with Ben Riva.
Garbled Circuits Checking Garbled Circuits: More Efficient and Secure Two-Party Computation.
To Appear in CRYPTO 2013. [eprint archive]
with Salman Niksefat, Babak Sadeghiyan, and Saeed Sadeghian
ZIDS: A Privacy-Preserving Intrusion Detection System Using Secure Two-Party Computation Protocols. The Computer Journal, 2013; doi: 10.1093/comjnl/bxt019. [PDF]
with Saeed Sadeghian
How to Hide Circuits in MPC: An Efficienct Framework for Private Function Evaluation.[Full Version]
To Appear in Advances in Cryptology, EUROCRYPT 2013.
with Salman Niksefat and Babak Sadeghiyan
Oblivious Decision Program
Evaluation. IET Information Security, 2013, doi: 10.1049/iet-ifs.2012.0032.
with Ozgur Dagdelen and Daniele Venturi
Rate-limited Secure Function Evaluation: Definitions and Constructions.
In Proceedings of Public-key Cryptography Conference, PKC 2013. [Full Version]
I am an assistant professor in the Department of Computer Science at University of Calgary. My research interests are in information security, cryptography, and privacy enhancing technologies. I am also a member of the Institute for Security, Privacy and Information Security (ISPIA) at U of C. I received my Ph.D. from UC Davis, in 2009 under the supervision of Matthew Franklin. I have been a visiting researcher or an intern at a number of places such as Microsoft Research, Redmond (August 2011, October 2010), Sun Microsystems (Summer 2008), Google Inc. (Summer 2007), and UCLA's IPAM (Fall 2006).
My research interests are in information security, cryptography, and privacy enhancing technologies. Below is a topic-based summary of a subset of my research work. See here for a full publication list in chronological order.
Practical Secure Computation.
Secure multiparty computation (MPC) allows a set of mutually distrustful parties to compute a function of their joint inputs without revealing additional information. MPC can be thought of as a family of privacy enhancing technologies with numerous potential applications: traditional ones such as e-voting, auctions, and data-mining and less conventional ones such as genomic computation and location-based services. Anytime one needs to mine, analyze, or otherwise compute on sensitive data, and is looking for a privacy-preserving solution, one should seriously explore the use of secure MPC. Making MPC practical is a major component of my research. Most of my work on this topic falls into the following three categories:
General-purpose MPC : An important direction is to look at secure computation for functions with efficient representation in standard models of computation. For example, I have designed secure MPC for Boolean circuits [PKC '06, GMS '08, GC13], finite automaton [CT-RSA '12], and branching programs [FC '12]. We are actively working on implementing these protocols, improving their efficiency, and applying them to different problems. For example, in [ CJN '13] we use improved variants our oblivious finite automaton evaluation protocol to implement ZIDS, a system for privacy-preserving intrusion detection (also see my talk video).
Very recently [EC '13], we also designed a general and efficient framework for transforming general-purpose MPC protocols into general-purpose private function evaluation (PFE) where the function being computed is also hidden. The framework yields the most efficient PFE protocols to date, in a variety of settings.
Special-purpose MPC : Sometimes you can improve efficiency by focusing on specific problems. You can take advantage of the existing algorithmic ideas and the particular structure of the problem and its inputs to obtain more practical solutions. For example, I have looked at secure computation of Linear Algebra problems [TCC '07, CRYPTO '08] (talk video), Genomic computation [CT-RSA '09][WPES '09], Stable matching [CT-RSA '07], and more.
New Realistic Security Models: The traditional security requirements for MPC are sometimes too stringent. This is a major cause of inefficiency. Devising reasonable relaxations according to real-world considerations is critical for making MPC practical. I explore a variety of such models such as MPC with leakage [PKC '06] which allows limited leakage of information, security against covert adversaries [GMS '08] which leverages the costliness of getting caught in the real world (legally and financially), and more recently, a server-aided model for MPC motivated by the growth of cloud computing services: initiated in [ePrint '11], and optimized and implemented in [CCS '12]. More recently, in [GC13] we considered a natural combination of covert MPC and MPC with leakage, providing better security/efficiency tradeoffs to protocol designer, and in [PKC '13] we provide definitions for enforcing particular properties across multiple executions of an MPC protocol.
Encryption and Signatures Schemes. I also study security and efficiency of encryption schemes and digital signatures. For example, achieving anonymity and robustness in IBE and PKE schemes [AC '10], designing efficient one-time signatures [SAC '10], and exploring minimal assumptions and efficient constructions for CCA-secure PKE [ EC '10].
Foundations of Modern Cryptography (CPSC 601.48) : Winter 2010, Winter 2011, Fall 2011, Winter 2013 Networked Systems Security (CPSC 626/526) :Winter 2010, Winter 2011, Winter 2012, Winer 2013 Explorations in Information Security (CPSC 329) : Winter 2011, Winter 2012 Introduction to Computer Science for Majors II (CPSC 233): Fall 2012, Fall 2013
with Salman Niksefat, Babak Sadeghiyan, and Saeed Sadeghian
ZIDS: A Privacy-Preserving Intrusion Detection System Using Secure Two-Party Computation Protocols The Computer Journal, 2013; doi: 10.1093/comjnl/bxt019. [PDF]
with Salman Niksefat
Oblivious Decision Programs from Oblivious Transfer: Efficient Reductions. [Proceedings PDF][Talk PPT]
Financial Cryptography and Data Security, FC 2012.
with Salman Niksefat, Saeed Sadeghian, and Babak Sadeghiyan
An Efficient Protocol for Oblivious DFA Evaluation and Applications. [Eprint PDF][Talk video] RSA Conference, The Cryptographer's Track, CT-RSA 2012.
I am looking for new graduate students. In case of PhD students, I almost strictly require previous experience in cryptography, and an interest in both theoretical and practical aspects of the field. Please take a look at my research interests, and publications to determine if your research experience and interest has some overlap with mine. After doing so, feel free to contact me to. Make sure to include a CV, your TOEFL/IELTS score (for international students), and an unofficial copy of your transcripts.
In general, if you are interested in working with me, you need to put my name in your application form. Otherwise, it is likely that I won't get to see your application. You can find all the necessary information related to the admission process here.
University of Calgary undergraduate students who are interested in getting involved with research related to cryptography and/or information security are encouraged to contact me for more information. Also see here and here for detailed information on how to earn credit for doing undergraduate research.