References of "Damodaran, Aditya Shyam Shankar 50033262"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailUC Updatable Databases and Applications
Damodaran, Aditya Shyam Shankar UL; Rial, Alfredo UL

in 12th International Conference on Cryptology (2020)

We define an ideal functionality $\Functionality_{\UD}$ and a construction $\mathrm{\Pi_{\UD}}$ for an updatable database ($\UD$). $\UD$ is a two-party protocol between an updater and a reader. The ... [more ▼]

We define an ideal functionality $\Functionality_{\UD}$ and a construction $\mathrm{\Pi_{\UD}}$ for an updatable database ($\UD$). $\UD$ is a two-party protocol between an updater and a reader. The updater sets the database and updates it at any time throughout the protocol execution. The reader computes zero-knowledge (ZK) proofs of knowledge of database entries. These proofs prove that a value is stored at a certain position in the database, without revealing the position or the value. (Non-)updatable databases are implicitly used as building block in priced oblivious transfer, privacy-preserving billing and other privacy-preserving protocols. Typically, in those protocols the updater signs each database entry, and the reader proves knowledge of a signature on a database entry. Updating the database requires a revocation mechanism to revoke signatures on outdated database entries. Our construction $\mathrm{\Pi_{\UD}}$ uses a non-hiding vector commitment (NHVC) scheme. The updater maps the database to a vector and commits to the database. This commitment can be updated efficiently at any time without needing a revocation mechanism. ZK proofs for reading a database entry have communication and amortized computation cost independent of the database size. Therefore, $\mathrm{\Pi_{\UD}}$ is suitable for large databases. We implement $\mathrm{\Pi_{\UD}}$ and our timings show that it is practical. In existing privacy-preserving protocols, a ZK proof of a database entry is intertwined with other tasks, e.g., proving further statements about the value read from the database or the position where it is stored. $\Functionality_{\UD}$ allows us to improve modularity in protocol design by separating those tasks. We show how to use $\Functionality_{\UD}$ as building block of a hybrid protocol along with other functionalities. [less ▲]

Detailed reference viewed: 78 (12 UL)
Full Text
Peer Reviewed
See detailUnlinkable Updatable Databases and Oblivious Transfer with Access Control
Damodaran, Aditya Shyam Shankar UL; Rial, Alfredo UL

in 25th Australasian Conference on Information Security and Privacy (2020)

An oblivious transfer with access control protocol (OTAC) allows us to protect privacy of accesses to a database while enforcing access control policies. Existing OTAC have several shortcomings. First ... [more ▼]

An oblivious transfer with access control protocol (OTAC) allows us to protect privacy of accesses to a database while enforcing access control policies. Existing OTAC have several shortcomings. First, their design is not modular. Typically, to create an OTAC, an adaptive oblivious transfer protocol (OT) is extended ad-hoc. Consequently, the security of the OT is reanalyzed when proving security of the OTAC, and it is not possible to instantiate the OTAC with any secure OT. Second, existing OTAC do not allow for policy updates. Finally, in practical applications, many messages share the same policy. However, existing OTAC cannot take advantage of that to improve storage efficiency. We propose an UC-secure OTAC that addresses the aforementioned shortcomings. Our OTAC uses as building blocks the ideal functionalities for OT, for zero-knowledge (ZK) and for an \emph{unlinkable updatable database} ($\UUD$), which we define and construct. $\UUD$ is a protocol between an updater $\fuudUpdater$ and multiple readers $\fuudReader_k$. $\fuudUpdater$ sets up a database and updates it. $\fuudReader_k$ can read the database by computing UC ZK proofs of an entry in the database, without disclosing what entry is read. In our OTAC, $\UUD$ is used to store and read the policies. We construct an $\UUD$ based on subvector commitments (SVC). We extend the definition of SVC with update algorithms for commitments and openings, and we provide an UC ZK proof of a subvector. Our efficiency analysis shows that our $\UUD$ is practical. [less ▲]

Detailed reference viewed: 62 (9 UL)
Full Text
Peer Reviewed
See detailUC Priced Oblivious Transfer with Purchase Statistics and Dynamic Pricing
Damodaran, Aditya Shyam Shankar UL; Dubovitskaya, Maria; Rial, Alfredo UL

in Progress in Cryptology – INDOCRYPT 2019 (2019, December)

Priced oblivious transfer (POT) is a cryptographic protocol that can be used to protect customer privacy in e-commerce applications. Namely, it allows a buyer to purchase an item from a seller without ... [more ▼]

Priced oblivious transfer (POT) is a cryptographic protocol that can be used to protect customer privacy in e-commerce applications. Namely, it allows a buyer to purchase an item from a seller without disclosing to the latter which item was purchased and at which price. Unfortunately, existing POT schemes have some drawbacks in terms of design and functionality. First, the design of existing POT schemes is not modular. Typically, a POT scheme extends a k-out-of-N oblivious transfer (OT) scheme by adding prices to the items. However, all POT schemes do not use OT as a black-box building block with certain security guarantees. Consequently, security of the OT scheme needs to be reanalyzed while proving security of the POT scheme, and it is not possible to swap the underlying OT scheme with any other OT scheme. Second, existing POT schemes do not allow the seller to obtain any kind of statistics about the buyer's purchases, which hinders customer and sales management. Moreover, the seller is not able to change the prices of items without restarting the protocol from scratch. We propose a POT scheme that addresses the aforementioned drawbacks. We prove the security of our POT in the UC framework. We modify a standard POT functionality to allow the seller to receive aggregate statistics about the buyer's purchases and to change prices dynamically. We present a modular construction for POT that realizes our functionality in the hybrid model. One of the building blocks is an ideal functionality for OT. Therefore, our protocol separates the tasks carried out by the underlying OT scheme from the additional tasks needed by a POT scheme. Thanks to that, our protocol is a good example of modular design and can be instantiated with any secure OT scheme as well as other building blocks without reanalyzing security from scratch. [less ▲]

Detailed reference viewed: 100 (27 UL)