Majid Khabbazian

Majid Khabbazian

Multi-scalar multiplication (MSM), MSM(vec{P},vec{x}) = sum_{i=1}^n x_i P_i, is a dominant computational kernel in discrete-logarithm-based cryptography and often becomes a bottleneck for verifiers and other resource-constrained clients. We present 2G2T, a simple protocol for verifiably outsourcing MSM to an untrusted server. 2G2T is efficient for both parties: the server performs only two MSM computations and returns only two group elements to the client, namely the claimed result A = MSM(vec{P},vec{x}) and an auxiliary group element B. Client-side verification consists of a single length-n field inner product and only three group operations (two scalar multiplications and one group addition). In our Ristretto255 implementation, verification is up to about 300x faster than computing the MSM locally using a highly optimized MSM routine (for n up to 2^18). Moreover, 2G2T enables latency-hiding verification: nearly all verifier work can be performed while waiting for the server's response, so once (A,B) arrives the verifier completes the check with only one scalar multiplication and one group addition (both independent of n). Finally, despite its simplicity and efficiency, we prove that 2G2T achieves statistical soundness: for any (even unbounded) adversarial server, the probability of accepting an incorrect result is at most 1/q per query, and at most e/q over e adaptive executions, in a prime-order group of size q.

Sonbol Rahimpour, Majid Khabbazian

We propose a novel reputation system to stimulate well-behaviour, and competition in online markets. Our reputation system is suited for markets where a publicly-verifiable "proof-of-misbehaviour" can be generated when one party misbehaves. Such markets include those that provide blockchain services, such as monitoring services by watchtowers. Watchtowers are entities that watch the blockchain on behalf of their offline clients to protect the clients' interests in applications such as payment networks (e.g., the Lightning network). In practice, there is no trust between clients and watchtowers, and it is challenging to incentivize watchtowers to well-behave (e.g., to refuse bribery). To showcase our reputation system, in this work, we create an open market of watchtowers, where watchtowers are motivated to not only deliver their promised service but also reduce their service fees in competition with each other.

Alireza Hafez, Dorsa Nahid, Majid Khabbazian

Most modern smartphones are equipped with a barometer to sample air pressure. Accessing these samples is deemed harmless, hence does not require any permission. In this work, we show, however, that these samples can reveal sensitive information in smartphones with ingress protection. For the first time, it is shown that barometer samples, even at a low rate of 25 Hz, can leak information about the smartphone's speaker activity. Specifically, we use these samples to detect with high accuracy (>= 95%) whether the smartphone's speaker is silent or playing a sound such as a ringtone. In addition, we use the samples to detect the activity of an external speaker. Finally, we show that low-rate barometer samples can be used to 1) detect touchscreen finger taps with 100% accuracy, and 2) gain information about the positions of finger taps.

Ahmad Shabani Baghani, Sonbol Rahimpour, Majid Khabbazian

RPL is the emerging routing standard for low power and lossy networks (LLNs). LLN is a key component of the Internet of Things (IoT), hence its security is imperative for the age of IoT. In this work, we present the DAO induction attack, a novel attack against RPL. In this attack, a malicious insider or a compromised node periodically increments its DTSN number. Each such increment can trigger/induce a large number of control message transmissions in the network. We show that this degrades the network performance in terms of end-to-end latency, packet loss ratio, and power consumption. To mitigate, we propose a lightweight solution to detect the DAO induction attack. Our solution imposes nearly no overhead on IoT devices, which is important as these devices are typically constrained in terms of power, memory and processing.