A Classification of Non-interactive Assumptions in Cyclic
of Computer Science, University College London, UK
provable security paradigm, we gain confidence in the
security of a cryptographic scheme by giving a proof that
compromising security corresponds to breaking an underlying
intractability assumption. As a rule of thumb, the more
cryptanalytic study an intractability assumption has been
able to resist, the more confident we are that it holds.
However, many assumptions have been proposed that have never
received much cryptanalytic attention. In particular, in the
world of pairing-based cryptography there exists a
wilderness of assumptions.
talk, we will take initial steps towards organizing the
landscape of assumptions. We will in particular focus on the
case of non-interactive assumptions in cyclic groups and
show that the assumptions can be organized into a hierarchy.
For cryptographers this means schemes can be based on a
well-organized set of assumptions, for cryptanalysts this
means we can identify central intractability assumptions
Groth received his PhD in Computer Science from Aarhus
University in Denmark. Afterwards he did a Post-Doc at
University of California Los Angeles, where he received the
2007 UCLA Chancellor's Award for Postdoctoral Research.
He is now Professor of Cryptology in the Department of
Computer Science at University College London and the
Director of UCL's Academic Centre of Excellence in Cyber
Security Research. His research interests include electronic
voting, anonymization protocols, advanced digital
signatures, public-key encryption and zero-knowledge proofs.
He is among the 20 most published authors worldwide at the
top cryptology conferences ASIACRYPT, EUROCRYPT and CRYPTO
over the last decade.
Modelling the Security of Key Exchange
of Telematics, Norwegian University of Science and
first ProvSec conference in 2007 a new model for secure key
exchange was quietly introduced in a paper of LaMacchia,
Lauter and Mityagin. Since then this model, known as the eCK
model, has become widely used and the paper cited over 400
times. There have been many refinements and adjustments to
the eCK model and quite a lot of controversy regarding its
relation to other models and how best to satisfy security
for modeling of real-world protocols, most prominently TLS,
the eCK model has had little influence. Indeed, real-world
protocols tend to be insecure in such models. At the same
time, provable security of key exchange has been widely
applied recently to real-world protocols, including
retrospective analysis of TLS 1.2 (and earlier) and
design-oriented analysis for TLS 1.3. This has required more
complex models to capture issues such as negotiation of
versions and primitives, usage of multiple ciphersuites,
security of sessions, renewal of related protocol sessions,
and weaker initial keys.
talk aims to provide an overview of provable security key
exchange models explaining the above developments. The talk
will include a historical perspective, a look at current
trends, and some speculation about the future.
Boyd is a professor of information security at the Norwegian
University of Science and Technology (NTNU). Prior to moving
to Norway in 2013, he was professor at Queensland University
of Technology where he contributed to research and teaching
for almost 18 years. His earlier professional experience was
at University of Manchester and British Telecom Research
Labs. Trained as a mathematician, Colin has had a
fascination with cryptography for 30 years, with a
particular interest in key exchange protocols.