According to Matthew Green, Zero-Knowledge Proofs are the most powerful tool cryptographers have ever devised. Find out why. Find out how ZKPs apply to identity proofing and authentication.
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
What is Threat Intelligence? It's more than raw source feeds and technical information.
If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence.
We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
According to Matthew Green, Zero-Knowledge Proofs are the most powerful tool cryptographers have ever devised. Find out why. Find out how ZKPs apply to identity proofing and authentication.
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
What is Threat Intelligence? It's more than raw source feeds and technical information.
If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence.
We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
CLOUD PROXY TECHNOLOGY [THE CHANGING LANDSCAPE OF THE NETWORK PROXY]
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
An overview of the legal, privacy, and security issues surrounding modern cloud services and cryptography
Created as an alumnus talk for the Computer & Network Support Technology Fairfield Career Center senior class of 2016.
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
This talk presents a case study which demonstrates that we should consider the knowledge and wisdom contained within ATT&CK in all organizational security initiatives to make sure by fixing one thing we have not just created an opportunity.
The presentation shows how to leverage the analysis and classification of APT tactics and procedures (TTP) to guide research into new and novel techniques, specifically focusing on exfiltration and command and control.
DNS over HTTPS (DoH) aims to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. Major web browsers such as Firefox are considering its implementation by default. But what could this possibly mean for exfiltration and command and control?
This session provides an end-to-end demo that shows DoH being implemented to provide full command and control in a popular attack simulation framework and discusses associated mitigations.
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...CODE BLUE
MUSHIKAGO is an automatic penetration testing tool using game AI, MUSHIKAGO focuses on the verification of post-exploitation. A post-exploitation is an attack that an attacker carries out after invading the target environment. By focusing on post-exploitation verification, we can understand how far an attacker can actually penetrate and what kind of information is collected. MUSHIKAGO uses the GOAP (Goal-Oriented Action Planning), which is game AI commonly used in NPC (Non Player Character). To using GOAP, we can flexibly change the content of the attack according to the environment like NPC, and mimic the attacks by real APT attackers and testers. The operation and verification results of MUSHIKAGO can be checked on the dedicated web page. Moreover, MUSHIKAGO supports ICS (Industrial Control System), and can be used for penetration testing across IT and OT (Operation Technology).
A Brief History of Cryptographic Failures
Cryptography is hard. It's not hard in the way a challenging video game is, or hard like getting through War and Peace without falling asleep, or even hard like learning a new skill. Cryptography is hard because it's both a system and a technical implementation, and failures in either part can have catastrophic (and sometimes existential) impacts. In this talk we'll take a look at some of the many ways that cryptographic systems have failed over the years, from accidental design flaws like the Data Encryption Standard (DES) defeat so elegantly demonstrated by the Electronic Frontier Foundation to intentional design flaws such as the reported National Security Agency (NSA) backdoor in the Dual Elliptic Curve (EC) Deterministic Random Bit Generator (DRBG). This talk will be a high-level discussion... no PhD in mathematics is required!
Brian Mork is the Chief Information Security Officer for Celanese, where he acts as a senior level executive reporting to the Chief Information Officer (CIO) and leading the strategy and operations of Information and Systems Security. His areas of responsibility include the Security Operations Center (SOC), SAP security, global security architecture, Industrial Control Systems (ICS) security architecture and governance, and the firewalls. He is responsible for establishing and maintaining an enterprise wide information security program to ensure that data information assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets company needs, compliance and regulatory requirements. Mr. Mork oversees all technology risk management activities and acts as an advocate for all information security and business continuance best practices.
5 days agoSrikanth Tangudige Discussion 2COLLAPSETop of .docxblondellchancy
5 days ago
Srikanth Tangudige
Discussion 2
COLLAPSE
Top of Form
According to Narayanan et al, (2016), Blockchain is a shared database. Cryptocurrency is electronic money created with technology controlling its formation and protecting transactions while hiding the user identities. Cryptocurrency is not controlled by any central authority. It can be sent directly between two parties of interest both privately and public keys. The two examples of cryptocurrency in the discussion are Ripple cryptocurrency and Zcash. Ripple cryptocurrency intends to aid the sector, primarily through the facilitation of global payments. The company is faster growing and it says the top five global money transfer companies are likely to Ripple’s cryptocurrency to make their payments soon. Part of Zcash has enhanced security and privacy. The record of the transactions is made in the blockchain but the details of the sender, the recipient and the amount send remain private. Zcash has the ability for users to make either private or public payments. It also more efficient during the transaction with low fees while ensuring that digital transactions remain more private.
According to Kappos, et al, (2018), the differences between Ripple and Zcash cryptocurrency include, Zcash is the most open, permissionless cryptocurrency that can fully protect the privacy of a transaction using the zero-knowledge cryptocurrency. Ripple connects banks, payment providers, digital assets exchanges and cooperates through Ripple net to provide one frictionless experience to send money globally. The similarities of the two cryptocurrencies are that their speed is high compared to bitcoin. Both the Ripple and Zcash have improved the security of the transactions and the user identifications compared to bitcoin. Things are sorted privately in Ripple and Zcash compared to bitcoin where things are publically sorted. I got an experience of using Zcash. My conclusion is that it is safe when doing transactions privately for the information is kept secure. The data and information recorded in it can only be accessed by the authorized personnel hence reducing information leakage.
Reference
Kappos, G., Yousaf, H., Maller, M., &Meiklejohn, S. (2018). An empirical analysis of anonymity in zcash. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 463-477).
Narayanan, A., Bonneau, J., Felten, E., Miller, A., &Goldfeder, S. (2016). Bitcoin and cryptocurrency technologies: a comprehensive introduction. Princeton University Press.
Bottom of Form
6 days ago
Shravani Kasturi
Discussion
COLLAPSE
Top of Form
Blockchain is a technology used in digital currency and used in the distribution of digital data. Blockchain doesn't allow duplication of data. Bitcoin, Ethereum, Ether, and Litecoin are some crypto currencies (Capolare, Alana & Plastun, (2018)). A single individual owns a piece of unique information because it cannot duplicate. Crypto currency refers to a digital asset mostly currency tha ...
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J.
In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
CLOUD PROXY TECHNOLOGY [THE CHANGING LANDSCAPE OF THE NETWORK PROXY]
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
Cloud hosting providers, such as Amazon AWS, Google Cloud, DigitalOcean, Microsoft Azure, and many others, have to respond to a regular barrage of abuse complaint reports from all around the world when their customers virtual private servers are used for malicious activity. This activity can happen knowingly by the "renter" of the system or on behalf of an attacker if the server becomes infected. Although by no means the end all, one way of measuring the trust posture of a cloud hosting provider is by analyzing the amount of time between shared hosts beginning to attack other hosts on the Internet and the activity ceasing, generally by way of forced-decommissioning, quarantining, or remediation of the root-cause, such as a malware infection. In this talk, we discuss using the data collected by GreyNoise, a large network of passive collector nodes, to measure the time-to-remediation of infected or malicious machines. We will discuss methodology, results, and actionable takeaways for conference attendees who use shared cloud hosting in their businesses.
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
An overview of the legal, privacy, and security issues surrounding modern cloud services and cryptography
Created as an alumnus talk for the Computer & Network Support Technology Fairfield Career Center senior class of 2016.
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon
This talk presents a case study which demonstrates that we should consider the knowledge and wisdom contained within ATT&CK in all organizational security initiatives to make sure by fixing one thing we have not just created an opportunity.
The presentation shows how to leverage the analysis and classification of APT tactics and procedures (TTP) to guide research into new and novel techniques, specifically focusing on exfiltration and command and control.
DNS over HTTPS (DoH) aims to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. Major web browsers such as Firefox are considering its implementation by default. But what could this possibly mean for exfiltration and command and control?
This session provides an end-to-end demo that shows DoH being implemented to provide full command and control in a popular attack simulation framework and discusses associated mitigations.
[CB21] MUSHIKAGO: IT and OT Automation Penetration testing Tool Using Game AI...CODE BLUE
MUSHIKAGO is an automatic penetration testing tool using game AI, MUSHIKAGO focuses on the verification of post-exploitation. A post-exploitation is an attack that an attacker carries out after invading the target environment. By focusing on post-exploitation verification, we can understand how far an attacker can actually penetrate and what kind of information is collected. MUSHIKAGO uses the GOAP (Goal-Oriented Action Planning), which is game AI commonly used in NPC (Non Player Character). To using GOAP, we can flexibly change the content of the attack according to the environment like NPC, and mimic the attacks by real APT attackers and testers. The operation and verification results of MUSHIKAGO can be checked on the dedicated web page. Moreover, MUSHIKAGO supports ICS (Industrial Control System), and can be used for penetration testing across IT and OT (Operation Technology).
A Brief History of Cryptographic Failures
Cryptography is hard. It's not hard in the way a challenging video game is, or hard like getting through War and Peace without falling asleep, or even hard like learning a new skill. Cryptography is hard because it's both a system and a technical implementation, and failures in either part can have catastrophic (and sometimes existential) impacts. In this talk we'll take a look at some of the many ways that cryptographic systems have failed over the years, from accidental design flaws like the Data Encryption Standard (DES) defeat so elegantly demonstrated by the Electronic Frontier Foundation to intentional design flaws such as the reported National Security Agency (NSA) backdoor in the Dual Elliptic Curve (EC) Deterministic Random Bit Generator (DRBG). This talk will be a high-level discussion... no PhD in mathematics is required!
Brian Mork is the Chief Information Security Officer for Celanese, where he acts as a senior level executive reporting to the Chief Information Officer (CIO) and leading the strategy and operations of Information and Systems Security. His areas of responsibility include the Security Operations Center (SOC), SAP security, global security architecture, Industrial Control Systems (ICS) security architecture and governance, and the firewalls. He is responsible for establishing and maintaining an enterprise wide information security program to ensure that data information assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets company needs, compliance and regulatory requirements. Mr. Mork oversees all technology risk management activities and acts as an advocate for all information security and business continuance best practices.
5 days agoSrikanth Tangudige Discussion 2COLLAPSETop of .docxblondellchancy
5 days ago
Srikanth Tangudige
Discussion 2
COLLAPSE
Top of Form
According to Narayanan et al, (2016), Blockchain is a shared database. Cryptocurrency is electronic money created with technology controlling its formation and protecting transactions while hiding the user identities. Cryptocurrency is not controlled by any central authority. It can be sent directly between two parties of interest both privately and public keys. The two examples of cryptocurrency in the discussion are Ripple cryptocurrency and Zcash. Ripple cryptocurrency intends to aid the sector, primarily through the facilitation of global payments. The company is faster growing and it says the top five global money transfer companies are likely to Ripple’s cryptocurrency to make their payments soon. Part of Zcash has enhanced security and privacy. The record of the transactions is made in the blockchain but the details of the sender, the recipient and the amount send remain private. Zcash has the ability for users to make either private or public payments. It also more efficient during the transaction with low fees while ensuring that digital transactions remain more private.
According to Kappos, et al, (2018), the differences between Ripple and Zcash cryptocurrency include, Zcash is the most open, permissionless cryptocurrency that can fully protect the privacy of a transaction using the zero-knowledge cryptocurrency. Ripple connects banks, payment providers, digital assets exchanges and cooperates through Ripple net to provide one frictionless experience to send money globally. The similarities of the two cryptocurrencies are that their speed is high compared to bitcoin. Both the Ripple and Zcash have improved the security of the transactions and the user identifications compared to bitcoin. Things are sorted privately in Ripple and Zcash compared to bitcoin where things are publically sorted. I got an experience of using Zcash. My conclusion is that it is safe when doing transactions privately for the information is kept secure. The data and information recorded in it can only be accessed by the authorized personnel hence reducing information leakage.
Reference
Kappos, G., Yousaf, H., Maller, M., &Meiklejohn, S. (2018). An empirical analysis of anonymity in zcash. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 463-477).
Narayanan, A., Bonneau, J., Felten, E., Miller, A., &Goldfeder, S. (2016). Bitcoin and cryptocurrency technologies: a comprehensive introduction. Princeton University Press.
Bottom of Form
6 days ago
Shravani Kasturi
Discussion
COLLAPSE
Top of Form
Blockchain is a technology used in digital currency and used in the distribution of digital data. Blockchain doesn't allow duplication of data. Bitcoin, Ethereum, Ether, and Litecoin are some crypto currencies (Capolare, Alana & Plastun, (2018)). A single individual owns a piece of unique information because it cannot duplicate. Crypto currency refers to a digital asset mostly currency tha ...
From Virtual Reality to Blockchain: Current and Emerging Tech TrendsBohyun Kim
Webinar given for the LibraryLinkNJ, The New Jersey Library Cooperative on May 8, 2018. http://librarylinknj.org/
CC-BY-NC 4.0
[https://creativecommons.org/licenses/by-nc/4.0/]
The Revolution of Crypto Funding - Building towards a Scamless FutureRuben Merre
This is a Blockchain introduction to different funding mechanisms in tokenisation. The presentation covers ICO - IEO - DAICO - STO - ETO and is presented by Ruben Merre.
Initial coin offerings - initial exchange offerings - security token offerings
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
-
As German defense minister, Ursula von der Leyen can attest, fingerprints can be hacked. So can facial and other biometrics. Why, then, is biometric-based authentication so fashionable? Why did one of the largest insurance companies just announce it is rolling out fingerprint and facial recognition for its customers (while it uses Symantec VIP for internal employees)? Did product management and marketing conduct a study that concluded customers feel safer with fingerprint and facial?
Apple’s Touch ID, and VISA’s integration with it are shaping the fashionable trend faster than a Milan runway. Hopefully these short hemlines will fade soon. Apple’s senior vice president, Dan Riccio, irresponsibly claims, “Fingerprints are one of the best passwords in the world.” He probably understands it is easy to reset a password. He probably does not understand how hard it is to reset his fingerprints. Truly the inmates are running the asylum.
Blockchain Primer - Founder Collective - December 2017Parul Singh
As 2017 comes to a close, blockchain is everywhere (or more accurately perhaps “bitcoin, bitcoin, bitcoin.”) here is a primer on blockchain that I prepared for my team at Founder Collective to help frame some of the exciting use cases we see coming down the pike. Further reading is on the last slide.
This presentation cuts through the confusion and hype surrounding blockchain, explains the key technical aspects of blockchain systems, and summarizes the point of view of different blockchain luminaries and open sourced systems. Originally presented as a guest lecture at Columbia University in April 2019.
BSides Boston and RI 2013
Video (BSides RI: http://www.irongeek.com/i.php?page=videos/bsidesri2013/2-0-booting-the-booters-stressing-the-stressors-allison-nixon-and-brandon-levene)
Presentation for https://gears.gent/ A technical overview of the current blockchain landscape: what types of blockchain are around, where do they differ or shine and what are their drawbacks? And how do you get started with a specific blockchain technology?
The first workshop earlier in the week at New York University, exploring #Analytics on a #DLT #Blockchain platform and the intersection of DLT and #AI.
Blockchain is the Internet of exchange. Join this session to get a great introduction to the realm of decentralization and Blockchain technology. You will have the opportunity to be hands-on and build a Blockchain during this session as you learn how this emerging technology will impact eDiscovery.
After an explosion of altcoins and funding, technical constraints and regulatory angst have taken over the headlines. Still, the frenzy of the past two years set the stage for the next wave of adoption with a steady inflow of talent and new, uniquely compelling use cases of digital assets.
Cryptocurrencies, Smart Contracts, and the Future of Economic InteractionSteve Omohundro
Contracts are society's programming language. Corporations are defined by contracts with investors, employees, customers, etc. Countries are defined by social contracts with citizens, representatives, corporations, etc. But today's contracts are confusing and expensive to create and enforce. They are written in bad programming languages and enforced by slow, complex, expensive, and unpredictable mechanisms.
In 1993, Nick Szabo proposed machine executable "Smart Contracts" which can be self-enforcing. The introduction of the "Bitcoin" cryptocurrency in 2008 provided the decentralized "blockchain" infrastructure for implementing these smart contracts. Bitcoin spawned over 500 alternative "altcoin" cryptocurrencies and they have generated both enormous interest and huge volatility.
New "Bitcoin 2.0" technologies like Ethereum are just about to be released. These will support powerful smart contracting mechanisms and may transform many areas of human interaction. We describe these new technologies and their connection to the "Internet of Things" and emerging AI systems.
http://steveomohundro.com/2015/02/04/fuji-xerox-talk-cryptocurrencies-smart-contracts-and-the-future-of-economic-interaction/
Improving privacy in blockchain using homomorphic encryption Razi Rais
The slide deck from my session on "Privacy in the blockchain using homomorphic encryption" at blockchain conference (http://blockchainconf.tech).
Agenda:
1. Understand Privacy & Role of Homomorphic Encryption (HE)
2. Blockchain & Zero-Knowledge Proofs (zk-SNARKS)
3. Tools & Technologies
4. Demos (Healthcare & Identity)
This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify.
You will learn and discuss the answers to these questions and more:
• What is the current state of Mirai and Mirai variants?
• What Distributed Denial of Service (DDoS) defenses do you have in place?
• How can you prepare to detect and defend against them botnet malware?
• What is recommended in the September 2018 NISTIR Draft,
Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
Presentation for September 2017 ISC2 Security Congress
Biometric Recognition for Multi-Factor Authentication
- Biological and Behavioral Biometrics
- Benefits and Issues
- What Every CISO Should Know
- Laws, Standards, and Guidelines
- How to Measure Biometric Recognition
- Attack Vectors
- Multimodal Biometric Recognition
- Continuous Authentication with Biometrics
- Face ID Update
- The Future
Talk for Austin ISSA
What’s more accurate, face or iris?
What’s more secure, password or biometrics?
Is the US legal system up to the challenge?
Impact of EU GDPR and PSD2
Does NIST provide quantitative anti-spoofing requirements?
Will ISO/IEC define how to evaluate anti-spoofing for mobile devices?
Panel 4: Beyond Bugs: Embracing Security Features
How can startups go beyond bug hunting to implementing security features? This panel will consider how startups can overcome development challenges, such as impacts on performance, to embrace security features — like site-wide SSL/TLS, Content Security Policy, and multifactor authentication — that can protect consumers from threats proactively and help eliminate entire classes of vulnerabilities.
Moderator:
Katherine McCarron
Division of Privacy and Identity Protection, FTC
Panelists:
Robert Hansen
Vice President of WhiteHat Labs
WhiteHat Security
Clare Nelson
CEO
ClearMark Consulting
Caleb Queern
Manager
KPMG Cyber
OWASP AppSec USA 2015, San Francisco
How do you stump a multi-factor authentication vendor? Ask for a threat model.
This talk will help developers as well as CISOs make better authentication decisions. When we raise the bar, everyone wins.
Abstract: This presentation discusses multi-factor authentication, and what to look for if you are planning a product refresh, or implementing a solution for the first time. Since there are over 200 vendors, it is not easy to select the best solution for your needs. The goal of this presentation is to arm you with questions to ask, plus identify some suboptimal technologies to avoid. Your feedback to vendors will help them provide better, more secure products and services.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
1. Are Privacy Coins
Private Enough?
Clare Nelson, CISSP, CIPP/E
VP Business Development & Product Strategy,
North America
Sedicii
@Safe_SaaS
Another Reason to Care
about Zero-Knowledge Proofs
Texas Bitcoin Conference
Austin, TX
October 28, 2018
5. Zero-Knowledge Proofs
One of the most powerful tools
cryptographers have ever
devised
https://z.cash/team.html
https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
– Matthew Green
Professor at Johns Hopkins University
Co-founder of Zcash
6. Definition of Zero-Knowledge Proof
Enable a Prover to convince a
Verifier of the validity of a
statement
• Yields nothing beyond validity of
the statement
• Incorporates randomness
• Is probabilistic
o Does not provide absolute
certainty
http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf
http://www.austinmohr.com/work/files/zkp.pdf
Prover Verifier
Statement
7. ZKP Requirements
Completeness
• If statement is true, verifier will be
convinced by prover
Soundness
• If statement is false, a cheating prover
cannot convince verifier it is true
o Except with some small probability
Zero-Knowledge
• Verifier learns nothing beyond the
statement’s validity
http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf
http://www.austinmohr.com/work/files/zkp.pdf
http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html
Graphic: http://mentalfloss.com/article/64108/15-things-you-should-know-about-dogs-playing-poker
8. ZKP Applications
Constructs
• Range proofs
• Set membership
• Comparison
• Computational integrity
Preserve
Privacy
Variety of Use Cases
• Secure computation
• Authentication with
anonymous credentials
• Transaction validation
Fundamental
Tool of
Cryptography
9. 007 Wants to Read the News
Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: http://www.007.com/characters/the-bonds/
I can tell you.
But then I’ll have to kill you.
www.telegraph.co.uk
Today’s news?
Today’snews?Who are you?
Do you have a subscription?
10. 007 Uses Subscription
My subscription is
#4309115
www.telegraph.co.uk
Today’s news?
Today’snews?Who are you?
Do you have a subscription?
007 Reveals Personal Data:
- Zip code when he looks up the weather
- Date of birth when he reads his horoscope
- More data when he browses the personal ads
Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: http://www.007.com/characters/the-bonds/
11. Completeness: Telegraph Accepts Proof
Here is a
Zero-Knowledge Proof
www.telegraph.co.uk
Today’s news?
Today’snews?Who are you?
Do you have a subscription?
Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: http://www.007.com/characters/the-bonds/
12. Soundness
Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: https://en.wikipedia.org/wiki/M_(James_Bond)
It’s Bond. James Bond. www.telegraph.co.uk
Today’s news?
Rejected
Who are you?
Do you have a subscription?
(M fails because
she can’t prove to
Telegraph)
13. zk-STARK Example
(Ben-Sasson, Bentov, Horesh, Riabzev)
https://eprint.iacr.org/2018/046.pdf
National Offender DNA Database Presidential Candidate, Jaffa
Prove to public that Jaffa is not in offender database
Graphic: https://www.linkedin.com/in/jaffaedwards/, with permission May 25, 2018.
No reliance on any external trusted party
14. Examples of ZKP Variants
https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1
https://www.youtube.com/watch?v=CKncw6mIMJQ&list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N
https://www.starkware.co/
http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf
https://eprint.iacr.org/2017/1066.pdf, Bulletproofs
https://thexvid.com/video/O8QA6Nvg8RI/zcash-genesis-block.html, trusted setup, live stream of Zcash launch
ZKP
NIZKP
zk-SNARK
zk-STARK
Designated Verifier
Lattice-Based
Interactive, multiple messages, need stable communication channel
Not interactive, one message
Need one-time, trusted setup to generate key at launch
No setup, working on memory issues, I or NI, post-quantum secure
No setup, 188 bytes, not post-quantum secure
Lattice-based cryptography, post-quantum secure, research
Graph Isomorphism
zk-STIK
Bulletproof
Interactive, compare graphs, efficient computation
Scalable Transparent Interactive Oracle of Proof (IOP) of Knowledge
DVNIZK, not just any entity can be verifier, verifier must know secret
Ligero
Aurora
17. Zcash
https://z.cash/
Privacy is Optional
• Allow transactions to be
verified without revealing
o Sender
o Receiver
o Transaction amount
Graphic: https://briandcolwell.com/2017/08/zcash-stash-or-trash-if-bitcoin-is-http-for-money-then-zcash-is-https/.html
22. ZEXE (Zero knowledge EXEcution)
https://eprint.iacr.org/2018/962.pdf, October 8, 2018
Ledger-Based System
• Supports offline computations
• Provides publicly-verifiable transactions that
attest to the correctness of these offline
executions
o Privacy
§ A transaction reveals no
information about the offline
computation
§ Except an upper bound on the
number of consumed inputs and
created outputs
Prior work achieves
data privacy but not
function privacy
Graphic: https://www.edie.net/news/4/Water-companies-losing-vast-amounts-through-leakage--as-
drought-fears-rise/
23. ZEXE (Zero knowledge EXEcution)
https://eprint.iacr.org/2018/962.pdf, October 8, 2018
Ethereum supports thousands of
ERC-20 token contracts
• Each represents a distinct currency
• Even if these contracts adopted
Zerocash protocol to hide details
about token payments, the
corresponding transactions would
still reveal which token was being
exchanged
• Leakage of this information would
substantially reduce the anonymity
of those paymentsGraphic: https://codeburst.io/build-your-first-ethereum-smart-contract-with-solidity-tutorial-94171d6b1c4b
28. We Stand on the Shoulders of Giants
https://www.csail.mit.edu/user/733
https://people.csail.mit.edu/silvio/
https://cyberweek.tau.ac.il/2017/about/speakers/item/207-eli-ben-sasson
https://z.cash/team.html
Shafi Goldwasser Eli Ben-Sasson
Silvio Micali Matthew Green
31. ZKP Resources
• ISO/IEC 9798-5
• Letter to NIST
• Code
o libSNARK C++ library
o libSTARK C++ library
o Bulletproofs using Ristretto, Rust library
• Succinct Computational Integrity and
Privacy Research (SCIPR) Lab
• Stanford Applied Cryptography
• ZKP Science
• ZKP Standards Organization
• References: 4 backup slides at end of this
presentation
https://zkp.science/docs/Letter-to-NIST-20160613-Advanced-Crypto.pdf
https://github.com/chain/ristretto-bulletproofs/
A Hands-On Tutorial for Zero-
Knowledge Proofs: Part I-III
http://www.shirpeled.com/201
8/10/a-hands-on-tutorial-for-
zero-knowledge.html
September-October, 2018
33. Zero-Knowledge Range Proof (ZKRP)
Validate
• Person is 18-65 years old
o Without disclosing the age
• Person is in Europe
o Without disclosing the exact location
https://github.com/ing-bank/zkrangeproof
34. ZKRP Vulnerability
• Madars Virza
• “The publicly computable value y/t is roughly
the same magnitude (in expectation) as w^2 *
(m-a+1)(b-m+1). However, w^2 has fixed bit
length (again, in expectation) and thus for a
fixed range, this value leaks the magnitude of
the committed value.”
• The proof is not zero knowledge
• Response: will find alternative ZKP
https://github.com/ing-bank/zkrangeproof
Graphic: https://www.pexels.com/photo/milkweed-bug-perching-on-pink-flower-in-close-up-photography-
1085549/
37. ZKP Considerations
Depends on Implementation or Use Cases
1. Transparent
• Setup with no reliance on any third
party
• No trapdoors
2. Scalable
• Verify proofs exponentially faster than
database size
3. Succinct
4. Universal
5. Compliant with upcoming ZKP
standards
6. Interactive, non-interactive
7. Support for IoT or cars
8. Security (threat model)
• Code bugs, compromise during deployment,
side channel attacks, tampering attacks,
MiTM
• Manual review, proof sketches, re-use
gadgets, emerging tools for formal
verification, testing
• ZKP protocol breach, how detect breach?
9. Third-party audit
• Monero audits: Kudelski Security $30K,
Benedikt Bünz, QuarksLab
10. Post-quantum secure
https://eprint.iacr.org/2018/046.pdf
https://forum.getmonero.org/22/completed-tasks/90007/bulletproofs-audit-fundraising
38. References
• Attribute-based Credentials for Trust (ABC4Trust) Project, https://abc4trust.eu/ (2017).
• AU2EU Project, Authentication and Authorization for Entrusted Unions, http://www.au2eu.eu/ (2017).
• Baldimsti, Foteini; Lysanskaya, Anna. Anonymous Credentials Light. http://cs.brown.edu/~anna/papers/bl13a.pdf (2013).
• Ben Sasson, Eli; Chiesa, Alessandro; Garman, Christina, et al. Zerocash: Decentralized Anonymous Payments from Bitcoin, http://zerocash-
project.org/media/pdf/zerocash-extended-20140518.pdf (May 2014).
• Bitansky, Nir; Weizman, Zvika Brakerski; Kalai, Yael. 3-Message Zero Knowledge Against Human Ignorance,
https://eprint.iacr.org/2016/213.pdf (September 2016).
• Blum, Manauel; De Santos, Alfredo; Micali, Silvio; Persiano, Giuseppe. Non-Interactive Zero-Knowledge and its Applications,
https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Zero%20Knowledge/Noninteractive_Zero-Knowkedge.pdf (1991).
• Brands, Stefan. Rethinking Public Key Infrastructures and Digital Certificates. The MIT Press,
http://www.credentica.com/the_mit_pressbook.html (2000).
• Bunz, Benedikt; Bootle, Jonathan; Boneh, Dan; et al. Bulletproofs: Short Proofs for Confidential Transactions and More,
https://eprint.iacr.org/2017/1066.pdf (2017).
• Camenisch, Jan and E. Van Herreweghen, Design and implementation of the IBM Idemix anonymous credential system, in Proceedings of the
9th ACM conference on Computer and communications security. ACM, 2002, pp. 21–30.
• Camenisch, Jan; Dubovitskaya, Maria; Enderlein, Robert; et al. Concepts and languages for privacy-preserving attribute-based
authentication, https://pdfs.semanticscholar.org/82e2/4078c9ba9fcaf6177a80b8496779676af114.pdf (2013).
39. References
• Cutler, Becky. The Feasibility and Application of Using Zero-Knowledge Protocol for Authentication Systems,
http://www.cs.tufts.edu/comp/116/archive/fall2015/bcutler.pdf (2015).
• Durcheva, Mariana. Zero Knowledge Proof Protocol Based on Graph Isomorphism Problem, http://www.jmest.org/wp-
content/uploads/JMESTN42351827.pdf (2016).
• Fleischhacker, Nils; Goyal, Vuypil; Jain, Abhishek. On the Existence of Three Round Zero-Knowledge Proofs,
https://eprint.iacr.org/2017/935.pdf (2017).
• Ganev, Valentin; Deml, Stefan. Introduction to zk-SNAKRs (Part 1), https://blog.decentriq.ch/zk-snarks-primer-part-one/ (2018).
• Gebeyehu, Worku; Ambaw, Lubak; Reddy, MA Eswar. Authenticating Grid Using Graph Isomorphism Based Zero Knowledge Proof,
https://link.springer.com/chapter/10.1007/978-3-319-03107-1_2 (2014).
• Geraud, Rémi. Zero-Knowledge: More Secure than Passwords? https://blog.ingenico.com/posts/2017/07/zero-knowledge-proof-more-
secure-than-passwords.html (July 25, 2017).
• Geers, Marjo; Comparing Privacy in eID Schemes, http://www.id-world-magazine.com/?p=923 (2017).
• Goldreich, Oded. Zero-Knowledge: a tutorial by Oded Goldreich, http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html has extensive
reference list (2010).
• Goldreich, Oded; Yair, Oren. Definitions and Properties of Zero-Knowledge Proof Systems,
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.17.2901 (19940.
• Goldwasser, Micali, Rackoff, The Knowledge Complexity of Interactive Proof-Systems, ACM 0-89791-151-2/85/005/02911 (1985).
• Green, Matthew. Zero Knowledge Proofs: An Illustrated Primer, https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-
proofs-illustrated-primer/ (November 2014).
40. References
• Groth, Jens. Short Pairing-Based Non-Interactive Zero-Knowledge Arguments, http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf (2010).
• Groth, Jens; Lu, Steve. “A Non-Interactive Shuffle with Pairing Based Verifiability,”
http://www0.cs.ucl.ac.uk/staff/J.Groth/AsiacryptPairingShuffle.pdf (2006).
• Groth, Jens; Ostrovsky, Rafail; Sahai, Amit. New Techniques for Non-interactive Zero-Knowledge,
http://www0.cs.ucl.ac.uk/staff/J.Groth/NIZKJournal.pdf (2011).
• Guillou, Quisqater, “How to Explain Zero-Knowledge Protocols to Your Children,” http://pages.cs.wisc.edu/~mkowalcz/628.pdf (1998).
• Gupta, Anuj Das; Delight, Ankur. Zero-Knowledge Proof of Balance: A Friendly ZKP Demo, http://blog.stratumn.com/zero-knowledge-proof-
of-balance-demo/ (June 2017).
• Hardjono, Thomas; Pentland, Alex “Sandy”; MIT Connection Science & Engineering; Core Identities for Future Transaction Systems,
https://static1.squarespace.com/static/55f6b5e0e4b0974cf2b69410/t/57f7a1653e00be2c09eb96e7/1475846503159/Core-Identity-
Whitepaper-v08.pdf (October 7, 2016). [TBD: check back, right now it is a DRAFT, do not cite]
• ISO/IEC Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques,
https://www.iso.org/standard/50456.html (2015).
• Johnstone, Mike; Why we need privacy-preserving authentication in the Facebook age,
http://www.iaria.org/conferences2015/filesICSNC15/ICSNC_Keynote_v1.1a.pdf (November 2013).
• Kogta, Ronak. ZK-Snarks in English, https://www.slideshare.net/rixor786/zksnarks-in-english?qid=0e3be303-84fc-43d2-be96-
6db2085a28ff&v=&b=&from_search=3 (July 2017).
41. References
• Lindell, Yehudi. Efficient Zero-Knowledge Proof, https://www.youtube.com/watch?v=Vahw28dValA, (2015).
• Lysyanskaya, Anna. How to Balance Privacy and Key Management in User Authentication,
http://csrc.nist.gov/groups/ST/key_mgmt/documents/Sept2012_Presentations/LYSYANSKAYA_nist12.pdf (2012).
• Martin-Fernandez, Francisco; Caballero-Gil, Pino; Caballero-Gil, Candido. Authentication Based on Non-Interactive Zero-Knowledge Proofs
for the Internet of Things. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4732108/ (January 2016).
• Mohr, Austin. A Survey of Zero-Knowledge Proofs with Applications to Cryptography, http://www.austinmohr.com/work/files/zkp.pdf.
• Montenegro, Jose.; Fischer, Michael; Lopez, Javier; et al. Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proof,
http://www.sciencedirect.com/science/article/pii/S0895717711004535?via%3Dihub (June 2013).
• Nguyen, Quan; Rudoy, Mikhail; Srinivasan, Arjun. Two Factor Zero Knowledge Proof Authentication System,
https://courses.csail.mit.edu/6.857/2014/files/16-nguyen-rudoy-srinivasan-two-factor-zkp.pdf (2014).
• Schukat, M; Flood, P. Zero-knowledge Proofs in M2M Communication, http://digital-
library.theiet.org/content/conferences/10.1049/cp.2014.0697 (2014).
• Broadbent, Ann; Ji, Zhengfeng; Song, Fang. Zero-knowledge proof systems for QMA, https://arxiv.org/pdf/1604.02804.pdf (2016).
• Unruh, Dominique. Quantum Proofs of Knowledge, https://eprint.iacr.org/2010/212.pdf (February 2015).
• Wilcox, Zooko. Podcast, Zero Knowledge, The Future of Privacy. https://medium.com/blockchannel/episode-3-zero-knowledge-the-future-
of-privacy-ea18479295f4 (February 21, 2017).
• Wu, Huixin; Wang, Feng. A Survey of Noninteractive Zero Knowledge Proof System and its Applications.
https://www.hindawi.com/journals/tswj/2014/560484/ (May 2014).
42. EUROCRYPT 2018
Efficient Designated-Verifier Non-Interactive Zero-
Knowledge Proofs of Knowledge
• Pyrros Chaidos (University of Athens), Geoffroy
Couteau (Karlsruhe Institute of Technology)
Quasi-Optimal SNARGs via Linear Multi-Prover
Interactive Proofs
• Dan Boneh (Stanford), Yuval Ishai (Technion and
UCLA), Amit Sahai (UCLA), David J. Wu (Stanford)
https://eurocrypt.iacr.org/2018/acceptedpapers.html
On the Existence of Three Round Zero-Knowledge
Proofs
• Nils Fleischhacker (Johns Hopkins University and
Carnegie Mellon University), Vipul Goyal (Carnegie
Mellon University), Abhishek Jain (Johns Hopkins
University)
An Efficiency-Preserving Transformation from
Honest-Verifier Statistical Zero-Knowledge to
Statistical Zero-Knowledge
• Pavel Hubáček (Charles University in Prague), Alon
Rosen (IDC Herzliya), Margarita Vald (Tel-Aviv
University)
Partially Splitting Rings for Faster Lattice-Based Zero-
Knowledge Proofs
• Vadim Lyubashevsky (IBM Research - Zurich), Gregor
Seiler (IBM Research - Zurich)
43. The Schnorr NIZK proof is obtained from
the interactive Schnorr identification
scheme through a Fiat-Shamir
transformation
• This transformation involves using a
secure cryptographic hash function to
issue the challenge instead
https://tools.ietf.org/html/draft-hao-schnorr-01
Schnorr NIZK (IETF Draft)
Graphic: https://www.bswllc.com/resources-articles-preparing-
for-the-2013-coso-internal-framework
44. Zero-Knowledge Proof, Formal Definition
http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pdf
An interactive proof system (P, V) for a language L is zero-knowledge if
for any PPT verifier V∗ there exists an expected PPT simulator S such
that
∀ x ∈ L, z ∈ {0, 1} ∗, ViewV∗ [P(x) ↔ V∗ (x, z)] = S(x, z)
As usual, P has unlimited computation power (in practice, P must be a
randomized TM).
Intuitively, the definition states that an interactive proof system (P, V)
is zero-knowledge if for any verifier V∗ there exists an efficient
simulator S that can essentially produce a transcript of the
conversation that would have taken place between P and V∗ on any
given input.
45. ZKPOK
I can’t tell you my
secret,
but I can prove to
you
that I know the
secret
Source: J. Chou, SC700 A2 Internet Information Protocols (2001)
Graphic: http://www.flowmarq.com/single-post/2015/05/18/IDENTITY-Clarifying-Motivations
49. Attack Resilience (From Academia)
http://repository.ust.hk/ir/bitstream/1783.1-6277/1/pseudo.pdf
Attack Description Mitigation
Impersonation A malicious impersonator, for either party Need secret, completeness
and soundness
Replay Attack Malicious peer or attacker collects previous
proofs, and resends these
Challenge message required
Man in the
Middle (MITM)
Intruder is able to access and modify
messages between prover and verifier
(without them knowing)
It depends, implementation
specific
Collaborated
Attack
Subverted nodes collaborate to enact
identity fraud, or co-conspirator
It depends, requires
reputation auditing design
Denial of
Service (Dos)
Renders networks, hosts, and other systems
unusable by consuming bandwidth or
deluging with huge number of requests to
overload systems
Could happen during
authentication setup
51. Definition of Zero-Knowledge Proof
Proof System, not Geometry Proof
http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf
http://www.austinmohr.com/work/files/zkp.pdf
Proof system, not a
geometry proof
54. Zero-Knowledge Proofs
If your personal data
is never collected, it
cannot be stolen.
https://www.zurich.ibm.com/identity_mixer/
https://www.ted.com/talks/maria_dubovitskaya_take_back_control_of_your_personal_data, TED Talk
– Maria Dubovitskaya Cryptographer,
Research Staff Member, IBM Zurich
Research Laboratory, Ph.D. in
cryptography and privacy from ETH
Zurich
Graphic: https://www.youtube.com/watch?v=jp_QGwXsoXM
55. 1985
Goldwasser, Micali,
Rackoff paper
2018
ZKP Standards
Organization
2012
Goldwasser, Micali
win Turing Award
https://groups.csail.mit.edu/cis/pubs/shafi/1985-stoc.pdf
https://zkproof.org/
Timeline
It is Still Early Days
56. ZKP Standards
https://zkproof.org/
https://zkproof.org/documents.html
*https://zkproof.org/zcon0_notes.pdf
I think you should be more
explicit here in step two
ZKProof.org
• Open initiative
• Industry, academia
• Framework for a formal standard of
Zero-Knowledge Proofs
• Working drafts:
o Security
o Implementation
o Applications
Cartoonist: Sydney Harris
Source: https://www.art.com/products/p15063445373-sa-i6847848/sidney-harris-i-think-you-
should-be-more-explicit-here-in-step-two-cartoon.htm
60. Zero-Knowledge Proof Illustration
Matthew Green
Telecom Company
• Cell towers
• Vertices
• Avoid signal overlap
• Use 1 of 3 signals
https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
61. Zero-Knowledge Proof Illustration
Matthew Green
3-Color Graph Problem
• Use colors to represent
frequency bands
• Solve for 1,000 towers
• Hire Brain Consulting
https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
62. Zero-Knowledge Proof Illustration
Matthew Green
Proof of Solution
• Prove have solution without
revealing it
• Hats hide the solution
https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
63. Zero-Knowledge Proof Illustration
Matthew Green
Proof of Solution
• Remove any two hats
• See vertices are different
colors
https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
64. 6
4
Zero-Knowledge Proof Illustration
Matthew Green
Repeat this process
• Clear previous solution
• (Add randomness)
• Solve again
• Telecom removes two hats
Accept or Reject
• Complete for preset number of
rounds
• Telecom accepts or rejects
https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
65. Interactive Zero-Knowledge Proof
Derived from http://blog.stratumn.com/zkp-hash-chains/
VerifierProver
Construct
ZKP
Verify
ZKP
Proof
Non-Interactive ZKP
Transform multiple
messages into one
message, or string
67. zk-STARKs Paper
Scalable, transparent, and post-quantum secure computational integrity
(March 2018)
https://eprint.iacr.org/2018/046.pdf
Human dignity demands that personal
information, like medical and forensic data, be
hidden from the public.
But veils of secrecy designed to preserve
privacy may also be abused to cover up lies
and deceit by institutions entrusted with Data,
unjustly harming citizens and eroding trust in
central institutions.
Zero knowledge (ZK) proof systems are an
ingenious cryptographic solution to this tension
between the ideals of personal privacy and
institutional integrity, enforcing the latter in a way
that does not compromise the former.
– Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, Michael Riabzev
69. Zcash
https://z.cash/
https://blockexplorer.com/
Services tracking Zcash blockchain activity such as block
explorers will be able to distinguish the type of shielded
address used (legacy vs Sapling)
They could even add new labels to the interfaces so users can
distinguish as well
Block Explorer
Bitcoin Block Explorer is an open source web tool that allows you to view
information about blocks, addresses, and transactions on the Bitcoin
blockchain. The source code is on GitHub.
insight is an open-source Zcash blockchain explorerwith complete REST
and websocket APIs that can be used for writing web wallets and other
apps that need more advanced blockchain queries than provided by
zcashd RPC. Check out the source code.
72. Contents
1. What are Privacy Coins?
2. What are Zero-Knowledge Proofs?
3. Zcash and Monero
• zk-SNARKs versus Bulletproofs
4. The Future
Graphic: https://www.equifax.com.au/personal/articles/what-identity-watch