EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso ....
Transcript of EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso ....
![Page 1: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/1.jpg)
Cryptographybeyondmessage encryption
Carmela Troncoso
24.06.2020
![Page 2: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/2.jpg)
Car
mel
a Tr
onco
so
2
Example 1: Decentralized privacy-preserving proximity tracing
![Page 3: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/3.jpg)
How it works
Car
mel
a Tr
onco
so
3
![Page 4: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/4.jpg)
The App creates a secret every day (TEK) and from this key it derives random identifiers (RPIs) that it broadcasts via Bluetooth A random identifier is used for a limited
amount of time Without the key, no-one can link two
identifiers
Cryptography as a support for privacy
Car
mel
a Tr
onco
so
4
A
Iu&^#&980
kbdf4933&
Jhbd**@65
...
https://blog.google/documents/69/Exposure_Notification_-_Cryptography_Specification_v1.2.1.pdf
Key derivation function
Key derivation function
RPI Metadata
TEK
AES
AES
time
info
![Page 5: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/5.jpg)
Car
mel
a Tr
onco
so
5
Example 2: Datashare NetworkDecentralized search engine for journalists
![Page 6: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/6.jpg)
Datashare Network Goal
6
I’m searching for:“mickey mouse scandal”
Journalists can search on others’ collections for keywords of interest
- Only ICIJ and associates can use the system
- Query content is not revealed
- Searching is anonymous
- Journalists can anonymously converse with journalists that have matching documents
![Page 7: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/7.jpg)
Authentication 7
Journalists can search on others’ collections for keywords of interest
- Only ICIJ and associates can use the system
ATTRIBUTE-BASED CREDENTIALS
Prove attributes in “Zero-knowledge”
“I am a member of the organization”Prove that you have a signature of the organization on a secret you only know
![Page 8: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/8.jpg)
Search 8
Journalists can search on others’ collections for keywords of interest
- Query content is not revealed
(MULTI SET) PRIVATE SET INTERSECTION
Find (cardinality of) the intersectionbetween two sets without learning anything about the rest of the elements
Encrypted for PSI
![Page 9: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/9.jpg)
Anonymous communications
9
Journalists can search on others’ collections for keywords of interest
- Searching is anonymous
ANONYMOUS COMMUNICATIONS
Rerouting to hide IPs
Tor or Nym
Encryption not only hides content, also avoids tracing messages across routers
![Page 10: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/10.jpg)
Anonymous messaging 10
Journalists can search on others’ collections for keywords of interest
- Journalists can anonymously converse with journalists that have matching documents
ANONYMOUS ASYNCHRONOUSMESSAGING
Cryptography to establish rendez-vouspigeonholes only known to conversation partners
Dummy messages (encrypted for indistinguishability)
Contain cryptographic material that combined provides an address in the communication server
![Page 11: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/11.jpg)
Take away message 11
Encryption is a KEY tool for privacy, because it can do MUCH MORE than hiding the content of messages
Ensure unlinkability: messages, actions, authentications, of a user cannot be linked over time
Enable anonymous authenticationwhile still providing guarantees against misuse
Enable private search and multi-party operations without revealing data
Provide common knowledge to bootstrap further private actions
![Page 12: EPFL Dialog with the ETH Board 2020 Presentation title · 2020. 7. 1. · Carmela Troncoso . Example 1: Decentralized privacy -preserving . 2. proximity tracing . How it works. Carmela](https://reader036.fdocuments.net/reader036/viewer/2022071110/5fe598d12f7a970d075826b7/html5/thumbnails/12.jpg)
Thank you for your attention
Carmela Troncoso