Fwd: [security-lunch] Apr 15 | Ihyun Nam on "Passlog: Authentication Logging with Public State"
5 views
Skip to first unread message
Alan Karp
Apr 13, 2026, 4:32:42 PM (12 days ago) Apr 13
to <friam@googlegroups.com>
--------------
Alan Karp
Alan Karp
---------- Forwarded message ---------
From: Michael Leo Paper via security-lunch <securit...@lists.stanford.edu>
Date: Mon, Apr 13, 2026 at 11:51 AM
Subject: [security-lunch] Apr 15 | Ihyun Nam on "Passlog: Authentication Logging with Public State"
To: securit...@lists.stanford.edu <securit...@lists.stanford.edu>
From: Michael Leo Paper via security-lunch <securit...@lists.stanford.edu>
Date: Mon, Apr 13, 2026 at 11:51 AM
Subject: [security-lunch] Apr 15 | Ihyun Nam on "Passlog: Authentication Logging with Public State"
To: securit...@lists.stanford.edu <securit...@lists.stanford.edu>
Security Lunch ⛄ Ed. — Wednesday, Apr 15th, 2026, 12:00 pm @ CoDa E160
Passlog: Authentication Logging with Public State
Ihyun Nam
Can't make it in person? Join us on
zoom.
See our past & upcoming events on our
website!
Abstract:
Account compromise is challenging to prevent completely, so users must detect compromise quickly to minimize damage. Authentication logging makes it possible for a user to fetch a comprehensive list of all logins made to her accounts. Unfortunately, existing
systems provide authentication logging at the expense of allowing the log provider to learn sensitive information or tamper with authentication logs. We present Passlog, a privacy-preserving authentication logging system in which one or more parties run the
log service, and anyone can unilaterally audit the log service to prove wrongdoing. A novel property of Passlog is that the log record state can be public without revealing any private information. The challenge is to hide the identity of users and web services
from the log service while still allowing the log service to enforce that every authentication is correctly recorded. We design, implement, and evaluate Passlog to support both a centralized and decentralized log service. Our implementation of Passlog with
an auditable log service running on one server with eight CPU cores and a client and relying party running on four cores executes each authentication in 906ms.
Bio:
Ihyun Nam is a first year Computer Science PhD student at Stanford University. Her research focuses on applied cryptography and systems security, with a focus on building practical systems that use cryptography for precise security and strong privacy. You can
find more about Ihyun on her webpage:
https://ihyunnam.github.io/
security-lunch mailing list
securit...@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/security-lunch
Reply all
Reply to author
Forward
0 new messages