• Publications
  • Influence
Rational Protocol Design: Cryptography against Incentive-Driven Adversaries
TLDR
We propose a game-theoretic framework for designing rational cryptographic protocols under attack from an external entity, which provides theoretical groundwork for a study of cryptographic protocol design in this setting. Expand
  • 61
  • 6
  • PDF
The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3
TLDR
We initiate the study of multi-user mu security of authenticated encryption AE schemes as a way to rigorously formulate, and answer, questions about the "randomized nonce" mechanism proposed for the use of the AE scheme GCM. Expand
  • 56
  • 6
  • PDF
On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption
TLDR
A communication channel from an honest sender A to an honest receiver B can be described as a system with three interfaces labeled A, B, and E (the adversary), respectively, where the security properties of the channel are characterized by the capabilities provided at the E-interface. Expand
  • 53
  • 3
  • PDF
Universally Composable Synchronous Computation
TLDR
We propose a novel approach to defining synchrony in the UC framework by introducing functionalities exactly meant to model, respectively, bounded-delay networks and loosely synchronized clocks. Expand
  • 97
  • 2
  • PDF
Augmented Secure Channels and the Goal of the TLS 1.3 Record Layer
TLDR
We propose a new channel abstraction, an augmented secure channel, that allows a sender to send a receiver messages consisting of two parts, where one is privacy-protected and both are authenticity-protected. Expand
  • 26
  • 2
  • PDF
Updatable Encryption with Post-Compromise Security
TLDR
An updatable encryption scheme allows to periodically rotate the encryption key and move already existing ciphertexts from the old to the new key. Expand
  • 13
  • 2
  • PDF
From Single-Bit to Multi-bit Public-Key Encryption via Non-malleable Codes
TLDR
We provide constructions of multi-bit CCA-secure PKE from single-bit PKE, based on weak and credible assumptions. Expand
  • 64
  • 1
  • PDF
(De-)Constructing TLS
TLDR
TLS is one of the most widely deployed cryptographic protocols on the Internet; it is used to protect the condentiality and integrity of transmitted data in various client-server protocols. Expand
  • 19
  • 1
  • PDF
Nonce-Based Cryptography: Retaining Security When Randomness Fails
TLDR
We take nonce-based cryptography beyond symmetric encryption, developing it as a broad and practical way to mitigate damage caused by failures in randomness, whether inadvertent bugs or malicious subversion. Expand
  • 15
  • 1
  • PDF
(De-)Constructing TLS 1.3
TLDR
We analyze the security of a slightly modified version of TLS 1.3, which is designed to address several flaws inherent to previous versions. Expand
  • 21
  • 1
  • PDF