Milliways

Fantastic OPRFs and where to find them

An Oblivious Pseudo-Random Function (OPRF) is versatile cryptographic primitive which is the basis for a wide range of protocols and tools. They enable one to outsource randomness computations to another party without having to trust them or make any compromises in confidentiality of the inputs. The most common benefit of using an OPRF, is that it adds strong privacy guarantees to protocols. A well-placed OPRF can also provide confidentiality without needing a PKI infrastructure. In some cases an OPRF can provide strong security guarantees that traditional systems cannot provide. OPRFs are truly one of the most exciting and underappreciated cryptographic building blocks of the last decade. In this talk I am will explain how OPRFs work, properties can achieve, and how OPRFs are used in various protocols. I am going to show some examples of existing free software tools which use or provide OPRFs and how these tools compare to alternative solutions.
The talk is structured in two parts, a theoretic part which explains various types of OPRFs, their properties and where and how these are beneficial. And in the second part I will show concrete free software implementations: liboprf, libopaque, sphinx (a password storage that could be run by the NSA) and klutshnik, a threshold key management system, all authored by Yours Truly. I will also touch briefly on standardisation efforts of OPAQUE and OPRF by the IRTF CFRG, to which I contribute. Other examples I will bring will include private set intersection (used for contact discovery or haveibeenpwned-style privacy- respecting compromised account checks), private information retrieval, single-sign-on with privacy, deduplication and secure pattern matching.

Additional information

Live Stream https://streaming.media.ccc.de/camp2023/milliways
Type Talk
Language English

More sessions

8/15/23
Milliways
Kliment
Hardware Hacking Village
In this 2h workshop, I will teach you to work with the tiny components that modern electronic devices are made of. We will assemble an electronic kitten, that purrs when touched correctly, and hisses when touched wrong. It will work, and is guaranteed to remove your fear of hand-assembling surface mount designs.
8/15/23
Milliways
tes
Milliways
The session proposes a quick overview of Frida, a dynamic instrumentation framework, and how it can be used to enhance our work during the runtime analysis of a mobile application. It will be a walkthrough on how hooking and rewriting functions in runtime may be helpful against anti-reverse engineering measures and SSL pinning mechanisms.
8/15/23
Milliways
Sergei Volokitin
Milliways
Hardware FIDO U2F tokens are security devices which are meant to defend user second factor keys from physical and remote attacks. In this presentation different security features and implemented by FIDO U2F tokens and how they are meant to protect a user from various attack scenarios. We will focus on the open source implementation of FIDO U2F token developed and Common Criteria certified by Federal Office for Information Security (BSI). Having access not only to the source code of the token ...
8/15/23
Milliways
subgraf
Milliways Workshop Dome
Come learn how to hack networks without needing to piss off your housemates, local coffee shop, or the Feds! Bring your laptop and by the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells.
8/15/23
Milliways
Miikka 'Otter' Saukko
Milliways
MITRE ATT&CK (Attack Framework among friends) is intimidating sight at first, but is a great tool for risk identification, threat analysis, red teaming, DFIR and security management. Brief introduction to the topic with various examples.
8/15/23
Milliways
Hardware Hacking Village
Solder your own pathlighter badge to illuminate your surroundings at night.
8/15/23
Milliways
Milliways
This talk will show you how many interfaces have to communicate in order to fly experiments on a sounding rocket. We will give you insights into the procedures and the complexity of a research campaign and the actual flight of the rocket itself. In particular, we look at the hardware and software used in the Ground Support Equipment (GSE) and the Service Module (SM) within the rocket.