Ascend was integrated with the Princeton Piton multicore processor and
RIFFLE MIT VERIFICATION
Ascend uses Path ORAM with optimizations and integrity verification to obfuscate memory address patterns. Prior projects at the intersection of applied cryptography and computer architecture in my group include designing a secure processor Ascend that allows untrusted programs to compute on encrypted data from a client without leaking information about the data. Our work in Byzantine Broadcast (BB) resulted in sublinear-time protocols under dishonest majority for static and strongly adaptive adversaries. We developed append only authenticated dictionaries that can be used to build transparency logs, scalable threshold cryptosystems, techniques for lightweight private similarity search, and cryptographically-verified databases. Recent work: My group pointed out vulnerabilities in anonymizing networks, including using deep learning for website fingerprinting, and designed Riffle, Atom, Crossroads, and Spectrum, systems with strong anonymity. My current research interests are primarily in the areas of applied cryptography, computer security and computer architecture. I belong to the Computation Structures Group. The system isn't yet available for public use, but the researchers will present a paper describing their work at the Privacy Enhancing Technologies Symposium in Germany next week.MIT am an Edwin Sibley Webster Professor ofĮlectrical Engineering and Computer ScienceĬomputer Science and Artificial Intelligence Laboratory (CSAIL).
Riffle was developed by researchers at MIT’s Computer Science and Artificial Intelligence Laboratory and the École Polytechnique Fédérale de Lausanne. In experiments, it required only one-tenth as much time as similarly secure experimental systems to transfer a large file between anonymous users. Meanwhile, Riffle also uses bandwidth much more efficiently than competing systems, its creators say. The overall result is that Riffle remains cryptographically secure as long as one server in the mixnet remains uncompromised, according to MIT. Verifiable shuffle keeps things secure while each user and each mixnet server agree upon a cryptographic key authentication encryption, which is much more efficient, then takes over for the remainder of the communication session. Essentially, it takes a two-pronged approach to validating the authenticity of messages using techniques called verifiable shuffle and authentication encryption. That's where Riffle's third protective measure comes in. Then it could passively track the one message that doesn’t follow its own prespecified route. If one has commandeered a mixnet router and wants to determine the destination of a particular message, for instance, it could simply replace all the other messages it receives with its own, bound for a single destination. But active adversaries, which can infiltrate servers with their own code, are another matter. A mixnet used with onion encryption is protected against passive adversaries, which can only observe network traffic.