International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Bogdan Warinschi

Publications

Year
Venue
Title
2022
PKC
Lifting Standard Model Reductions to Common Setup Assumptions
In this paper we show that standard model black-box reductions naturally lift to various setup assumptions, such as the random oracle (ROM) or ideal cipher model. Concretely, we prove that a black-box reduction from a security notion $P$ to security notion $Q$ in the standard model can be turned into a non-programmable black-box reduction from $P_\oracle$ to $Q_\oracle$ in a model with a setup assumption $\oracle$, where $P_\oracle$ and $Q_\oracle$ are the natural extensions of $P$ and $Q$ to a model with a setup assumption $\oracle$. Our results rely on a generalization of the recent framework by Hofheinz and Nguyen (PKC 2019) to support primitives which make use of a trusted setup. Our framework encompasses standard idealized settings like the random oracle and the ideal cipher model. At the core of our main result lie novel properties of negligible functions that can be of independent interest.
2021
CRYPTO
Provable Security Analysis of FIDO2 📺
We carry out the first provable security analysis of the new FIDO2 protocols, the promising FIDO Alliance’s proposal for a standard for passwordless user authentication. Our analysis covers the core components of FIDO2: the W3C’s Web Authentication (WebAuthn) specification and the new Client-to-Authenticator Protocol (CTAP2). Our analysis is modular. For WebAuthn and CTAP2, in turn, we propose appropriate security models that aim to capture their intended security goals and use the models to analyze their security. First, our proof confirms the authentication security of WebAuthn. Then, we show CTAP2 can only be proved secure in a weak sense; meanwhile, we identify a series of its design flaws and provide suggestions for improvement. To withstand stronger yet realistic adversaries, we propose a generic protocol called sPACA and prove its strong security; with proper instantiations, sPACA is also more efficient than CTAP2. Finally, we analyze the overall security guarantees provided by FIDO2 and WebAuthn+sPACA based on the security of their components. We expect that our models and provable security results will help clarify the security guarantees of the FIDO2 protocols. In addition, we advocate the adoption of our sPACA protocol as a substitute for CTAP2 for both stronger security and better performance.
2017
TCC
2016
CRYPTO
2016
PKC
2015
PKC
2015
ASIACRYPT
2014
CRYPTO
2012
PKC
2012
ASIACRYPT
2011
EUROCRYPT
2010
PKC
2010
JOFC
2009
ASIACRYPT
2009
ASIACRYPT
2008
ASIACRYPT
2007
CRYPTO
2007
PKC
2004
TCC
2003
EUROCRYPT

Program Committees

Crypto 2019
PKC 2018
Eurocrypt 2015
Crypto 2014
Eurocrypt 2014
Crypto 2011
PKC 2010
TCC 2010
TCC 2007