a classification of computational assumptions in the
play

A Classification of Computational Assumptions in the Algebraic Group - PowerPoint PPT Presentation

Mar 12, 2024 •295 likes •1.22k views

A Classification of Computational Assumptions in the Algebraic Group Model Balthazar Bauer, Georg Fuchsbauer, Julian Loss August 11, 2020 1 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 2 1. The Algebraic Group

  1. A Classification of Computational Assumptions in the Algebraic Group Model Balthazar Bauer, Georg Fuchsbauer, Julian Loss August 11, 2020 1

  2. 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 2

  3. 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 3

  4. From GGM to AGM ◮ Let G be a cyclic group of prime order p . 4

  5. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Standard Model ( � , ♥ ) b ( Z 1 , Z 2 , Z 3 ) � + ♥ C ( ♠ , ( a 1 , a 2 , a 3 )) such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 4

  6. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Standard Model ( � , ♥ ) b ( Z 1 , Z 2 , Z 3 ) � + ♥ C ( ♠ , ( a 1 , a 2 , a 3 )) Y such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 4

  7. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ , ⋆ ) C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  8. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ ) ( � , ♥ , ⋆ ) C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  9. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ ) ( � , ♥ , ⋆ ) ♣ = � + ♥ C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  10. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ ) ( � , ♥ , ⋆ ) ♣ = � + ♥ C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  11. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model (modified) ( � , ♥ ) ( � , ♥ , ⋆ ) ♣ = � + ♥ C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 6

  12. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Algebraic Group Model ( � , ♥ ) b ( Z 1 , Z 2 , Z 3 ) � + ♥ C Y = a 1 Z 1 + a 2 Z 2 + a 3 Z 3 ( Y , ( a 1 , a 2 , a 3 )) such that Y = a 1 Z 1 + a 2 Z 2 + a 3 Z 3 7

  13. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. 8

  14. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. 8

  15. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : 8

  16. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p 8

  17. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) 8

  18. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) 8

  19. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) ◮ { x ∗ 1 , x ∗ 2 } ← Solve ( ℓ 1 + ℓ 2 X + ℓ 3 ( X + v )) ≡ X ( X + v ) (mod p ) 8

  20. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) ◮ { x ∗ 1 , x ∗ 2 } ← Solve ( ℓ 1 + ℓ 2 X + ℓ 3 ( X + v )) ≡ X ( X + v ) (mod p ) ◮ Output x ∗ i such that X = x ∗ i G 8

  21. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) ◮ { x ∗ 1 , x ∗ 2 } ← Solve ( ℓ 1 + ℓ 2 X + ℓ 3 ( X + v )) ≡ X ( X + v ) (mod p ) ◮ Output x ∗ i such that X = x ∗ i G ◮ Conclusion: AGM enables new security reductions 8

  22. q -Diffie-Hellman Exponent ◮ Let G be a cyclic group of prime order p . 9

  23. q -Diffie-Hellman Exponent ◮ Let G be a cyclic group of prime order p .   G x G     x 2 G $   → x q + 1 G ← − Z p ; → x   ·     ·   x q G 9

  24. q -Diffie-Hellman Exponent ◮ Let G be a cyclic group of prime order p .   G x G     x 2 G $   → x q + 1 G ← − Z p ; → x   ·     ·   x q G Can we reduce DLog to q -DHE? 9

  25. q -Strong Diffie-Hellman (Boneh Boyen 2004 ) ◮ Let ( G 1 , G 2 , e ) be a bilinear cyclic group of prime order p . 10

  26. q -Strong Diffie-Hellman (Boneh Boyen 2004 ) ◮ Let ( G 1 , G 2 , e ) be a bilinear cyclic group of prime order p .   G 1 G 2     x G 2   � � $ 1   ← − Z p ; → → c , x 2 G 2 ( x + c ) G 1 x     ·     ·   x q G 2 10

  27. q -Strong Diffie-Hellman (Boneh Boyen 2004 ) ◮ Let ( G 1 , G 2 , e ) be a bilinear cyclic group of prime order p .   G 1 G 2     x G 2   � � $ 1   ← − Z p ; → → c , x 2 G 2 ( x + c ) G 1 x     ·     ·   x q G 2 Can we reduce DLog to q -SDH? 10

  28. DLog CDH DHI one-more DLog q ′ -DLog q -SDH SRDH Gap-DH q ′′ -DHE LRSW 11

  29. DLog CDH DHI one-more DLog q ′ -DLog q -SDH SRDH Gap-DH q ′′ -DHE LRSW 12

  30. DLog ? CDH DHI ? one-more DLog q ′ -DLog ? ? q -SDH SRDH Gap-DH q ′′ -DHE LRSW 13

  31. 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 14

  32. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions 15

  33. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] 15

  34. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G  R 2 = R 2 ( � x ) G   $   � → P ( � ← − Z m p ; · → x ) G x     ·   R n = R n ( � x ) G R ) : P = � a i R i Easy if P ∈ Span ( � x ) = � a i R i ( � P ( � x ) ; x ) G = � a i R i P ( � ; Hard in the GGM if P �∈ Span ( � R ) (non-triviality condition) 15

  35. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions (like CDH) ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ]  R 1 = R 1 ( �  x ) G ( = 1 G ) $  → R 2 = R 2 ( � → P ( � ( x , y ) ← − Z 2 p ; x ) G ( = x G ) x ) G ( = xy G )  R 3 = R 3 ( � x ) G ( = y G ) Easy if P ∈ Span ( � R ) : R ) : P = � a i R i Easy if P ∈ Span ( � x ) = � a i R i ( � P ( � x ) ; x ) G = � a i R i P ( � ; Hard in the GGM if P �∈ Span ( � R ) (non-triviality condition) 16

  36. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions (like q -DHE) ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G ( = 1 G )  R 2 = R 2 ( � x ) G ( = x G )     R 3 = R 3 ( � x ) G ( = x 2 G ) $   x ) G ( = x q + 1 G ) → P ( � ← − Z p ; → x   ·     ·   R n = R n ( � x ) G ( = x q G ) R ) : P = � a i R i Easy if P ∈ Span ( � x ) = � a i R i ( � P ( � x ) ; x ) G = � a i R i P ( � ; 17

  37. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G  R 2 = R 2 ( � x ) G   $   � → P ( � ← − Z m p ; · → x ) G x     ·   R n = R n ( � x ) G ◮ Easy if P ∈ Span ( � R ) : 18

  38. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G  R 2 = R 2 ( � x ) G   $   � → P ( � ← − Z m p ; · → x ) G x     ·   R n = R n ( � x ) G R ) : P = � a i R i ◮ Easy if P ∈ Span ( � 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computational Complexity of NL1 with Assumptions Maria Buli nska University of Warmia and

Computational Complexity of NL1 with Assumptions Maria Buli nska University of Warmia and

Computational Complexity of NL1 with Assumptions Maria Buli nska University of Warmia and Mazury, Olsztyn, Poland Logic Colloquium, Wroc law, July 14-19, 2007 Maria Buli nska Computational Complexity of NL1 with Assumptions Table of

1.19k views • 79 slides
Deep Learning for Classification CS293S, Yang, 2017 Computational graph for classification w 1 f

Deep Learning for Classification CS293S, Yang, 2017 Computational graph for classification w 1 f

Deep Learning for Classification CS293S, Yang, 2017 Computational graph for classification w 1 f 1 w 2 S f 2 >0? w 3 f 3 Objective: Classification Accuracy m l acc ( w ) = 1 sign( w > f ( x ( i ) )) == y ( i ) X m i =1

509 views • 49 slides
Classification Classification TNM classification Survival time Survival time Tumour size,

Classification Classification TNM classification Survival time Survival time Tumour size,

2003 I. Jurisica November 13, 2003 Classification Classification TNM classification Survival time Survival time Tumour size, location Lymph Node involvement Metastasis 1A -> T1, N0, M0 Integrated Computational Analysis Integrated

80 views • 7 slides
Latent Classification Models Classification in continuous domains Helge Langseth and Thomas D.

Latent Classification Models Classification in continuous domains Helge Langseth and Thomas D.

Latent Classification Models Classification in continuous domains Helge Langseth and Thomas D. Nielsen LCM p.1/ ?? Outline Probabilistic classifiers Nave Bayes classifiers Relaxing the assumptions Latent classification

654 views • 29 slides
A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and Columbia University Group Basics There are two kinds of people in this world. Those who like additive group notation, and those who like

657 views • 31 slides
The computational and decisional Diffie-Hellman assumptions in CryptoVerif Bruno Blanchet and

The computational and decisional Diffie-Hellman assumptions in CryptoVerif Bruno Blanchet and

Basic DDH Basic CDH Need for extension Extended CDH Extended DDH Conclusion The computational and decisional Diffie-Hellman assumptions in CryptoVerif Bruno Blanchet and David Pointcheval CNRS, Ecole Normale Sup erieure, INRIA, Paris

226 views • 22 slides
Classification of finite semigroups and categories using computational methods Najwa Ghannoum W.

Classification of finite semigroups and categories using computational methods Najwa Ghannoum W.

Classification of finite semigroups and categories using computational methods Najwa Ghannoum W. Fussner, T. Jakl, and C. Simpson Universit Cte dAzur LJAD AITP 2020 September 16, 2020 1 / 31 Content 1 Background Motivations

687 views • 40 slides
Computational single-cell classification using deep learning on bright-field and phase images Nan

Computational single-cell classification using deep learning on bright-field and phase images Nan

Computational single-cell classification using deep learning on bright-field and phase images Nan Meng, Hayden K.-H. So, Edmund Y. Lam Imaging Systems Laboratory, Department of Electrical and Electronic Engineering, University of Hong Kong

572 views • 23 slides
Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Class Website CX4242: Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer, Computational Science and Engineering, Georgia Tech Visualizing Classification Performance Confusion matrix

147 views • 13 slides
Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using Graphs Graph classification Direct Product Kernel Predictive Toxicology example dataset Vertex classification Laplacian Kernel

605 views • 33 slides
A Semi-supervised Type-based Classification of Adjectives: Distinguishing Properties and Relations

A Semi-supervised Type-based Classification of Adjectives: Distinguishing Properties and Relations

Background & Motivation Annotation Experiment Automatic Classification Conclusions A Semi-supervised Type-based Classification of Adjectives: Distinguishing Properties and Relations Matthias Hartung Anette Frank Computational Linguistics

681 views • 21 slides
1 Classification by Control Structure Classification by Memory Organization e.g.

1 Classification by Control Structure Classification by Memory Organization e.g.

Traditional Use of Parallel Computing: 732A54 Big Data Analytics Large-Scale HPC Applications High Performance Computing (HPC) Much computational work (in FLOPs, floatingpoint operations) Introduction to Often, large data sets

448 views • 11 slides
Computational Models for Attribute Meaning in Adjectives and Nouns Matthias Hartung

Computational Models for Attribute Meaning in Adjectives and Nouns Matthias Hartung

Computational Models for Attribute Meaning in Adjectives and Nouns Matthias Hartung Computational Linguistics Department Heidelberg University September 30, 2011 Arlington, VA Outline Introduction Word Level: Adjective Classification

837 views • 38 slides
Outline 1. What are philosophical assumptions and Philosophical Paradigms in why should we give

Outline 1. What are philosophical assumptions and Philosophical Paradigms in why should we give

19/04/2018 Outline 1. What are philosophical assumptions and Philosophical Paradigms in why should we give them attention? Social Research 2. Praxiological assumptions 3. Ontological assumptions 4. Epistemological assumptions Martyn

346 views • 8 slides
A Deeper Look into Web-based Classification of Music Artists Peter Knees, Markus Schedl, Tim

A Deeper Look into Web-based Classification of Music Artists Peter Knees, Markus Schedl, Tim

A Deeper Look into Web-based Classification of Music Artists Peter Knees, Markus Schedl, Tim Pohle Department of Computational Perception Johannes Kepler University Linz, Austria Overview Artist Classification with Web-based Data

721 views • 18 slides
Classification James H. Steiger Department of Psychology and Human Development Vanderbilt

Classification James H. Steiger Department of Psychology and Human Development Vanderbilt

Introduction The Linear Classification Function Quadratic Classification Functions Estimating Misclassification Rates Bias in Error Rate Estimation Error Rates in Variable Selection Classification via the k Nearest Neighbor Rule Classification

417 views • 31 slides
W t k, ) - Lic otrzwilikkg Acrfiv: etw AvE cc161 (0- O txt C4--o z 2- 1Z: 1

W t k, ) - Lic otrzwilikkg Acrfiv: etw AvE cc161 (0- O txt C4--o z 2- 1Z: 1

PtivrpAtz = r-cx- KE0. IA Pace_ W t k, ) - Lic otrzwilikkg Acrfiv: etw AvE cc161 (0- O txt C4--o z 2- 1Z: 1 Likurts-c L sm-mkk vkLut. ts 0 IT1 MAI. 09

998 views • 33 slides
Outline for Today Friday, Sept. 28 Chapter 4: Aqueous Reactions and Solution Stoichiometry

Outline for Today Friday, Sept. 28 Chapter 4: Aqueous Reactions and Solution Stoichiometry

Outline for Today Friday, Sept. 28 Chapter 4: Aqueous Reactions and Solution Stoichiometry Precipitation Reactions Acid-Base Reactions Reduction-Oxidation Reactions On your note card, take 2 minutes to write: Name What are

251 views • 8 slides
Mo dication to Views Via T riggers Oracle allo ws us to \in tercept" a mo

Mo dication to Views Via T riggers Oracle allo ws us to \in tercept" a mo

Mo dication to Views Via T riggers Oracle allo ws us to \in tercept" a mo dication to a view through an instead-of trigger. Example Likes(drinker , beer ) Sells(bar , beer , price) Frequents(drinker ,

302 views • 17 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (April 13, 2000 6:35 pm) I E S R

UMBC A B M A L T F O U M B C I M Y O R T 1 (April 13, 2000 6:35 pm) I E S R

Advanced VLSI Design VLSI Simulation CMPE 414/CMSC 691x Overview Design Automation is essential in dealing with the complexity of IC design and verification. There are a wide range of tools available: Analysis and verification tools to

388 views • 16 slides
Surprising thermoelectric effects in Ionic Liquid /redox-couple mixtures Edith Laux, Laure

Surprising thermoelectric effects in Ionic Liquid /redox-couple mixtures Edith Laux, Laure

Lead Dr. S. Nakamae CEA Surprising thermoelectric effects in Ionic Liquid /redox-couple mixtures Edith Laux, Laure Jeandupeux, Alexandra Kaempfer-Homsy and Herbert Keppner Magenta consortium Outline: General aspects of generators, examples

471 views • 44 slides
Rapid and in situ analysis of metal concentrations in agricultural fields in San Juan County

Rapid and in situ analysis of metal concentrations in agricultural fields in San Juan County

All About Discovery! New Mexico State University nmsu.edu Rapid and in situ analysis of metal concentrations in agricultural fields in San Juan County using Portable X ray fluorescence (PXRF) Gaurav Jha Department of Plant and

536 views • 34 slides
tt r stt

tt r stt

tt r stt tr r s s t rt

490 views • 20 slides
L q be the determined by that of C . The following example suggests that vector space of n -tuples

L q be the determined by that of C . The following example suggests that vector space of n -tuples

JOURNAL OF L A T EX CLASS FILES, VOL. 1, NO. 11, NOVEMBER 2002 1 A Classication of Posets admitting MacWilliams Identity Hyun Kwang Kim and Dong Yeol Oh Remark : If P is an antichain, then P -metric is equal to Abstract In this paper

329 views • 7 slides

More recommend