Ciphertext-Policy Attribute-Based Broadcast Encryption with Small Keys

Co-authored with Benjamin Wesoloswki, now a Ph.D. student at EPFL, a new paper entitled Ciphertext-Policy Attribute-Based Broadcast Encryption with Small Keys has been made available on the IACR E-print archive. Here is its abstract:

Broadcasting is a very efficient way to securely transmit information to a large set of geographically scattered receivers, and in practice, it is often the case that these receivers can be grouped in sets sharing common characteristics (or attributes). We describe in this paper an efficient ciphertext-policy attribute-based broadcast encryption scheme (CP-ABBE) supporting negative attributes and able to handle access policies in conjunctive normal form (CNF). Essentially, our scheme is a combination of the Boneh-Gentry-Waters broadcast encryption and of the Lewko-Sahai-Waters revocation schemes; the former is used to express attribute-based access policies while the latter is dedicated to the revocation of individual receivers. Our scheme is the first one that involves a public key and private keys having a size that is independent of the number of receivers registered in the system. Its selective security is proven with respect to the Generalized Diffie-Hellman Exponent (GDHE) problem on bilinear groups.

About Obfuscator-LLVM, Dual-Use Tools and Academic Ethics

On November 25th, my team has announced the release for Christmas of Obfuscator-LLVM, an open-source obfuscation tool based on the LLVM compilation suite. Why Christmas? Because version 3.4 of LLVM was planned to be released on the 23rd of December, and we wished to port our code to the latest version of the compiler before publishing it.

On December 18th, I have been privately contacted by pod2g, a French security researcher active in the Apple jailbreaking scene, kindly asking me whether his team, the evad3rs, could get an early access to our tool. Without thinking too much about the possible consequences, and naively seeing it as an easy way to get some publicity  for our research project, my collaborators and I have accepted to send them the source code of Obfuscator-LLVM one week earlier than the planned release. In exchange, we only asked to be credited on their website; I would like to clearly state that we never spoke about financial compensation, or about any other kind of reward.

The evasi0n jailbreak was released on December 23rd, taking the jailbreak community by surprise, and instantly generating a controversy. Indeed, the jailbreaking software arrived bundled with a Chinese app store apparently delivering pirated apps and/or malware.

Providing a version of Obfuscator-LLVM to the evad3rs one week in advance on our planned release was a mistake, and we regret this turn of events, as our academic research project is now somehow linked to the murkier side of ITsec.

But more importantly, this controversy raises deep questions about the release of “dual-use” academic tools. Obfuscation techniques, i.e. software techniques aiming at increasing the cost of reverse-engineering, have in practice been so far used by malware writers as well as in the domain of Digital Right Management. Although there has been academic research on the subject  for more than a decade, only a handful of tools are freely available as open-source software, and few of them are able to obfuscate C/C++/Objective-C code in an effective way (Kryptonite being an example). Moreover, I am aware of only a handful of vendors selling commercial tools of this kind; those include Arxan, Whitecryption or Morpher, and their products are expensive.

With that said, is it ethical to release a tool like Obfuscator-LLVM?

Our feeling is that publishing an open-source C/C++ obfuscating tool makes sense for several reasons:

  • While it is a “dual-use” tool, I see no reason why obfuscation and software protection tools should be in a different position than, say, encryption tools, fuzzers, network scanners, exploitation frameworks or butcher knives. All of them can be used with ethical goals in mind, or with malicious intents. Even jailbreaking software can be used as much to install pirated software on an device, as by authorities for forensic purposes or pen-testers for auditing goals.
  • The fact that Obfuscator-LLVM will be open-source will make it easier to audit its code base, ensuring that it is backdoor-insertion free.
  • With an available open-source obfuscating tool, academic security researchers will  have access to a free tool when studying and designing new automated de-obfuscation engines and reverse-engineering processes aiming at helping malware analysts.
  • Code obfuscation can also bring  lesser-known security benefits for our digital ecosystem as a by-product. For instance, obfuscation brings software diversity, since an obfuscation process can typically be heavily randomized. This can be considered as a first defense against mass software attacks.

Those considerations are only preliminary. My team still plans to release Obfuscator-LLVM in the coming days. I hope that this blog post will contribute in clarifying our intentions with regard to the goals of Obfuscator-LLVM.

In the meanwhile, Merry Christmas to everybody!

Credits: thunderstorm picture from

On Time Scaling of Semivariance in a Jump-Diffusion Process

What are the common points between finance and information security? One is maybe risk management. I have just uploaded a new paper, co-written with a dear friend, that explores how the semivariance of a jump-diffusion process can be time-scaled more accurately than just applying the square-root-of-time rule.

The paper is available on arXiv; here its abstract:

The aim of this paper is to examine the time scaling of the semivariance when returns are modeled by various types of jump-diffusion processes, including stochastic volatility models with jumps in returns and in volatility. In particular, we derive an exact formula for the semivariance when the volatility is kept constant, explaining how it should be scaled when considering a lower frequency. We also provide and justify the use of a generalization of the Ball-Torous approximation of a jump-diffusion process, this new model appearing to deliver a more accurate estimation of the downside risk. We use Markov Chain Monte Carlo (MCMC) methods to fit our stochastic volatility model. For the tests, we apply our methodology to a highly skewed set of returns based on the Barclays US High Yield Index, where we compare different time scalings for the semivariance. Our work shows that the square root of the time horizon seems to be a poor approximation in the context of semivariance and that our methodology based on jump-diffusion processes gives much better results.