If the attacker has <= Q guesses, access to the FSB bucket will give no advantage over baseline guessing. Higher Q, greater security loss
#realworldcrypto
#realworldcrypto
Q: How do you compute password probability?
A: We have a lot of data in the wild now to be able to extract decent probability distributions
#realworldcrypto
A: We have a lot of data in the wild now to be able to extract decent probability distributions
#realworldcrypto
Lunch time!
Whenever users encountered usability issues with crypto libraries, they start googling
#realworldcrypto
#realworldcrypto
Using machine learning to learn the similar patterns found in crypto posts on Stack Overflow
#realworldcrypto
#realworldcrypto
Solely the nudges made a difference here, previous experience did not affect the security of solutions 😂
#realworldcrypto
#realworldcrypto
We believe if SO actually implemented this it would have a significant effect on the security and implementation of software and crypto.
#realworldcrypto
#realworldcrypto
Say we want to train on a million encrypted images, classify with high accuracy, and complete in a week. (vs minutes unencrypted). If that can be achieved it will be a "step function change" in terms of adopted of encrypted machine learning.
#realworldcrypto
#realworldcrypto
Next up, "Towards a Homomorphic Machine Learning Big Data Pipeline for the Financial Services Sector" from IBM Research
#realworldcrypto
#realworldcrypto
How can we share data amongst different business areas without breaking some regulation, such as Brazil's GDPR in 2020?
#realworldcrypto
#realworldcrypto
Fully homomorphic encryption allows processing of data without accessing the plaintext, and without sharing. The best known instances use lattices, which lends itself nicely to quantum-resistance.
#realworldcrypto
#realworldcrypto
Some regulations require the data to be _physically_ separated, yet another restriction that makes data sharing hard
#realworldcrypto
#realworldcrypto
50x slowdown over unencrypted, which sounds like a lot, but compared to how slow FHE used to be (a few hundred times slower!) this is pretty good
#realworldcrypto
#realworldcrypto
Short break then we'll be back for the blockchains and distributed ledgers session
Lock contracts impl'd from homomorphic one-way functions; Schnorr-based construction
#realworldcrypto
#realworldcrypto
Goal: constant collateral, where coins are locked only for some delta time, not indefinitely
#realworldcrypto
#realworldcrypto
Q: Seems like Alice needs to interact with every entity along the path, does that reveal too much information about them?
A: They get information but not necessarily where it comes from
#realworldcrypto
A: They get information but not necessarily where it comes from
#realworldcrypto
Normal hash functions are not efficient inside zkSNARKs. Ideally they would be secure, operates on field elements, and minimizes the number of field mults. AES would be close but it does not minimize mults.
#realworldcrypto
#realworldcrypto
Considered very fast and secure in the specific use case as a hash inside SNARKs over 128bit+ fields
#realworldcrypto
#realworldcrypto
Very last talk, "Detecting Money Laundering Activities via Secure Multi-PartyComputation for Structural Similarities in Flow Networks"
#realworldcrypto
#realworldcrypto
Currently transaction monitoring is a highly manual process, collaboration across banks is hard because transaction data is private (also regulations).
#realworldcrypto
#realworldcrypto
Q: Are your techniques resilient to the banks _themselves_ doing money laundering?
A: In general if the bank is malicious and detected, they get fined
#realworldcrypto
A: In general if the bank is malicious and detected, they get fined
#realworldcrypto
