Christoph Egger

christoph.webp
Christoph Egger
Université Paris Cité, CNRS, IRIF
Bâtiment Sophie Germain, Office 4058
8 Place Aurélie Nemours, 75013 Paris

Email: Christoph.Egger@irif.fr
Jabber: christoph@egger.im

PGP
9FED 5C6C E206 B70A 5857  70CA 9655 22B9 D49A E731
3C1F 32FB E637 85F2 4461  4AD2 53C2 B1F9 83C5 BAA3

About Me

I am a researcher at Institut de Recherche en Informatique Fondamentale (IRIF) since fall 2022 where I explore connections betweencryptography and complexity theory. A central theme is the use of space bounds and fine-grained complexity towards a qualitatively different perspective on the foundations of cryptography. During my doctoral studies I worked on formalization and proof techniques to manage large real-world systems and establishing solid foundations to asses non-cryptographic aspects of anonymity among other topics. As a master student I worked on Modal Logic and Category Theory and as a Bachelor Student on Anonymous Communication and Software Product Lines. I am also a founding member of the FAUST CTF team and its own competition, FAUST-CTF. Finally I am a Free Software person. I have been a Debian Developer for more than 10 years and have contributed to a variety of software projects including the Linux kernel and the Git version control system.

Research Interests

Currently I am working on connections between complexity theory and cryptography. In particular I am interested in computational security outside the relativizing setting as well as work to better understand minicrypt security.

My most recent results concern cryptographic proofs: Composability (both in the classical Universal Composability interpretation as well as composition and modularization of proofs) and extending security from cryptographic primitives towards their concrete use (for example concerning Ring Signatures and Steganography).

In the past I have worked, among other things, on System Software Engineering and Software Product Lines, Coalgebraic Modal Logic and Anonymity Networks.

Thesis

Free Software

I am a Debian Developer since December 2009, my first contributions go back to 2016. From roughly 2010 to 2016 I have been a core member of the kFreeBSD team supporting this rather unusual combination of BSD and GNU components. Additionally, many small contributions to different Free Software projects are the result of my Debian work. I have initiated the internationalization effort of Unknown Horizons originally implementing its multi-language support. As a research assistant in the VAMOS research project I contributed more than 50 changes to the Linux Kernel. I also added public key pinning support to the Git version control system.

Internships & Research Visits

Grants & Fellowships

Comunity Service

Other reviewing activities

  • 2020, 2021, 2022: External Reviewer for Proceedings on Privacy Enhancing Technologies
  • 2019, 2020, 2021, 2023, 2024: Reviewer for IACR Crypto
  • 2023, 2024: Reviewer for IACR EuroCrypt
  • 2021: Reviewer for IACR TCC
  • External Reviewer: IEEE TIFS (2018), ACM ToPS (2021)
  • Subreviewer on multiple occasions including CCS'19, S&P'21 and SCN'22

Advised Student Theses

  • Julian Brost: "Threshold Password-Hardened Encryption" (FAU Master Thesis; with Dominique Schröder, Russell Lai)
  • Kirthivaasan Puniamurthy: "A proof viewer for State-separating proofs" (Aalto Master Thesis; with Christopher Brzuska, Konrad Kohbrok, Sabine Oechsner)

Teaching

In summer 2021 Viktoria Ronge and I designed and taught a one-week summer school course for high-school students. Focus of the course was on cryptographic methodology and zero-knowledge proof systems. Also with Viktoria Ronge in Fall 2019 I organized a (graduate level) seminar on privacy notions.

In addition I have been (co-)responsible for the exercise sessions in multiple courses including "Secure Multi-Party Computation", "Password Based Cryptography" and blockchain-related lectures.

Publications

CryptoZoo: A Viewer for Reduction Proofs
In: Applied Cryptography and Network Security - 22nd International Conference, ACNS 2024, Abu Dhabi, United Arab Emirates, March 5-8, 2024, Proceedings, Part I
[PDF | DOI | BibTeX]
@inproceedings{DBLP:conf/acns/BrzuskaEP24,
  author       = {Chris Brzuska and
                  Christoph Egger and
                  Kirthivaasan Puniamurthy},
  editor       = {Christina P{\"{o}}pper and
                  Lejla Batina},
  title        = {CryptoZoo: {A} Viewer for Reduction Proofs},
  booktitle    = {Applied Cryptography and Network Security - 22nd International Conference,
                  {ACNS} 2024, Abu Dhabi, United Arab Emirates, March 5-8, 2024, Proceedings,
                  Part {I}},
  series       = {Lecture Notes in Computer Science},
  volume       = {14583},
  pages        = {3--25},
  publisher    = {Springer},
  year         = {2024},
  url          = {https://doi.org/10.1007/978-3-031-54770-6\_1},
  doi          = {10.1007/978-3-031-54770-6\_1},
  timestamp    = {Mon, 11 Mar 2024 15:20:49 +0100},
  biburl       = {https://dblp.org/rec/conf/acns/BrzuskaEP24.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
New Random Oracle Instantiations from Extremely Lossy Functions
In: IACR Cryptol. ePrint Arch. ()
@article{DBLP:journals/iacr/BrzuskaC0KM23,
  author       = {Chris Brzuska and
                  Geoffroy Couteau and
                  Christoph Egger and
                  Pihla Karanko and
                  Pierre Meyer},
  title        = {New Random Oracle Instantiations from Extremely Lossy Functions},
  journal      = {{IACR} Cryptol. ePrint Arch.},
  pages        = {1145},
  year         = {2023},
  url          = {https://eprint.iacr.org/2023/1145},
  timestamp    = {Mon, 05 Feb 2024 20:26:09 +0100},
  biburl       = {https://dblp.org/rec/journals/iacr/BrzuskaC0KM23.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
On Sustainable Ring-Based Anonymous Systems
In: 36th IEEE Computer Security Foundations Symposium, CSF 2023, Dubrovnik, Croatia, July 10-14, 2023
[PDF | DOI | BibTeX]
@inproceedings{DBLP:conf/csfw/ChowELRW23,
  author       = {Sherman S. M. Chow and
                  Christoph Egger and
                  Russell W. F. Lai and
                  Viktoria Ronge and
                  Ivy K. Y. Woo},
  title        = {On Sustainable Ring-Based Anonymous Systems},
  booktitle    = {36th {IEEE} Computer Security Foundations Symposium, {CSF} 2023, Dubrovnik,
                  Croatia, July 10-14, 2023},
  pages        = {568--583},
  publisher    = {{IEEE}},
  year         = {2023},
  url          = {https://doi.org/10.1109/CSF57540.2023.00035},
  doi          = {10.1109/CSF57540.2023.00035},
  timestamp    = {Sun, 12 Nov 2023 02:10:15 +0100},
  biburl       = {https://dblp.org/rec/conf/csfw/ChowELRW23.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Key-Schedule Security for the TLS 1.3 Standard
In: Advances in Cryptology - ASIACRYPT 2022
@inproceedings{DBLP:conf/asiacrypt/BrzuskaDEFKK22,
  author       = {Chris Brzuska and
                  Antoine Delignat{-}Lavaud and
                  Christoph Egger and
                  C{\'{e}}dric Fournet and
                  Konrad Kohbrok and
                  Markulf Kohlweiss},
  editor       = {Shweta Agrawal and
                  Dongdai Lin},
  title        = {Key-Schedule Security for the {TLS} 1.3 Standard},
  booktitle    = {Advances in Cryptology - {ASIACRYPT} 2022 - 28th International Conference
                  on the Theory and Application of Cryptology and Information Security,
                  Taipei, Taiwan, December 5-9, 2022, Proceedings, Part {I}},
  series       = {Lecture Notes in Computer Science},
  volume       = {13791},
  pages        = {621--650},
  publisher    = {Springer},
  year         = {2022},
  url          = {https://doi.org/10.1007/978-3-031-22963-3\_21},
  doi          = {10.1007/978-3-031-22963-3\_21},
  timestamp    = {Mon, 05 Feb 2024 20:33:21 +0100},
  biburl       = {https://dblp.org/rec/conf/asiacrypt/BrzuskaDEFKK22.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
On Defeating Graph Analysis of Anonymous Transactions
In: Proc. Priv. Enhancing Technol. 2022(3)

In a ring-signature-based anonymous cryptocurrency, signers of a transaction are hidden among a set of potential signers, called a ring, whose size is much smaller than the number of all users. The ringmembership relations specified by the sets of transactions thus induce bipartite transaction graphs, whose distribution is in turn induced by the ring sampler underlying the cryptocurrency. Since efficient graph analysis could be performed on transaction graphs to potentially deanonymise signers, it is crucial to understand the resistance of (the transaction graphs induced by) a ring sampler against graph analysis. Of particular interest is the class of partitioning ring samplers. Although previous works showed that they provide almost optimal local anonymity, their resistance against global, e.g. graph-based, attacks were unclear. In this work, we analyse transaction graphs induced by partitioning ring samplers. Specifically, we show (partly analytically and partly empirically) that, somewhat surprisingly, by setting the ring size to be at least logarithmic in the number of users, a graph-analysing adversary is no better than the one that performs random guessing in deanonymisation up to constant factor of 2.

@article{DBLP:journals/popets/EggerLRWY22,
  author       = {Christoph Egger and
                  Russell W. F. Lai and
                  Viktoria Ronge and
                  Ivy K. Y. Woo and
                  Hoover H. F. Yin},
  title        = {On Defeating Graph Analysis of Anonymous Transactions},
  journal      = {Proc. Priv. Enhancing Technol.},
  volume       = {2022},
  number       = {3},
  pages        = {538--557},
  year         = {2022},
  url          = {https://doi.org/10.56553/popets-2022-0085},
  doi          = {10.56553/POPETS-2022-0085},
  timestamp    = {Mon, 26 Jun 2023 20:56:36 +0200},
  biburl       = {https://dblp.org/rec/journals/popets/EggerLRWY22.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
A Security Framework for Distributed Ledgers
Mike Graf, Daniel Rausch, Viktoria Ronge, Christoph Egger, Ralf Küsters, Dominique Schröder
In: CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021
[PDF | DOI | BibTeX]
@inproceedings{DBLP:conf/ccs/00010R0KS21,
  author       = {Mike Graf and
                  Daniel Rausch and
                  Viktoria Ronge and
                  Christoph Egger and
                  Ralf K{\"{u}}sters and
                  Dominique Schr{\"{o}}der},
  editor       = {Yongdae Kim and
                  Jong Kim and
                  Giovanni Vigna and
                  Elaine Shi},
  title        = {A Security Framework for Distributed Ledgers},
  booktitle    = {{CCS} '21: 2021 {ACM} {SIGSAC} Conference on Computer and Communications
                  Security, Virtual Event, Republic of Korea, November 15 - 19, 2021},
  pages        = {1043--1064},
  publisher    = {{ACM}},
  year         = {2021},
  url          = {https://doi.org/10.1145/3460120.3485362},
  doi          = {10.1145/3460120.3485362},
  timestamp    = {Sun, 02 Oct 2022 15:56:14 +0200},
  biburl       = {https://dblp.org/rec/conf/ccs/00010R0KS21.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Foundations of Ring Sampling
Viktoria Ronge, Christoph Egger, Russell W. F. Lai, Dominique Schröder, Hoover H. F. Yin
In: Proc. Priv. Enhancing Technol. 2021(3)

A ring signature scheme allows the signer to sign on behalf of an ad hoc set of users, called a ring. The verifier can be convinced that a ring member signs, but cannot point to the exact signer. Ring signatures have become increasingly important today with their deployment in anonymous cryptocurrencies. Conventionally, it is implicitly assumed that all ring members are equally likely to be the signer. This assumption is generally false in reality, leading to various practical and devastating deanonymizing attacks in Monero, one of the largest anonymous cryptocurrencies. These attacks highlight the unsatisfactory situation that how a ring should be chosen is poorly understood.

We propose an analytical model of ring samplers towards a deeper understanding of them through systematic studies. Our model helps to describe how anonymous a ring sampler is with respect to a given signer distribution as an information-theoretic measure. We show that this measure is robust – it only varies slightly when the signer distribution varies slightly. We then analyze three natural samplers – uniform, mimicking, and partitioning – under our model with respect to a family of signer distributions modeled after empirical Bitcoin data. We hope that our work paves the way towards researching ring samplers from a theoretical point of view.

@article{DBLP:journals/popets/RongeELSY21,
  author       = {Viktoria Ronge and
                  Christoph Egger and
                  Russell W. F. Lai and
                  Dominique Schr{\"{o}}der and
                  Hoover H. F. Yin},
  title        = {Foundations of Ring Sampling},
  journal      = {Proc. Priv. Enhancing Technol.},
  volume       = {2021},
  number       = {3},
  pages        = {265--288},
  year         = {2021},
  url          = {https://doi.org/10.2478/popets-2021-0047},
  doi          = {10.2478/POPETS-2021-0047},
  timestamp    = {Mon, 26 Jun 2023 20:56:36 +0200},
  biburl       = {https://dblp.org/rec/journals/popets/RongeELSY21.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Controlling My Genome With My Smartphone – First Clinical Experiences Of The PROMISE-System
Ali Amr, Marc Hinderer, Lena Griebel, Dominic Deuber, Christoph Egger, Farbod Sedaghat-Hamedani, Elham Kayvanpour, Daniel Huhn, Jan Haas, Karen Frese, Marc Schweig, Ninja Marnau, Annika Krämer, Claudia Durand, Florian Battke, Hans-Ulrich Prokosch, Michael Backes, Andreas Keller, Dominique Schröder, Hugo A. Katus, Norbert Frey, Benjamin Meder
In: Clinical Research in Cardiology 111(6)
Background

The development of Precision Medicine strategies requires high-dimensional phenotypic and genomic data, both of which are highly privacy-sensitive data types. Conventional data management systems lack the capabilities to sufficiently handle the expected large quantities of such sensitive data in a secure manner. PROMISE is a genetic data management concept that implements a highly secure platform for data exchange while preserving patient interests, privacy, and autonomy.

Methods

The concept of PROMISE to democratize genetic data was developed by an interdisciplinary team. It integrates a sophisticated cryptographic concept that allows only the patient to grant selective access to defined parts of his genetic information with single DNA base-pair resolution cryptography. The PROMISE system was developed for research purposes to evaluate the concept in a pilot study with nineteen cardiomyopathy patients undergoing genotyping, questionnaires, and longitudinal follow-up.

Results

The safety of genetic data was very important to 79%, and patients generally regarded the data as highly sensitive. More than half the patients reported that their attitude towards the handling of genetic data has changed after using the PROMISE app for 4 months (median). The patients reported higher confidence in data security and willingness to share their data with commercial third parties, including pharmaceutical companies (increase from 5 to 32%).

Conclusion

PROMISE democratizes genomic data by a transparent, secure, and patient-centric approach. This clinical pilot study evaluating a genetic data infrastructure is unique and shows that patient’s acceptance of data sharing can be increased by patient-centric decision-making.

Graphic abstract
@Article{Amr2022,
author="Amr, Ali
and Hinderer, Marc
and Griebel, Lena
and Deuber, Dominic
and Egger, Christoph
and Sedaghat-Hamedani, Farbod
and Kayvanpour, Elham
and Huhn, Daniel
and Haas, Jan
and Frese, Karen
and Schweig, Marc
and Marnau, Ninja
and Kr{\"a}mer, Annika
and Durand, Claudia
and Battke, Florian
and Prokosch, Hans-Ulrich
and Backes, Michael
and Keller, Andreas
and Schr{\"o}der, Dominique
and Katus, Hugo A.
and Frey, Norbert
and Meder, Benjamin",
title="Controlling my genome with my smartphone: first clinical experiences of the PROMISE system",
journal="Clinical Research in Cardiology",
year="2022",
month="Jun",
day="01",
volume="111",
number="6",
pages="638--650",
abstract="The development of Precision Medicine strategies requires high-dimensional phenotypic and genomic data, both of which are highly privacy-sensitive data types. Conventional data management systems lack the capabilities to sufficiently handle the expected large quantities of such sensitive data in a secure manner. PROMISE is a genetic data management concept that implements a highly secure platform for data exchange while preserving patient interests, privacy, and autonomy.",
issn="1861-0692",
doi="10.1007/s00392-021-01942-8",
url="https://doi.org/10.1007/s00392-021-01942-8"
}
The Patient as Genomic Data Manager - Evaluation of the PROMISE App
Lena Griebel, Marc Hinderer, Ali Amr, Benjamin Meder, Marc Schweig, Dominic Deuber, Christoph Egger, Claudia Kawohl, Annika Krämer, Isabell Flade, Dominique Schröder, Hans-Ulrich Prokosch
In: Digital Personalized Health and Medicine - Proceedings of MIE 2020, Medical Informatics Europe, Geneva, Switzerland, April 28 - May 1, 2020
@inproceedings{DBLP:conf/mie/GriebelHAMSD0KK20,
  author       = {Lena Griebel and
                  Marc Hinderer and
                  Ali Amr and
                  Benjamin Meder and
                  Marc Schweig and
                  Dominic Deuber and
                  Christoph Egger and
                  Claudia Kawohl and
                  Annika Kr{\"{a}}mer and
                  Isabell Flade and
                  Dominique Schr{\"{o}}der and
                  Hans{-}Ulrich Prokosch},
  editor       = {Louise Bilenberg Pape{-}Haugaard and
                  Christian Lovis and
                  Inge Cort Madsen and
                  Patrick Weber and
                  Per Hostrup Nielsen and
                  Philip Scott},
  title        = {The Patient as Genomic Data Manager - Evaluation of the {PROMISE}
                  App},
  booktitle    = {Digital Personalized Health and Medicine - Proceedings of {MIE} 2020,
                  Medical Informatics Europe, Geneva, Switzerland, April 28 - May 1,
                  2020},
  series       = {Studies in Health Technology and Informatics},
  volume       = {270},
  pages        = {1061--1065},
  publisher    = {{IOS} Press},
  year         = {2020},
  url          = {https://doi.org/10.3233/SHTI200324},
  doi          = {10.3233/SHTI200324},
  timestamp    = {Thu, 04 Apr 2024 17:06:52 +0200},
  biburl       = {https://dblp.org/rec/conf/mie/GriebelHAMSD0KK20.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Threshold Password-Hardened Encryption Services
Julian Brost, Christoph Egger, Russell W. F. Lai, Fritz Schmid, Dominique Schröder, Markus Zoppelt
In: CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, November 9-13, 2020
[PDF | DOI | BibTeX]
@inproceedings{DBLP:conf/ccs/Brost0LSSZ20,
  author       = {Julian Brost and
                  Christoph Egger and
                  Russell W. F. Lai and
                  Fritz Schmid and
                  Dominique Schr{\"{o}}der and
                  Markus Zoppelt},
  editor       = {Jay Ligatti and
                  Xinming Ou and
                  Jonathan Katz and
                  Giovanni Vigna},
  title        = {Threshold Password-Hardened Encryption Services},
  booktitle    = {{CCS} '20: 2020 {ACM} {SIGSAC} Conference on Computer and Communications
                  Security, Virtual Event, USA, November 9-13, 2020},
  pages        = {409--424},
  publisher    = {{ACM}},
  year         = {2020},
  url          = {https://doi.org/10.1145/3372297.3417266},
  doi          = {10.1145/3372297.3417266},
  timestamp    = {Sun, 02 Oct 2022 15:56:15 +0200},
  biburl       = {https://dblp.org/rec/conf/ccs/Brost0LSSZ20.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks
In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019.
[PDF | DOI | BibTeX]
@inproceedings{DBLP:conf/ccs/0001MM19,
  author       = {Christoph Egger and
                  Pedro Moreno{-}Sanchez and
                  Matteo Maffei},
  editor       = {Lorenzo Cavallaro and
                  Johannes Kinder and
                  XiaoFeng Wang and
                  Jonathan Katz},
  title        = {Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible
                  Payment-Channel Networks},
  booktitle    = {Proceedings of the 2019 {ACM} {SIGSAC} Conference on Computer and
                  Communications Security, {CCS} 2019, London, UK, November 11-15, 2019},
  pages        = {801--815},
  publisher    = {{ACM}},
  year         = {2019},
  url          = {https://doi.org/10.1145/3319535.3345666},
  doi          = {10.1145/3319535.3345666},
  timestamp    = {Thu, 14 Oct 2021 09:58:24 +0200},
  biburl       = {https://dblp.org/rec/conf/ccs/0001MM19.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
My Genome Belongs to Me: Controlling Third Party Computation on Genomic Data
Dominic Deuber, Christoph Egger, Katharina Fech, Giulio Malavolta, Dominique Schröder, Sri Aravinda Krishnan Thyagarajan, Florian Battke, Claudia Durand
In: Proc. Priv. Enhancing Technol. 2019(1)

An individual’s genetic information is possibly the most valuable personal information. While knowledge of a person’s DNA sequence can facilitate the diagnosis of several heritable diseases and allow personalized treatment, its exposure comes with significant threats to the patient’s privacy. Currently known solutions for privacy-respecting computation require the owner of the DNA to either be heavily involved in the execution of a cryptographic protocol or to completely outsource the access control to a third party. This motivates the demand for cryptographic protocols which enable computation over encrypted genomic data while keeping the owner of the genome in full control. We envision a scenario where data owners can exercise arbitrary and dynamic access policies, depending on the intended use of the analysis results and on the credentials of who is conducting the analysis. At the same time, data owners are not required to maintain a local copy of their entire genetic data and do not need to exhaust their computational resources in an expensive cryptographic protocol.

In this work, we present METIS, a system that assists the computation over encrypted data stored in the cloud while leaving the decision on admissible computations to the data owner. It is based on garbled circuits and supports any polynomially-computable function. A critical feature of our system is that the data owner is free from computational overload and her communication complexity is independent of the size of the input data and only linear in the size of the circuit’s output. We demonstrate the practicality of our approach with an implementation and an evaluation of several functions over real datasets.

@article{DBLP:journals/popets/DeuberEFMSTBD19,
  author       = {Dominic Deuber and
                  Christoph Egger and
                  Katharina Fech and
                  Giulio Malavolta and
                  Dominique Schr{\"{o}}der and
                  Sri Aravinda Krishnan Thyagarajan and
                  Florian Battke and
                  Claudia Durand},
  title        = {My Genome Belongs to Me: Controlling Third Party Computation on Genomic
                  Data},
  journal      = {Proc. Priv. Enhancing Technol.},
  volume       = {2019},
  number       = {1},
  pages        = {108--132},
  year         = {2019},
  url          = {https://doi.org/10.2478/popets-2019-0007},
  doi          = {10.2478/POPETS-2019-0007},
  timestamp    = {Mon, 05 Feb 2024 20:22:37 +0100},
  biburl       = {https://dblp.org/rec/journals/popets/DeuberEFMSTBD19.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Simple Password-Hardened Encryption Services
Russell W. F. Lai, Christoph Egger, Manuel Reinert, Sherman S. M. Chow, Matteo Maffei, Dominique Schröder
In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018

Passwords and access control remain the popular choice for protecting sensitive data stored online, despite their well-known vulnerability to brute-force attacks. A natural solution is to use encryption. Although standard practices of using encryption somewhat alleviate the problem, decryption is often needed for utility, and keeping the decryption key within reach is obviously dangerous. To address this seemingly unavoidable problem in data security, we propose password-hardened encryption (PHE). With the help of an external crypto server, a service provider can recover the user data encrypted by PHE only when an end user supplied a correct password. PHE inherits the security features of password-hardening (Usenix Security ’15), adding protection for the user data. In particular, the crypto server does not learn any information about any user data. More importantly, both the crypto server and the service provider can rotate their secret keys, a proactive security mechanism mandated by the Payment Card Industry Data Security Standard (PCI DSS). We build an extremely simple password-hardened encryption scheme. Compared with the state-of-the-art password-hardening scheme (Usenix Security ’17), our scheme only uses minimal number-theoretic operations and is, therefore, 30% - 50% more efficient. In fact, our extensive experimental evaluation demonstrates that our scheme can handle more than 525 encryption and (successful) decryption requests per second per core, which shows that it is lightweight and readily deployable in large-scale systems. Regarding security, our scheme also achieves a stronger soundness property, which puts less trust on the good behavior of the crypto server.

@inproceedings{DBLP:conf/uss/Lai0RCMS18,
  author       = {Russell W. F. Lai and
                  Christoph Egger and
                  Manuel Reinert and
                  Sherman S. M. Chow and
                  Matteo Maffei and
                  Dominique Schr{\"{o}}der},
  editor       = {William Enck and
                  Adrienne Porter Felt},
  title        = {Simple Password-Hardened Encryption Services},
  booktitle    = {27th {USENIX} Security Symposium, {USENIX} Security 2018, Baltimore,
                  MD, USA, August 15-17, 2018},
  pages        = {1405--1421},
  publisher    = {{USENIX} Association},
  year         = {2018},
  url          = {https://www.usenix.org/conference/usenixsecurity18/presentation/lai},
  timestamp    = {Mon, 01 Feb 2021 08:43:20 +0100},
  biburl       = {https://dblp.org/rec/conf/uss/Lai0RCMS18.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Phoenix: Rebirth of a Cryptographic Password-Hardening Service
In: 26th USENIX Security Symposium, USENIX Security 2017

Password remains the most widespread means of authentication, especially on the Internet. As such, it is the Achilles heel of many modern systems. Facebook pioneered using external cryptographic services to harden password-based authentication in a large scale. Everspaugh et al. (USENIX Security ’15) provided the first comprehensive treatment of such a service and proposed the PYTHIA PRF-Service as a cryptographically secure solution. Recently, Schneider et al. (ACM CCS ’16) proposed a more efficient solution which is secure in a weaker security model.

In this work, we show that the scheme of Schneider et al. is vulnerable to offline attacks just after a single validation query. Therefore, it defeats the purpose of using an external crypto service in the first place and it should not be used in practice. Our attacks do not contradict their security claims, but instead show that their definitions are simply too weak. We thus suggest stronger security definitions that cover these kinds of real-world attacks, and an even more efficient construction, PHOENIX, to achieve them. Our comprehensive evaluation confirms the practicability of PHOENIX: It can handle up to 50% more requests than the scheme of Schneider et al. and up to three times more than PYTHIA.

@inproceedings{DBLP:conf/uss/Lai0SC17,
  author       = {Russell W. F. Lai and
                  Christoph Egger and
                  Dominique Schr{\"{o}}der and
                  Sherman S. M. Chow},
  editor       = {Engin Kirda and
                  Thomas Ristenpart},
  title        = {Phoenix: Rebirth of a Cryptographic Password-Hardening Service},
  booktitle    = {26th {USENIX} Security Symposium, {USENIX} Security 2017, Vancouver,
                  BC, Canada, August 16-18, 2017},
  pages        = {899--916},
  publisher    = {{USENIX} Association},
  year         = {2017},
  url          = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/lai},
  timestamp    = {Mon, 01 Feb 2021 08:43:05 +0100},
  biburl       = {https://dblp.org/rec/conf/uss/Lai0SC17.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Global Caching for the Alternation-free μ-Calculus
In: 27th International Conference on Concurrency Theory, CONCUR 2016, August 23-26, 2016, Québec City, Canada
[PDF | DOI | BibTeX]
@inproceedings{DBLP:conf/concur/HausmannSE16,
  author       = {Daniel Hausmann and
                  Lutz Schr{\"{o}}der and
                  Christoph Egger},
  editor       = {Jos{\'{e}}e Desharnais and
                  Radha Jagadeesan},
  title        = {Global Caching for the Alternation-free {\(\mu\)}-Calculus},
  booktitle    = {27th International Conference on Concurrency Theory, {CONCUR} 2016,
                  August 23-26, 2016, Qu{\'{e}}bec City, Canada},
  series       = {LIPIcs},
  volume       = {59},
  pages        = {34:1--34:15},
  publisher    = {Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik},
  year         = {2016},
  url          = {https://doi.org/10.4230/LIPIcs.CONCUR.2016.34},
  doi          = {10.4230/LIPICS.CONCUR.2016.34},
  timestamp    = {Mon, 26 Jun 2023 20:45:38 +0200},
  biburl       = {https://dblp.org/rec/conf/concur/HausmannSE16.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Practical Attacks against the I2P Network
In: Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Rodney Bay, St. Lucia, October 23-25, 2013. Proceedings
[PDF | DOI | BibTeX]
@inproceedings{DBLP:conf/raid/EggerSKV13,
  author       = {Christoph Egger and
                  Johannes Schlumberger and
                  Christopher Kruegel and
                  Giovanni Vigna},
  editor       = {Salvatore J. Stolfo and
                  Angelos Stavrou and
                  Charles V. Wright},
  title        = {Practical Attacks against the {I2P} Network},
  booktitle    = {Research in Attacks, Intrusions, and Defenses - 16th International
                  Symposium, {RAID} 2013, Rodney Bay, St. Lucia, October 23-25, 2013.
                  Proceedings},
  series       = {Lecture Notes in Computer Science},
  volume       = {8145},
  pages        = {432--451},
  publisher    = {Springer},
  year         = {2013},
  url          = {https://doi.org/10.1007/978-3-642-41284-4\_22},
  doi          = {10.1007/978-3-642-41284-4\_22},
  timestamp    = {Tue, 14 May 2019 10:00:53 +0200},
  biburl       = {https://dblp.org/rec/conf/raid/EggerSKV13.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}
Facing the Linux 8000 Feature Nightmare
In: Proceedings of ACM European Conference on Computer Systems (EuroSys 2010), Best Posters and Demos Session
[PDF]

  
Configuration coverage in the analysis of large-scale system software
Reinhard Tartler, Daniel Lohmann, Christian Dietrich, Christoph Egger, Julio Sincero
In: ACM SIGOPS Oper. Syst. Rev. 45(3)

System software, especially operating systems, tends to be highly configurable. Like every complex piece of software, a considerable amount of bugs in the implementation has to be expected. In order to improve the general code quality, tools for static analysis provide means to check for source code defects without having to run actual test cases on real hardware. Still, for proper type checking a specific configuration is required so that all header include paths are available and all types are properly resolved.

In order to find as many bugs as possible, usually a "full configuration" is used for the check. However, mainly because of alternative blocks in form of #else-blocks, a single configuration is insufficient to achieve full coverage. In this paper, we present a metric for configuration coverage (CC) and explain the challenges for (properly) calculating it. Furthermore, we present an efficient approach for determining a sufficiently small set of configurations that achieve (nearly) full coverage and evaluate it on a recent Linux kernel version.

@article{DBLP:journals/sigops/TartlerLDES11,
  author       = {Reinhard Tartler and
                  Daniel Lohmann and
                  Christian Dietrich and
                  Christoph Egger and
                  Julio Sincero},
  title        = {Configuration coverage in the analysis of large-scale system software},
  journal      = {{ACM} {SIGOPS} Oper. Syst. Rev.},
  volume       = {45},
  number       = {3},
  pages        = {10--14},
  year         = {2011},
  url          = {https://doi.org/10.1145/2094091.2094095},
  doi          = {10.1145/2094091.2094095},
  timestamp    = {Mon, 26 Oct 2020 08:24:58 +0100},
  biburl       = {https://dblp.org/rec/journals/sigops/TartlerLDES11.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
}