Ran Canetti                          

Professor

Department of Computer Science, College of Arts and Sciences, Boston University.


See Also:
The BU Center for Reliable Information Systems and Cyber Security.
The BU Security Group.



Contact
Professional Activity
Students
Teaching
Talks
Standards
Surveys and Tutorials
Research Papers
PhD Thesis                                                                                           

                          New: Check out my posting on the practice of double blind reviewing in IACR conferences






















Contact Information

Office: MCS 135D

Office Hours: Tuesdays 3pm-5pm

Email: canetti@bu.edu














Current Professional Activity

Head of the Check Point Institute of Information Security.

Editor for the Journal of Cryptology.

Editor for Information and Computation.

Co-chair of the Crypto Forum Research Group at the Internet Research Task Force (IRTF).

Past activity






Students

Nir Bitansky (PhD, TAU)

Ben Riva (PhD, TAU)

Itai Itzhaki (MSc, TAU)

Omer Paneth (MSc, TAU)

Daniel Shahaf (MSc, TAU)

Margarita Vald (MSc, TAU)

Mayank Varia (PhD, MIT. Graduated 08/2010.)

Nir Bitansky (MSc, TAU. Graduated 03/2010.)

Ronny Dakdouk (PhD, Yale. Co-advised with Joan Feigenbaum. Graduated 06/2009.)

Dah Yoh Lim (PhD, MIT. Co-advised with Shafi Goldwasser. Graduated 08/2008.)

Waseem Daher (Master of Engineering, MIT. Co-advised with Ron Rivest. Graduated 05/2008.)

Akshai Patil (Master of Engineering, MIT. Co-advised with Ron Rivest. Graduated 05/2005.)








Teaching

Cryptographic Protocols, Spring 2012.

Cryptography, Fall 2011.

Cryptographic Protocols, Spring 2011. Co-taught with Iftach Haitner.

Foundations of Cryptography, Fall 2010. Co-taught with Iftach Haitner.

First Steps in Research, Fall 2010.

Workshop in Computer Security, Fall 2010.

Workshop in Computer Security, Spring 2010.

Cryptography and Game Theory, Fall 2009. Co-taught with Alon Rosen.

Seminar in Cryptographic Protocols, Spring 2009.

Workshop in Computer Security, Spring 2009.

Foundations of Cryptography, Fall 2008.

Zero-Knowledge and Applications
Co-taught with Silvio Micali, EECS department, MIT, Fall 2006.

Selected Topics in Cryptography
Co-taught with Shafi Goldwasser, EECS department, MIT, Fall 2004.

Selected Topics in Cryptographic Protocols
Co-taught with Ron Rivest, EECS department, MIT, Spring 2004. Course materials.






Selected Talks

Composable Formal Security Analysis: Juggling Soundness, Simplicity and Efficiency
Given at ICALP 2008, Reykjavik, Iceland, July 2008. See the accompanying paper.

Obtaining Universally Composable Security: Towards the Bare Bones of Trust
Given at Asiacrypt 2007, Kuching, Malaysia, December 2007. Slides (PDF). See also the accompanying paper.

How to Obtain and Assert Composable Security
Given at 16th Usenix Security Symposium, Boston, MA, August 2007. Slides (PDF) and audio recording (mp3).

Universally Composable Security With Global Set-Up
Given at IPAM Program on Applications and Foundations of Cryptography and Computer Security, UCLA, November 2006. Slides (PDF).

Security and Composition of Cryptographic Protocols: A Tutorial
Given at IPAM Program on Applications and Foundations of Cryptography and Computer Security, UCLA, September 2006. Slides (ppt). See also the accompanying paper. (An earlier version was given at PODC'04. )

The HMAC Construction: A Decade Later
Given at MIT CIS Seminar, December 2006. Slides (PDF).






Surveys and Tutorials

Composable Formal Security Analysis: Juggling Soundness, Simplicity and Efficiency
R. Canetti. ICALP 2008, LNCS 5126, pages 1-13. Updated version available here.

Obtaining Universally Composable Security: Towards the Bare Bones of Trust.
R. Canetti. Asiacrypt 2007, LNCS 4833, pages 88-112. Updated version at eprint.iacr.org/2007/475.

Security and Composition of Cryptographic Protocols: A Tutorial.
R. Canetti. A two-part contribution to the Distributed Computing column of SIGACT News, Vol. 37, Nos. 3 & 4, 2006. A combined and updated version is available at eprint.iacr.org/2006/465 .

The Decisional Diffie-Hellman assumption.
R. Canetti. Entry for the Encyclopedia of Cryptography and Security, H. van Tilborg, (Ed.), Springer-Verlag, 2005. Personal version (PS) .

The TESLA Broadcast Authentication Protocol.
A. Perrig, R. Canetti, D. Song, D. Tygar. CryptoBytes, Vol. 5, No. 2, 2002.

Proactive security: Long-term Protection against break-ins.
R. Canetti, R. Gennaro, A. Herzberg, D. Naor. CryptoBytes, Vol. 3, No. 1, 1997.

The HMAC construction.
M. Bellare, R. Canetti and H. Krawczyk. CryptoBytes, Vol. 2, No. 1, 1996.






Standards

Group Key Management Architecture.
By M. Baugher, R. Canetti, L. Dondeti, F. Lindholm. Internet Engineering Task Force RFC 4046, 2005.

TESLA: Multicast Source Authentication Transform.
By A. Perrig, R. Canetti, B. Briscoe, D. Tygar, D. Song. Internet Engineering Task Force RFC 4082, 2005.

HMAC: Keyed-Hashing for Message Authentication.
By H. Krawczyk, M. Bellare and R. Canetti. Internet Engineering Task Force RFC 2104, 1997. Also appears as an American National Standard Institute (ANSI) standard X9.71 (2000), and as a Federal Information Processing Standard No. 198, National Institute of Standards and Technology (NIST), 2002.






Research Papers

Program Obfuscation with Leaky Hardware. N. Bitansky, R. Canetti, S. Halevi, S.Goldwasser, Y. Kalai, G. Rothblum. Asiacrypt 2011.

Practical Delegation of Computation using Multiple Servers. R. Canetti, B. Riva, G. Rothblum. ACM CCS 2011. Long version available at eprint.iacr.org/2010/414.

Leakage Tolerant Interactive Protocols N. Bitansky, R. Canetti, S. Halevi. Available at eprint.iacr.org/2011/204. Towards a Game Theoretic View of Secure Computation. G. Asharov, R. Canetti, C. Hazay. eurocrypt 2011. Full version at http://eprint.iacr.org/2011/137.

Refereed Delegation of Computation. R. Canetti, B. Riva, G. Rothblum. Manuscript.

Adaptive Hardness and Composable Security in the Plain Model from Standard Assumptions. R. Canetti, H. Lin and R. Pass. FOCS 2010.

On Strong Simulation and Composable Point Obfuscation. N. Bitansky and R. Canetti. Crypto 2010. Long version available at eprint.iacr.org/2010/414.

Universally Composable Symbolic Analysis of Diffie-Hellman based Key Exchange. R. Canetti and S. Gajek. Available at eprint.iacr.org/2010/303.

Composable Security Analysis of OS Services. R. Canetti, S. Chari, S. Halevi, B. Pfitzmann A. Roy, M. Steiner and W Venema. SCN'11. Available at eprint.iacr.org/2010/213.

Obfuscating Hyperplane Membership. R. Canetti, G. Rothblum, M. Varia. TCC 2010. PDF.

On Symmetric Encryption and Point Obfuscation. R. Canetti, Y. Kalai, M. Varia, D. Wichs. TCC 2010. Long version available at eprint.iacr.org/2010/049.

Towards a Theory of Extractable Functions. R. Canetti, R. R. Dakdouk. TCC 2009: 595-613. PDF.

Non-malleable Obfuscation. R. Canetti, Mayank Varia. TCC 2009: 73-90. Long version at eprint.iacr.org/2008/495.

Modeling Computational Security in Long-Lived Systems. R. Canetti, L. Cheung, D. Kirli Kaynar, N. A. Lynch, O. Pereira. CONCUR 2008, pp. 114-130. PDF.

Obfuscating Point Functions with Multibit Output. R. Canetti, R. R. Dakdouk. Eurocrypt 2008, pp. 489-508. PDF.

Extractable Perfectly One-Way Functions. R. Canetti, R. R. Dakdouk. ICALP 2008 (Track C), pp. 449-460. PDF.

R. Canetti, D. Eiger, S. Goldwasser, D. Y. Lim. How to Protect Yourself without Perfect Shredding. ICALP 2008 (Track C), pp. 511-523. Long version at eprint.iacr.org/2008/291.

Chosen Ciphertext Secure Proxy Re-encryption.
R. Canetti and S. Hohenberger. ACM CCS, 2007. Long version at eprint.iacr.org/2007/171.

Cryptography from sunspots: How to use an imperfect reference string.
R. Canetti, R. Pass, and A. Shelat. 48th Foundations of Computer Science (FOCS) 2007. PDF.

Amplification of Collision Resistance: A complexity-theoretic treatment.
R. Canetti, R. Rivest, M. Sudan, L. Trevisan, S. Vadhan, H. Wee. Crypto '07, 2007. PDF.

Compositional Security for Task-PIOAs.
R. Canetti, L. Cheung, D. Kaynar, N. Lynch and O. Pereira. 20th Computer Security Foundations Conference (CSF), July 2007. Long version (PDF).

On the Role of Scheduling in Simulation-Based Security.
R. Canetti, L. Cheung, N. Lynch and O. Pereira. The 7th Workshop on Issues in the Theory of Security (WITS), 2007. PDF.

Universally Composable Security with Pre-Existing Setup.
R. Canetti, Y. Dodis, R. Pass and S. Walfish. The fourth Theory of Cryptology Conference (TCC), 2007. Long version at eprint.iacr.org/2006/432.

Mitigating Dictionary Attacks on Password-Based Local Storage.
R Canetti, S. halevi, M. Steiner. Crypto 2006. Long version at eprint.iacr.org/2006/276.

Time-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols.
R. Canetti, L. Cheung, D. Kaynar, M. Liskov, N. Lynch, O. Pereira, and R. Segala. In 20th symposium on distributed computing (DISC), 2006. Long version at MIT CSAIL TR 2006-047. Full version Journal of Discrete Event Dynamic Systems 18(1): 111-159 (2008).

Task-Structured Probabilistic I/O Automata.
R. Canetti, L. Cheung, D. Kaynar, M. Liskov, N. Lynch, O. Pereira, and R. Segala. In Workshop on discrete event systems (WODES), 2006. Long version at MIT CSAIL TR 2006-060.

More information on Task PIOAs and their use for security analysis, including early versions and other publications, appears at the following page, maintained by Ling Cheung.

Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols.
R. Canetti and J. Herzog. The Third Theory of Cryptograph Conference (TCC), 2006: 380-403. Long version at eprint.iacr.org/2004/334.

Secure Computation Without Authentication.
B. Barak, R. Canetti, Y. Lindell, R. Pass, and T. Rabin. Crypto 2005. PS.

Universally Composable Password-Based Key Exchange.
R. Canetti, S. Halevi, J. Katz, Y. Lindell, P. D. Mackenzie. Eurocrypt 2005: 404-421. Long version at eprint.iacr.org/2005/196.

Hardness Amplification For Computational Riddles.
R. Canetti, S. Halevi, M. Steiner. The second Theory of Cryptograph Confernece (TCC), 2005. Long version at eprint.iacr.org/2004/329.

Adaptively Secure Non-Interactive Public-Key Encryption.
R. Canetti, S. Halevi and J, Katz. The second Theory of Cryptograph Confernece (TCC), 2005. Long version at eprint.iacr.org/2004/314.

Universally Composable Protocols with Relaxed Set-Up Assumptions.
B. Barak, R. Canetti, J. Nielsen and R. Pass. 45th FOCS, 2004. Proceedings version (PS). Long version (PDF).

Universally Composable Notions of Signature, Certification, and Authentication.
R. Canetti. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004. Long version at eprint.iacr.org/2003/239.

On the random-oracle methodology as applied to length-restricted signature schemes.
R. Canetti, O. Goldreich, and S. Halevi, The First Theory of Cryptography Conference (TCC), 2004. Long version at eprint.iacr.org/2003/150.

Chosen-Ciphertext Security from Identity-Based Encryption.
D. Boneh, R. Canetti, S. Halevi, and J. Katz. SIAM J. Comput., 36(5): 1301-1328 (2007) Full version. Early version appeared at Eurocrypt, 2004, with a long version at eprint.iacr.org/2003/182.

Relaxing Chosen Ciphertext Security of Encryption Schemes.
R. Canetti, H. Krawczyk, and J. Nielsen. Crypto, 2003. Long version at eprint.iacr.org/2003/174.

Universal Composition with Joint State.
R. Canetti and T. Rabin. Crypto, 2003. Long version at eprint.iacr.org/2002/047.

Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card.
H. Schertzer, R, Canetti, P. Karger, T. Rabin, D. Toll. ESORICS, 2003. Available from the publisher.

On the limitations of universally composable two-party computation without set-up assumptions.
R. Canetti, E. Kushilevitz, and Y. Lindell. J. Cryptology 19(2): 135-167 (2006). Early version in Eurocrypt, 2003. Available also at eprint.iacr.org/2004/116.

Forward-Secure Encryption.
R. Canetti, S. Halevi and J. Katz. J. Cryptology 20(3): 265-294 (2007). Preliminary version at Eurocrypt, 2003. Available also at eprint.iacr.org/2003/083.

A Two Layered Approach for Securing an Object Store Network.
A. Azagury, R. Canetti, M. Factor, S. Halevi, E. Henis, D. Naor, N. Rinetzky, O. Rodeh, and J. Satran. First IEEE International Security In Storage Workshop, 2002. PDF.

Universally composable two-party and multi-party secure computation.
R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai. 34th STOC, 2002. Longer version at eprint.iacr.org/2002/140.

Security Analysis of IKE's Signature-based Key-Exchange Protocol.
R. Canetti and H. Krawczyk. Crypto, 2002. Long version at eprint.iacr.org/2002/120.

Just Fast Keying: Key Agreement In A Hostile Internet.
B. Aiello, S. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. Keromytis, O. Reingold. ACM Trans. Inf. Syst. Secur. 7(2): 242-273 (2004). Preliminary version (entitled "Efficient, DoS-Resistant Secure Key Exchange for Internet Protocols") at ACM Computers and Communications Security conference (CCS), 2002. PDF.

Universally Composable Notions of Key Exchange and Secure Channels.
R. Canetti and H. Krawczyk. Eurocrypt, 2002. Long version at eprint.iacr.org/2002/059.

Universally Composable Commitments.
R. Canetti and M. Fischlin. Crypto, 2001. Long version at eprint.iacr.org/2001/055.

Universally Composable Security: A New Paradigm for Cryptographic Protocols.
R. Canetti. 42nd FOCS, 2001. Revised version (2005) available at eprint.iacr.org/2000/067. Previous versions available at ECCC TR 01-016 .

On Adaptive vs. Non-adaptive Security of Multiparty Protocols.
R. Canetti, I. Damgard, S. Dziembowski, Y. Ishai, T. Malkin. J. Cryptology 17(3): 153-207 (2004); also available at eprint.iacr.org/2001/017. Preliminary version at Eurocrypt, 2001.

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels.
R. Canetti, H. Krawczyk. Eurocrypt, 2001. Long version available at eprint.iacr.org/2001/040.

Selective private function evaluation with applications to private statistics.
R. Canetti, Y. Ishai, R. Kumar, M. K. Reiter, R. Rubinfeld, R. N. Wright. PODC, 2001. PS.

Black-box concurrent zero-knowledge requires ~Ω(log n) rounds.
R. Canetti, J. Kilian, E. Petrank, A. Rosen. SIAM J. Comput. 32(1): 1-47 (2002). Preliminary version at 33rd STOC, 2001. PS.

Efficient and Secure Source Authentication for Multicast.
A. Perrig, R. Canetti, D. Tygar, D. Song. Network and Distributed System Security Symposium (NDSS), 2001. PDF.

Environmental Requirements for Authentication Protocols.
R. Canetti, C. Meadows, P. Syverson. Symposium on Requirements Engineering for Information Security (SREIS), 2001. PDF.

Efficient Authentication and Signing of Multicast Streams over Lossy Channels.
A. Perrig, R. Canetti, J. D. Tygar, D. X. Song. IEEE Symposium on Security and Privacy, 2000. PDF.

Resettable zero-knowledge.
R. Canetti, O. Goldreich, S. Goldwasser, S. Micali. 32nd STOC, 2000. Long version available at eprint.iacr.org/1999/022 .

Exposure-Resilient Functions and All-or-Nothing Transforms.
R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz, A. Sahai. Eurocrypt, 2000. PS.

IPSec-based Host Architecture for Secure Internet Multicast.
R. Canetti, P-C. Cheng, F. Giraud, D. Pendarakis, J.R. Rao, R. Rohatgi, D. Saha. Network and Distributed System Security Symposium (NDSS), 2000. PS.

Security and composition of multi-party cryptographic protocols.
R. Canetti. Journal of Cryptology Special Issue on Multiparty Computation 13(1): 143-202 (2000). Available at eprint.iacr.org/1998/018 .

On the statistical properties of Diffie-Hellman distributions.
R. Canetti. R. Canetti, J. B. Friedlander, S. V. Konyagin, M. Larsen, D. Lieman, I. Shparlinski. Israel J. Math., 2000, v.120, 23-46. PS.

On certain exponential sums and the distribution of Diffie-Hellman triples.
R. Canetti, J. Friedlander and I. Shparlinski. J. of the London Mathematical Society, (2) 59 (1999) 799--812. PS.

Adaptive Security for Threshold Cryptosystems.
R. Canetti, R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin. Crypto, 1999. Long version (PS).

Efficient Communication-Storage Tradeoffs for Multicast Encryption.
R. Canetti, T. Malkin, K. Nissim. Eurocrypt, 1999. PS.

A practical threshold cryptosystem resilient against adaptive chosen ciphertext attacks.
R. Canetti and Shafi Goldwasser. Eurocrypt, 1999. PS.
(Unfortunately, the full version referenced within was never completed.)

Secure computation with hidden cheaters (or, What if nobody is totally honest?)
R. Canetti and Rafi Ostrovsky 31st STOC, 1999. PS.

A taxonomy of multicast security issues and efficient constructions.
R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas. Infocom, 1999. PS.

A Modular Approach to the Design and Analysis of Authentication and Key-Exchange Protocols.
M. Bellare, R. Canetti and H. Krawczyk. 30th STOC, 1998. Long version available at eprint.iacr.org/1998/009 .

The Random-Oracle Model, Revisited.
R. Canetti, O. Goldreich and S. Halevi. J. ACM 51(4): 557-594 (2004). Preliminary version at 30th STOC, 1998. Available at eprint.iacr.org/1998/011 .

From Collision Resistance to Perfect One-Wayness.
R. Canetti, D. Micciancio and O. Reingold. 30th STOC, 1998. Longer version (PS).

Towards realizing random oracles: Hash functions that hide all partial information.
R. Canetti. Crypto, 1997. Longer version available at eprint.iacr.org/1997/007 .

Deniable Encryptions.
R. Canetti, C. Dwork, M. Naor and R. Ostrovsky. Crypto, 1997. Longer version available at eprint.iacr.org/1996/002.

How to Maintain Authenticated Communication in the presence of break-ins.
R. Canetti, S. Halevi and A. Herzberg. Journal of Cryptology Special Issue on Multiparty Computation 13(1): 61-105 (2000). Preliminary version at 16th PODC, 1997. Available also at eprint.iacr.org/1998/012 .

Randomness vs. Fault-Tolerance.
R. Canetti, E. Kushilevitz, R. Ostrovsky and A. Rosen. Journal of Cryptology Special Issue on Multiparty Computation 13(1): 107-142 (2000). Preliminary version at 16th PODC, 1997. Available also at eprint.iacr.org/1998/014 .

Cascaded Pseudo-Randomness and its Concrete Security.
M. Bellare, R. Canetti and H. Krawczyk. 37th FOCS, 504-513, 1996. Long version (PDF) , maintainted by Mihir Bellare .

Incoercible Secure Computation.
R. Canetti and R. Gennaro. 37th FOCS, pp.514-523, 1996. Long version available at eprint.iacr.org/1996/001 .

Keying Hash Functions for Message Authentication.
M. Bellare, R. Canetti and H. Krawczyk. Crypto, LNCS 1109, 1-15, 1996. and is available Long version (PDF) , maintainted by Mihir Bellare .

Adaptively Secure Multiparty Computation.
R. Canetti, U. Feige, O. Goldreich and M. Naor. 28th STOC, 639-648, 1996. A longer version in MIT-LCS-TR 682 .

More on BPP and the Polynomial-Time Hierarchy.
R. Canetti. IPL 57, 1996, pp. 237-241. PS.

Lower bounds for Sampling Algorithms for Estimating the Average.
R. Canetti, G. Even and O. Goldreich. IPL 53, 1995, pp. 17-25. PS.

Bandwidth Allocation with Preemption.
A. Bar-Noy, R. Canetti, S. Kutten, Y. Mansour, and B. Schieber. SIAM Journal on Computing, Vol. 28, 1999, pp. 1806-1828. Preliminary version in 27th STOC, 1995. PDF.

On the Power of Preemption in Randomized Scheduling.
R. Canetti and S. Irani. SIAM Journal on Computing, Vol. 27 No. 4, 1998, pp. 993-1015. Preliminary version in 27th STOC, 1995. PS.

Maintaining Security in the Presence of Transient Faults.
R. Canetti and A. Herzberg. Crypto, 1994. LNCS 839, 425-438. PS.

Asynchronous Secure Computation.
M. Ben-Or, R. Canetti and O. Goldreich. 25th STOC, 1993. Available here. Earlier version in TR CS-755. A longer version appears as part of my PhD Thesis.

Fast Asynchronous Byzantine Agreement with Optimal Resilience.
R. Canetti and T. Rabin. 25th STOC, 42-51, 1993. Long version (PS).

The Parallel C (pC) Programming Language.
R. Canetti, P. Fertig, S. Kravitz, D. Malkhi, R. Pinter, S. Porat, A. Teperman. IBM Journal of Research and Development, Vol 35, no. 5/6, November 1991, pp. 727-742. Available here.

Bounds on Tradeoffs between Randomness and Communication Complexity.
R. Canetti and O. Goldreich. Computational Complexity, No. 3, 1993, pp.141-167. Preliminary version at 31st FOCS 1990. PS.

A distributed computing simulator.
R. Canetti, A. Herzberg and B. Pinkas. TR CS-566, Technion, 1989.








Ph.D. Thesis

Studies in Secure Multiparty Computation and Applications. The Weizmann Institute of Science, 1996. PS .