and trees.
We positively resolve the above open problem, proving that topology-hiding computation is feasible for all graphs under the Decisional Diffie-Hellman (DDH) assumption.
Our techniques are to first construct topology-hiding protocols for a large class of large-diameter networks, including cycles, chains, trees, and graphs with logarithmic circumference. Second, on networks of an arbitrary and unknown topology, we employ random-walks to generate paths covering the graph, upon which we apply our topology-hiding protocol for chain-graphs (paths). To prevent topology information being revealed by the random-walk, we design multiple random-walks that, together, are locally identical to receiving at each round a message from each neighbors and sending back processed messages in a randomly permuted order.

Based on a joint work with Tal Moran that appeared in Eurocrypt 2017, and a joint work with Rio LaVigne and Tal Moran to appear in Crypto 2017.

There are various theoretically-efficient constructions of public-randomness (i.e., Arthur-Merlin type) Zero-Knowledge Succinct Arguments of Knowledge in the random oracle model, for computations-verification (also known as verifiable-computation and computational-integrity). Those constructions could be used to solve many real world problems; Unfortunately, reducing those fabulous theoretical systems to broadly-adaptable implementations is a challenging task. This talk surveys our efforts to construct such systems with concrete (rather than asymptotic) efficiency. This requires improving both theory and practice in a concerted effort, and led to an efficient proof-of-concept implementation supported by new theoretical results and which leads to interesting theoretical and practical questions.

This is a joint work with Eli Ben-Sasson, Iddo Ben-Tov, and Yinon Horesh.

16:00

דברי סיום

16:45

רוב ההרצאות תתקיימנה בעברית - Most lectures will be given in Hebrew

שקפי ההרצאות יופיעו בדף זה לאחר האירוע, מותנה באישור המרצים