Modern Cryptography
Cryptographic protocols have been employed since ancient times to ensure the security of information communicated among parties. During most of its history, cryptography lacked a scientific foundation. Protocols were created via ad hoc designs and attacks. The past three decades, however, have witnessed a transformation of this discipline from an art into a legitimate science. The central feature of modern cryptography is its reliance on mathematics and electronic computers. In addition, while traditional cryptography focussed on achieving secrecy, the modern discipline addresses a wide range of information security problems. Security goals considered at present include authenticity of messages, pseudorandomness, user anonymity, entity authentication and key exchange, among others. Modern cryptography is a fascinating area of computer science that brings together fields such as computational-complexity theory, number theory and probability theory, with the purpose of designing and analyzing secure communication protocols.
The cryptography courses taught in the Bowdoin Computer Science department are aligned with Assistant Professor Adriana Palacio's Research.
Modern Cryptography Research
My approach to the study of cryptography derives from the seminal work of Goldwasser and Micali on provable security and its practice-oriented extension by Bellare and Rogaway. Practice-oriented provable security provides a rigorous foundation for the security of modern cryptographic protocols, helping to ensure that they do not suffer from subtle and unexpected bugs. It enables the design of efficient, proven-secure communication protocols, and facilitates giving practitioners guidance in choosing among various protocols.
I am interested in several topics in cryptography, including identification, encryption and digital signatures. I am also interested in the relationship between various models used to analyze the security of modern cryptographic protocols.
An identification protocol enables a party to identify itself to another without revealing any information that would enable impersonation, even when the communication channel is vulnerable to eavesdropping or tampering. The Guillou-Quisquater (GQ) and Schnorr identification schemes are among the most efficient and best known such protocols, but their security status was unknown for many years. We proved that these protocols are secure against even the strongest type of impersonation attack.
Encryption protocols provide privacy of data transmitted across an insecure network. In the public-key setting, the receiver's public key (known to all users) permits encryption, and the receiver's secret key (known only to the receiver) permits decryption. The most important threat to the security of a public-key encryption protocol in practice is exposure of the decryption key due to compromise of the underlying system. Key-insulated encryption schemes use a combination of key splitting and key evolution to minimize the damage caused by key exposure. We designed a strongly key-insulated encryption scheme that resists the maximum number of compromises possible. The scheme is efficient and scalable, allowing dynamic change of the frequency of key updates.
Recently, We have been working on proxy signature schemes. A digital signature scheme is a protocol that provides message authenticity in a setting where the signer has a secret key that enables signing and the receiver can verify a signature using the signer's public key. Proxy signature schemes are protocols that allow a signer to delegate its signing rights to a proxy, who can then sign on its behalf. Several such protocols have been proposed, but without proofs of security.