Keywords:  Privacy, Security Engineering and Design,

2022

Practical Pre-Constrained Cryptography (Or: Balancing Privacy and Traceability in Encrypted Systems)

James Bartusek, Graduate student, Department of Electrical Engineering and Computer Science, UC Berkeley
Abhishek Jain, Associate Professor, Computer Science Department, Johns Hopkins University
Guru Vamsi Policharla, Graduate Student, Department of Electrical Engineering and Computer Science, UC Berkeley

As end-to-end encrypted storage and messaging services become widely adopted, law enforcement agencies have increasingly expressed concern that such services interfere with their ability to maintain public safety. Indeed, there is a direct tension between preserving user privacy and enabling content moderation on such platforms. Recent research has begun to address this tension, proposing systems that purport to strike a balance between the privacy of “honest” users and the traceability of “malicious” users. Unfortunately, these systems all suffer from a lack of protection against malicious or coerced service providers.

This project will address the privacy vs. content moderation question through the lens of pre-constrained cryptography (Ananth et al., ITCS 2022). We will introduce the notions of set pre-constrained (SPC) encryption and SPC group signatures, and formulate rigorous security properties of SPC cryptosystems that in particular encompass security against malicious key generators. We will demonstrate that SPC encryption is useful for encrypted cloud storage services that offer built-in detection for harmful content, such as child sexual abuse material (CSAM), and that SPC group signatures are useful for encrypted messaging systems that offer the ability to trace users who originate harmful content. Our security properties that hold against malicious key generators directly correspond to security against malicious service providers in the above applications.

We will construct concretely efficient protocols for SPC encryption and SPC group signatures, and demonstrate the real-world feasibility of our approach via an implementation of our SPC group signatures. The starting point for these protocols is the recently introduced Apple PSI system, which we will significantly modify to improve security and expand functionality.