Ran Canetti


I have moved to the School of Computer Science, Tel Aviv University.


Until August 2008, I was a Researcher at the Cryptography Research Group at IBM T.J. Watson Research Center and a Visiting Scientist at the Cryptography and Information Security group at the CSAIL, MIT.


Note: This page is not up to date. See a more recent version here.



Professional Activity
Students
Teaching
Talks
Standards
Surveys and Tutorials
Research Papers
PhD Thesis                                                                                           























Current Professional Activity

Head of the Check Point Institute of Information Security.

Editor for the Journal of Cryptology.

Editor for Information and Computation.

Co-chair of the Crypto Forum Research Group at the Internet Research Task Force (IRTF).

Co-organizer of the Theoretical foundations of Practical Information Security workshop, Dagstuhl, December 2008.

Program Committee member for STOC'09.

Past activity






Students

Ronny Dakdouk (PhD, Yale. Co-advised with Joan Feigenbaum)

Mayank Varia (PhD, MIT)

Waseem Daher (Master of Engineering, MIT. Graduated 05/2008.)

Dah Yoh Lim (PhD, MIT. Co-advised with Shafi Goldwasser. Graduated 08/2008.)







Teaching

Introduction to Cryptography
Fall 2008. More information.

Zero-Knowledge and Applications
Co-taught with Silvio Micali, EECS department, MIT, Fall 2006.

Selected Topics in Cryptography
Co-taught with Shafi Goldwasser, EECS department, MIT, Fall 2004.

Selected Topics in Cryptographic Protocols
Co-taught with Ron Rivest, EECS department, MIT, Spring 2004. Course materials.






Selected Talks

Composable Formal Security Analysis: Juggling Soundness, Simplicity and Efficiency
Given at ICALP 2008, Reykjavik, Iceland, July 2008. See the accompanying paper.

Obtaining Universally Composable Security: Towards the Bare Bones of Trust
Given at Asiacrypt 2007, Kuching, Malaysia, December 2007. Slides (PDF). See also the accompanying paper.

How to Obtain and Assert Composable Security
Given at 16th Usenix Security Symposium, Boston, MA, August 2007. Slides (PDF) and audio recording (mp3).

Universally Composable Security With Global Set-Up
Given at IPAM Program on Applications and Foundations of Cryptography and Computer Security, UCLA, November 2006. Slides (PDF).

Security and Composition of Cryptographic Protocols: A Tutorial
Given at IPAM Program on Applications and Foundations of Cryptography and Computer Security, UCLA, September 2006. Slides (ppt). See also the accompanying paper. (An earlier version was given at PODC'04. )

The HMAC Construction: A Decade Later
Given at MIT CIS Seminar, December 2006. Slides (PDF).






Surveys and Tutorials

Composable Formal Security Analysis: Juggling Soundness, Simplicity and Efficiency
R. Canetti. ICALP 2008, LNCS 5126, pages 1-13. Updated version available here.

Obtaining Universally Composable Security: Towards the Bare Bones of Trust.
R. Canetti. Asiacrypt 2007, LNCS 4833, pages 88-112. Updated version at eprint.iacr.org/2007/475.

Security and Composition of Cryptographic Protocols: A Tutorial.
R. Canetti. A two-part contribution to the Distributed Computing column of SIGACT News, Vol. 37, Nos. 3 & 4, 2006. A combined and updated version is available at eprint.iacr.org/2006/465 .

The Decisional Diffie-Hellman assumption.
R. Canetti. Entry for the Encyclopedia of Cryptography and Security, H. van Tilborg, (Ed.), Springer-Verlag, 2005. Personal version (PS) .

The TESLA Broadcast Authentication Protocol.
A. Perrig, R. Canetti, D. Song, D. Tygar. CryptoBytes, Vol. 5, No. 2, 2002.

Proactive security: Long-term Protection against break-ins.
R. Canetti, R. Gennaro, A. Herzberg, D. Naor. CryptoBytes, Vol. 3, No. 1, 1997.

The HMAC construction.
M. Bellare, R. Canetti and H. Krawczyk. CryptoBytes, Vol. 2, No. 1, 1996.






Standards

Group Key Management Architecture.
By M. Baugher, R. Canetti, L. Dondeti, F. Lindholm. Internet Engineering Task Force RFC 4046, 2005.

TESLA: Multicast Source Authentication Transform.
By A. Perrig, R. Canetti, B. Briscoe, D. Tygar, D. Song. Internet Engineering Task Force RFC 4082, 2005.

HMAC: Keyed-Hashing for Message Authentication.
By H. Krawczyk, M. Bellare and R. Canetti. Internet Engineering Task Force RFC 2104, 1997. Also appears as an American National Standard Institute (ANSI) standard X9.71 (2000), and as a Federal Information Processing Standard No. 198, National Institute of Standards and Technology (NIST), 2002.






Research Papers

Modeling Computational Security in Long-Lived Systems. R. Canetti, L. Cheung, D. Kirli Kaynar, N. A. Lynch, O. Pereira. CONCUR 2008, pp. 114-130. PDF.

Obfuscating Point Functions with Multibit Output. R. Canetti, R. R. Dakdouk. Eurocrypt 2008, pp. 489-508. PDF.

Extractable Perfectly One-Way Functions. R. Canetti, R. R. Dakdouk. ICALP 2008 (Track C), pp. 449-460. PDF.

R. Canetti, D. Eiger, S. Goldwasser, D. Y. Lim. How to Protect Yourself without Perfect Shredding. ICALP 2008 (Track C), pp. 511-523. Long version at eprint.iacr.org/2008/291.

Chosen Ciphertext Secure Proxy Re-encryption.
R. Canetti and S. Hohenberger. ACM CCS, 2007. Long version at eprint.iacr.org/2007/171.

Cryptography from sunspots: How to use an imperfect reference string.
R. Canetti, R. Pass, and A. Shelat. 48th Foundations of Computer Science (FOCS) 2007. PDF.

Amplification of Collision Resistance: A complexity-theoretic treatment.
R. Canetti, R. Rivest, M. Sudan, L. Trevisan, S. Vadhan, H. Wee. Crypto '07, 2007. PDF.

Compositional Security for Task-PIOAs.
R. Canetti, L. Cheung, D. Kaynar, N. Lynch and O. Pereira. 20th Computer Security Foundations Conference (CSF), July 2007. Long version (PDF).

On the Role of Scheduling in Simulation-Based Security.
R. Canetti, L. Cheung, N. Lynch and O. Pereira. The 7th Workshop on Issues in the Theory of Security (WITS), 2007. PDF.

Universally Composable Security with Pre-Existing Setup.
R. Canetti, Y. Dodis, R. Pass and S. Walfish. The fourth Theory of Cryptology Conference (TCC), 2007. Long version at eprint.iacr.org/2006/432.

Mitigating Dictionary Attacks on Password-Based Local Storage.
R Canetti, S. halevi, M. Steiner. Crypto 2006. Long version at eprint.iacr.org/2006/276.

Time-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols.
R. Canetti, L. Cheung, D. Kaynar, M. Liskov, N. Lynch, O. Pereira, and R. Segala. In 20th symposium on distributed computing (DISC), 2006. Long version at MIT CSAIL TR 2006-047. Full version Journal of Discrete Event Dynamic Systems 18(1): 111-159 (2008).

Task-Structured Probabilistic I/O Automata.
R. Canetti, L. Cheung, D. Kaynar, M. Liskov, N. Lynch, O. Pereira, and R. Segala. In Workshop on discrete event systems (WODES), 2006. Long version at MIT CSAIL TR 2006-060.

More information on Task PIOAs and their use for security analysis, including early versions and other publications, appears at the following page, maintained by Ling Cheung.

Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols.
R. Canetti and J. Herzog. The Third Theory of Cryptograph Conference (TCC), 2006: 380-403. Long version at eprint.iacr.org/2004/334.

Secure Computation Without Authentication.
B. Barak, R. Canetti, Y. Lindell, R. Pass, and T. Rabin. Crypto 2005. PS.

Universally Composable Password-Based Key Exchange.
R. Canetti, S. Halevi, J. Katz, Y. Lindell, P. D. Mackenzie. Eurocrypt 2005: 404-421. Long version at eprint.iacr.org/2005/196.

Hardness Amplification For Computational Riddles.
R. Canetti, S. Halevi, M. Steiner. The second Theory of Cryptograph Confernece (TCC), 2005. Long version at eprint.iacr.org/2004/329.

Adaptively Secure Non-Interactive Public-Key Encryption.
R. Canetti, S. Halevi and J, Katz. The second Theory of Cryptograph Confernece (TCC), 2005. Long version at eprint.iacr.org/2004/314.

Universally Composable Protocols with Relaxed Set-Up Assumptions.
B. Barak, R. Canetti, J. Nielsen and R. Pass. 45th FOCS, 2004. Proceedings version (PS). Long version (PDF).

Universally Composable Notions of Signature, Certification, and Authentication.
R. Canetti. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004. Long version at eprint.iacr.org/2003/239.

On the random-oracle methodology as applied to length-restricted signature schemes.
R. Canetti, O. Goldreich, and S. Halevi, The First Theory of Cryptography Conference (TCC), 2004. Long version at eprint.iacr.org/2003/150.

Chosen-Ciphertext Security from Identity-Based Encryption.
D. Boneh, R. Canetti, S. Halevi, and J. Katz. SIAM J. Comput., 36(5): 1301-1328 (2007) Full version. Early version appeared at Eurocrypt, 2004, with a long version at eprint.iacr.org/2003/182.

Relaxing Chosen Ciphertext Security of Encryption Schemes.
R. Canetti, H. Krawczyk, and J. Nielsen. Crypto, 2003. Long version at eprint.iacr.org/2003/174.

Universal Composition with Joint State.
R. Canetti and T. Rabin. Crypto, 2003. Long version at eprint.iacr.org/2002/047.

Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card.
H. Schertzer, R, Canetti, P. Karger, T. Rabin, D. Toll. ESORICS, 2003. Available from the publisher.

On the limitations of universally composable two-party computation without set-up assumptions.
R. Canetti, E. Kushilevitz, and Y. Lindell. J. Cryptology 19(2): 135-167 (2006). Early version in Eurocrypt, 2003. Available also at eprint.iacr.org/2004/116.

Forward-Secure Encryption.
R. Canetti, S. Halevi and J. Katz. J. Cryptology 20(3): 265-294 (2007). Preliminary version at Eurocrypt, 2003. Available also at eprint.iacr.org/2003/083.

A Two Layered Approach for Securing an Object Store Network.
A. Azagury, R. Canetti, M. Factor, S. Halevi, E. Henis, D. Naor, N. Rinetzky, O. Rodeh, and J. Satran. First IEEE International Security In Storage Workshop, 2002. PDF.

Universally composable two-party and multi-party secure computation.
R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai. 34th STOC, 2002. Longer version at eprint.iacr.org/2002/140.

Security Analysis of IKE's Signature-based Key-Exchange Protocol.
R. Canetti and H. Krawczyk. Crypto, 2002. Long version at eprint.iacr.org/2002/120.

Just Fast Keying: Key Agreement In A Hostile Internet.
B. Aiello, S. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. Keromytis, O. Reingold. ACM Trans. Inf. Syst. Secur. 7(2): 242-273 (2004). Preliminary version (entitled "Efficient, DoS-Resistant Secure Key Exchange for Internet Protocols") at ACM Computers and Communications Security conference (CCS), 2002. PDF.

Universally Composable Notions of Key Exchange and Secure Channels.
R. Canetti and H. Krawczyk. Eurocrypt, 2002. Long version at eprint.iacr.org/2002/059.

Universally Composable Commitments.
R. Canetti and M. Fischlin. Crypto, 2001. Long version at eprint.iacr.org/2001/055.

Universally Composable Security: A New Paradigm for Cryptographic Protocols.
R. Canetti. 42nd FOCS, 2001. Revised version (2005) available at eprint.iacr.org/2000/067. Previous versions available at ECCC TR 01-016 .

On Adaptive vs. Non-adaptive Security of Multiparty Protocols.
R. Canetti, I. Damgard, S. Dziembowski, Y. Ishai, T. Malkin. J. Cryptology 17(3): 153-207 (2004); also available at eprint.iacr.org/2001/017. Preliminary version at Eurocrypt, 2001.

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels.
R. Canetti, H. Krawczyk. Eurocrypt, 2001. Long version available at eprint.iacr.org/2001/040.

Selective private function evaluation with applications to private statistics.
R. Canetti, Y. Ishai, R. Kumar, M. K. Reiter, R. Rubinfeld, R. N. Wright. PODC, 2001. PS.

Black-box concurrent zero-knowledge requires ~Ω(log n) rounds.
R. Canetti, J. Kilian, E. Petrank, A. Rosen. SIAM J. Comput. 32(1): 1-47 (2002). Preliminary version at 33rd STOC, 2001. PS.

Efficient and Secure Source Authentication for Multicast.
A. Perrig, R. Canetti, D. Tygar, D. Song. Network and Distributed System Security Symposium (NDSS), 2001. PDF.

Environmental Requirements for Authentication Protocols.
R. Canetti, C. Meadows, P. Syverson. Symposium on Requirements Engineering for Information Security (SREIS), 2001. PDF.

Efficient Authentication and Signing of Multicast Streams over Lossy Channels.
A. Perrig, R. Canetti, J. D. Tygar, D. X. Song. IEEE Symposium on Security and Privacy, 2000. PDF.

Resettable zero-knowledge.
R. Canetti, O. Goldreich, S. Goldwasser, S. Micali. 32nd STOC, 2000. Long version available at eprint.iacr.org/1999/022 .

Exposure-Resilient Functions and All-or-Nothing Transforms.
R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz, A. Sahai. Eurocrypt, 2000. PS.

IPSec-based Host Architecture for Secure Internet Multicast.
R. Canetti, P-C. Cheng, F. Giraud, D. Pendarakis, J.R. Rao, R. Rohatgi, D. Saha. Network and Distributed System Security Symposium (NDSS), 2000. PS.

Security and composition of multi-party cryptographic protocols.
R. Canetti. Journal of Cryptology Special Issue on Multiparty Computation 13(1): 143-202 (2000). Available at eprint.iacr.org/1998/018 .

On the statistical properties of Diffie-Hellman distributions.
R. Canetti. R. Canetti, J. B. Friedlander, S. V. Konyagin, M. Larsen, D. Lieman, I. Shparlinski. Israel J. Math., 2000, v.120, 23-46. PS.

On certain exponential sums and the distribution of Diffie-Hellman triples.
R. Canetti, J. Friedlander and I. Shparlinski. J. of the London Mathematical Society, (2) 59 (1999) 799--812. PS.

Adaptive Security for Threshold Cryptosystems.
R. Canetti, R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin. Crypto, 1999. Long version (PS).

Efficient Communication-Storage Tradeoffs for Multicast Encryption.
R. Canetti, T. Malkin, K. Nissim. Eurocrypt, 1999. PS.

A practical threshold cryptosystem resilient against adaptive chosen ciphertext attacks.
R. Canetti and Shafi Goldwasser. Eurocrypt, 1999. PS.
(Unfortunately, the full version referenced within was never completed.)

Secure computation with hidden cheaters (or, What if nobody is totally honest?)
R. Canetti and Rafi Ostrovsky 31st STOC, 1999. PS.

A taxonomy of multicast security issues and efficient constructions.
R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas. Infocom, 1999. PS.

A Modular Approach to the Design and Analysis of Authentication and Key-Exchange Protocols.
M. Bellare, R. Canetti and H. Krawczyk. 30th STOC, 1998. Long version available at eprint.iacr.org/1998/009 .

The Random-Oracle Model, Revisited.
R. Canetti, O. Goldreich and S. Halevi. J. ACM 51(4): 557-594 (2004). Preliminary version at 30th STOC, 1998. Available at eprint.iacr.org/1998/011 .

From Collision Resistance to Perfect One-Wayness.
R. Canetti, D. Micciancio and O. Reingold. 30th STOC, 1998. Longer version (PS).

Towards realizing random oracles: Hash functions that hide all partial information.
R. Canetti. Crypto, 1997. Longer version available at eprint.iacr.org/1997/007 .

Deniable Encryptions.
R. Canetti, C. Dwork, M. Naor and R. Ostrovsky. Crypto, 1997. Longer version available at eprint.iacr.org/1996/002.

How to Maintain Authenticated Communication in the presence of break-ins.
R. Canetti, S. Halevi and A. Herzberg. Journal of Cryptology Special Issue on Multiparty Computation 13(1): 61-105 (2000). Preliminary version at 16th PODC, 1997. Available also at eprint.iacr.org/1998/012 .

Randomness vs. Fault-Tolerance.
R. Canetti, E. Kushilevitz, R. Ostrovsky and A. Rosen. Journal of Cryptology Special Issue on Multiparty Computation 13(1): 107-142 (2000). Preliminary version at 16th PODC, 1997. Available also at eprint.iacr.org/1998/014 .

Cascaded Pseudo-Randomness and its Concrete Security.
M. Bellare, R. Canetti and H. Krawczyk. 37th FOCS, 504-513, 1996. Long version (PDF) , maintainted by Mihir Bellare .

Incoercible Secure Computation.
R. Canetti and R. Gennaro. 37th FOCS, pp.514-523, 1996. Long version available at eprint.iacr.org/1996/001 .

Keying Hash Functions for Message Authentication.
M. Bellare, R. Canetti and H. Krawczyk. Crypto, LNCS 1109, 1-15, 1996. and is available Long version (PDF) , maintainted by Mihir Bellare .

Adaptively Secure Multiparty Computation.
R. Canetti, U. Feige, O. Goldreich and M. Naor. 28th STOC, 639-648, 1996. A longer version in MIT-LCS-TR 682 .

More on BPP and the Polynomial-Time Hierarchy.
R. Canetti. IPL 57, 1996, pp. 237-241. PS.

Lower bounds for Sampling Algorithms for Estimating the Average.
R. Canetti, G. Even and O. Goldreich. IPL 53, 1995, pp. 17-25. PS.

Bandwidth Allocation with Preemption.
A. Bar-Noy, R. Canetti, S. Kutten, Y. Mansour, and B. Schieber. SIAM Journal on Computing, Vol. 28, 1999, pp. 1806-1828. Preliminary version in 27th STOC, 1995. PDF.

On the Power of Preemption in Randomized Scheduling.
R. Canetti and S. Irani. SIAM Journal on Computing, Vol. 27 No. 4, 1998, pp. 993-1015. Preliminary version in 27th STOC, 1995. PS.

Maintaining Security in the Presence of Transient Faults.
R. Canetti and A. Herzberg. Crypto, 1994. LNCS 839, 425-438. PS.

Asynchronous Secure Computation.
M. Ben-Or, R. Canetti and O. Goldreich. 25th STOC, 1993. Available here. Earlier version in TR CS-755. A longer version appears as part of my PhD Thesis.

Fast Asynchronous Byzantine Agreement with Optimal Resilience.
R. Canetti and T. Rabin. 25th STOC, 42-51, 1993. Long version (PS).

The Parallel C (pC) Programming Language.
R. Canetti, P. Fertig, S. Kravitz, D. Malkhi, R. Pinter, S. Porat, A. Teperman. IBM Journal of Research and Development, Vol 35, no. 5/6, November 1991, pp. 727-742. Available here.

Bounds on Tradeoffs between Randomness and Communication Complexity.
R. Canetti and O. Goldreich. Computational Complexity, No. 3, 1993, pp.141-167. Preliminary version at 31st FOCS 1990. PS.

A distributed computing simulator.
R. Canetti, A. Herzberg and B. Pinkas. TR CS-566, Technion, 1989.








Ph.D. Thesis

Studies in Secure Multiparty Computation and Applications. The Weizmann Institute of Science, 1996. PS .