International Association
for Cryptologic Research

The increasing harms caused by hate, harassment, and other forms of abuse online have motivated major platforms to explore hierarchical governance. The idea is to allow communities to have designated members take on moderation and leadership duties; meanwhile, members can still escalate issues to the platform. But these promising approaches have only been explored in plaintext settings where community content is public to the platform. It is unclear how one can realize hierarchical governance in the huge and increasing number of online communities that utilize end-to-end encrypted (E2EE) messaging for privacy. This talk will argue for the importance of adapting hierarchical governance to E2EE platforms, share some of our recent work towards privacy-preserving hierarchical governance, and discuss ongoing challenges in this space.

Over the past 25 years, research has highlighted the fact that high-end hardware can be used by attackers to recover secret keys from devices. Numerous studies have demonstrated innovative secret key extraction techniques that rely on dedicated professional equipment to capture data-dependent physical leakage from target devices. These methods employ equipment like scopes to obtain power traces, software-defined radio and probes to capture electromagnetic radiation (EMR) traces, as well as ultrasonic microphones to capture acoustic traces. While these methods have deepened our understanding regarding the cryptanalytic risks associated with various types of leakage (EMR, acoustic, power) and high-end sensors to secret keys, much less is known about the cryptanalytic risks posed by optical leakage and accessible ubiquitous equipment such as video cameras. In this talk, we will reveal the findings from the two research papers, optical cryptanalysis (CCS’23) and video-based cryptanalysis (SP’24), and discuss how attackers can extract cryptographic keys using video footage of a device’s power LEDs captured by standard video cameras. In the first part of the talk, we will review the history of the side-channel cryptanalytic attacks from the first timing attack that was published in 1996, through the cryptanalytic power-based attacks and cryptanalytic EMR attacks that were published since 1998 until the acoustic attack that was published at 2014 and conclude interesting insights regarding the lessons we learned from these works. Next, we will discuss information leakage from power LEDs (based on the findings presented at CCS 23), and understand why the intensity of the light emitted by a device’s power LED can be used as an alternative to power traces obtained from the device to recover secret keys (2048-bit RSA, 256-bit ECDSA and 378-bit SIKE keys) from commonly used cryptographic libraries (Libgcrypt, GnuPG, PQCryptoSIDH) using a photodiode. In the second part of the talk, we will discuss how standard video cameras (e.g., of an iPhone 13 PRO Max, and security camera) can be used as alternatives for the photodiodes (based on the findings presented at SP’24) to extract secret keys (256-bit ECDSA and 378-bit SIKE keys). We will discuss a video camera’s rolling shutter and understand how it can be used to increase the sampling rate of a video camera from the frame-per-second rate (60 measurements per second) to the rolling shutter rate (60,000 measurements per second). We will see videos of secret key recoveries that were taken by a smartphone and by an Internet-connected security camera to recover a 256-bit ECDSA key (using the Minerva side-channel attack) and a 378-SIKE key (using the HertzBleed side-channel attack). At the end of the talk, we will discuss countermeasures, and provide insights regarding the real potential of extracting cryptographic keys by video cameras in our days and in the near future, taking into account the expected improvements in the specifications of video cameras expected by Moore’s Law.

Deployment of end-to-end encryption (E2EE) has improved the confidentiality and the integrity of data in various contexts, including messaging, cloud storage, and other web applications. E2EE protocols, such as messaging and file storage, have been studied extensively, instilling confidence in their security. Consequently, there has been a meteoric rise in the adoption of these tools, and E2EE is now a core component of complex systems that impact billions of users. As these applications evolve into intricate, feature-rich ecosystems, our understanding of their security becomes increasingly opaque, and whether the strong security guarantees of the underlying E2EE protocols extend to the broader systems is unclear. As such, a new line of work has analyzed the security of various deployed E2EE applications, finding numerous attacks and proposing mitigations. The purpose of this talk is to bring attention to an emerging threat model for E2EE applications, and motivate future work within the cryptography community. At a high-level, our threat model considers an adversary that simply sends chosen payloads to a victim client, and subsequently observes the encrypted application state. We refer to attacks in this setting as injection attacks. The core of our presentation will consist of an overview of this threat model, highlighting a common root cause of injection attacks. Then, we will present concrete vulnerabilities uncovered in real-world systems across two application domains: backups of messaging applications (based on a recent paper that we will present at S&P ‘24), and password managers (based on ongoing work, which will be made public after we finish the disclosure process). Lastly, we conclude with some general takeaways and directions for future work.