## CryptoDB

### Pascal Paillier

#### Publications

**Year**

**Venue**

**Title**

2018

CRYPTO

Fast Homomorphic Evaluation of Deep Discretized Neural Networks
📺
Abstract

The rise of machine learning as a service multiplies scenarios where one faces a privacy dilemma: either sensitive user data must be revealed to the entity that evaluates the cognitive model (e.g., in the Cloud), or the model itself must be revealed to the user so that the evaluation can take place locally. Fully Homomorphic Encryption (FHE) offers an elegant way to reconcile these conflicting interests in the Cloud-based scenario and also preserve non-interactivity. However, due to the inefficiency of existing FHE schemes, most applications prefer to use Somewhat Homomorphic Encryption (SHE), where the complexity of the computation to be performed has to be known in advance, and the efficiency of the scheme depends on this global complexity.In this paper, we present a new framework for homomorphic evaluation of neural networks, that we call FHE–DiNN, whose complexity is strictly linear in the depth of the network and whose parameters can be set beforehand. To obtain this scale-invariance property, we rely heavily on the bootstrapping procedure. We refine the recent FHE construction by Chillotti et al. (ASIACRYPT 2016) in order to increase the message space and apply the sign function (that we use to activate the neurons in the network) during the bootstrapping. We derive some empirical results, using TFHE library as a starting point, and classify encrypted images from the MNIST dataset with more than 96% accuracy in less than 1.7 s.Finally, as a side contribution, we analyze and introduce some variations to the bootstrapping technique of Chillotti et al. that offer an improvement in efficiency at the cost of increasing the storage requirements.

2008

JOFC

2005

CRYPTO

2005

EPRINT

Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions
Abstract

We identify and fill some gaps with regard to consistency (the extent to which false positives are produced) for public-key encryption with keyword search (PEKS). We define computational and statistical relaxations of the existing notion of perfect consistency, show that the scheme of Boneh et al. in Eurocrypt 2004 is computationally consistent, and provide a new scheme that is statistically consistent. We also provide a transform of an anonymous IBE scheme to a secure PEKS scheme that, unlike the previous one, guarantees consistency. Finally, we suggest three extensions of the basic notions considered here, namely anonymous HIBE, public-key encryption with temporary keyword search, and identity-based encryption with keyword search.

2004

EPRINT

How to Disembed a Program?
Abstract

This paper presents the theoretical blueprint of a new secure
token called the Externalized Microprocessor (XmP). Unlike a smart-card, the XmP contains no ROM at all.
While exporting all the device's executable code to potentially
untrustworthy terminals poses formidable security problems, the
advantages of ROM-less secure tokens are numerous: chip masking
time disappears, bug patching becomes a mere terminal update
and hence does not imply any roll-out of cards in the field. Most
importantly, code size ceases to be a limiting factor. This is
particularly significant given the steady increase in on-board
software complexity.
After describing the machine's instruction-set we will introduce
two XmP variants. The first design is a public-key oriented
architecture which relies on a new RSA screening scheme and
features a relatively low communication overhead at the cost of
computational complexity, whereas the second variant is secret-key
oriented and relies on simple MACs and hash functions but requires
more communication.
For each of these two designs, we propose two protocols that
execute and dynamically authenticate arbitrary programs. We also
provide a strong security model for these protocols and prove
their security under appropriate complexity assumptions.

2003

EPRINT

Chemical Combinatorial Attacks on Keyboards
Abstract

This paper presents a new attack on keyboards.
\smallskip
The attack consists in depositing on each keyboard key a small
ionic salt quantity ({\sl e.g.} some NaCl on key 0, some KCl on
key 1, LiCl on key 2, SrCl$_2$ on key 3, BaCl$_2$ on key 4,
CaCl$_2$ on key 5...). As the user enters his PIN, salts get mixed
and leave the keyboard in a state that leaks secret information.
Nicely enough, evaluating the entropy loss due to the chemical
trace turns out to be a very interesting combinatorial exercise.
\smallskip
Under the assumption that mass spectroscopic analysis can reveal with accuracy
the mixture of chemical compounds
generated by the user, we show that, for moderate-size
decimal PINs, the attack would generally disclose the PIN.
\smallskip
The attack may apply to door PIN codes, phone numbers dialed from
a hotel rooms, computer keyboards or even ATMs.
\ss
While we did not implement the chemical part of the attack, a number of mass spectrometry
specialists confirmed to the authors its feasibility.

2002

EPRINT

Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages
Abstract

This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2, which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for messages of unfixed length (typically computer files). Our techniques optimally combine a single call to any one-way trapdoor function with repeated encryptions through some weak block-cipher (a simple xor is fine) and hash functions of fixed-length input so that a minimal number of calls to these functions is needed. Our encryption/decryption throughputs are comparable to the ones of standard methods (asymmetric encryption of a session key + symmetric encryption with multiple modes). In our case, however, we formally prove that our designs are secure in the strongest sense and provide complete security reductions holding in the random oracle model.

2002

EPRINT

Universal Padding Schemes for RSA
Abstract

A common practice to encrypt with RSA is to first apply a padding scheme to the message and then to exponentiate the result with the public exponent; an example of this is OAEP. Similarly, the usual way of signing with RSA is to apply some padding scheme and then to exponentiate the result with the private exponent, as for example in PSS. Usually, the RSA modulus used for encrypting is different from the one used for signing. The goal of this paper is to simplify this common setting. First, we show that PSS can also be used for encryption, and gives an encryption scheme semantically secure against adaptive chosen-ciphertext attacks, in the random oracle model. As a result, PSS can be used indifferently for encryption or signature. Moreover, we show that PSS allows to safely use the same RSA key-pairs for both encryption and signature, in a concurrent manner. More generally, we show that using PSS the same set of keys can be used for both encryption and signature for any trapdoor partial-domain one-way permutation. The practical consequences of our result are important: PKIs and public-key implementations can be significantly simplified.

#### Program Committees

- Crypto 2010
- Eurocrypt 2009
- CHES 2009
- Asiacrypt 2009
- CHES 2008
- Asiacrypt 2008
- CHES 2007 (Program chair)
- PKC 2002 (Program chair)
- Asiacrypt 2001

#### Coauthors

- Michel Abdalla (3)
- Mihir Bellare (3)
- Florian Bourse (1)
- Eric Brier (1)
- Anne Canteaut (3)
- Sergiu Carpov (3)
- Dario Catalano (3)
- Benoît Chevallier-Mames (4)
- Christophe Clavier (1)
- Jean-Sébastien Coron (6)
- Benoit Feix (1)
- Caroline Fontaine (3)
- Helena Handschuh (3)
- Antoine Joux (1)
- Marc Joye (10)
- Eike Kiltz (3)
- Ilya Kizhvatov (1)
- Tadayoshi Kohno (3)
- Fabien Laguillaumie (1)
- Tanja Lange (3)
- Tancrède Lepoint (3)
- John Malone-Lee (3)
- Michele Minelli (1)
- Matthias Minihold (1)
- David Naccache (7)
- María Naya-Plasencia (3)
- Gregory Neven (3)
- David Pointcheval (6)
- Berry Schoenmakers (1)
- Haixia Shi (3)
- Renaud Sirdey (3)
- Jacques Stern (1)
- Loïc Thierry (1)
- Christophe Tymen (2)
- Serge Vaudenay (1)
- Damien Vergnaud (2)
- Jorge Luis Villar (1)