Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic - - PowerPoint PPT Presentation

adaptive garbled ram from adaptive garbled ram from
SMART_READER_LITE
LIVE PREVIEW

Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic - - PowerPoint PPT Presentation

Nov 03, 2022 118 likes •328 views

Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic Oblivious Transfer Sanjam Garg Sanjam Garg Rafail Ostrovsky Rafail Ostrovsky Akshayaram Srinivasan Akshayaram Srinivasan UC Berkeley UCLA UC Berkeley Crypto 2018 Garbled RAM

slide-1
SLIDE 1

Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic Oblivious Transfer

Sanjam Garg Rafail Ostrovsky Akshayaram Srinivasan Sanjam Garg UC Berkeley Rafail Ostrovsky UCLA Akshayaram Srinivasan UC Berkeley

Crypto 2018

slide-2
SLIDE 2

Garbled RAM

Lu-Ostrovsky 13

Long line of work [LO13, GHLOW14, GLOS15, GLO15, LO17]

Selective Security

slide-3
SLIDE 3

Adaptive Garbled RAM

[Canetti-Chen-Holmgren-Raykova16, Ananth-Chen-Chung-Lin-Lin16]

Can we construct Adaptive Garbled RAM from standard

Prior constructions were either in the random oracle model [BHR12] or based on indistinguishability obfuscation [CCHR16, ACCLL16]

Can we construct Adaptive Garbled RAM from standard assumptions?

slide-4
SLIDE 4

Why is Adaptive GRAM important?

Motivated by the study of Adaptive Garbled Circuits [BHR12,BGG+14,HJO+16,JW16,JKK+17,JSW17,GS18] Applications: One-time programs[GKR08], Online-offline 2PC[LR14], Verifiable Computation[GGP10], Adaptive Compact FE[AS16]

slide-5
SLIDE 5

Our Results

slide-6
SLIDE 6

Adaptive GRAM from Laconic OT

Theorem: There exists a construction of Adaptive GRAM from Laconic Oblivious Transfer. Corollary [CDG+16,DG17,BLSV18,DGHM18]: There exists a construction of Adaptive GRAM based on CDH/Factoring/LWE. construction of Adaptive GRAM based on CDH/Factoring/LWE.

slide-7
SLIDE 7

Rest of the talk

  • Starting Point: Adaptive Garbled Circuits [Garg-S 18]
  • Challenges in Extending to the RAM setting
  • How to overcome the challenges?
slide-8
SLIDE 8

Adaptive Garbled Circuits [Garg-S 18]

slide-9
SLIDE 9

Alternate View of a Boolean Circuit

slide-10
SLIDE 10

Garbling Step Circuits

Access the database via Laconic OT

slide-11
SLIDE 11

Updatable Laconic Oblivious Transfer

[Cho-Dottling-Garg-Gupta-Miao-Polychroniadou 17]

Database D Theorem[CDG+16,DG17,BLSV18,DGHM18]: Assuming CDH/Factoring/LWE, there exists a construction of updatable laconic OT.

slide-12
SLIDE 12

Using Laconic OT to access the database

slide-13
SLIDE 13

Challenges in the RAM setting

Challenge-1: How to

Access the database via Laconic OT

Challenge-1: How to protect the database? Challenge-2: How to protect the access pattern?

In the adaptive setting, more sophisticated tools are

In the selective setting [GHLOW14], transforming from unprotected memory access to full security is done via a ORAM scheme and symmetric encryption.

In the adaptive setting, more sophisticated tools are needed.

slide-14
SLIDE 14

Protecting the Database

slide-15
SLIDE 15

Prior Approaches: Location based Encryption

Access the database via Laconic OT

slide-16
SLIDE 16

[GS18]- Hybrid Argument

Real World: Hyb 1: Hyb 2: Hyb 3: K K K K K K K K

Puncturing affects efficiency. Circularity assumptions.

Ideal World: Hyb 3: . . .

Puncturing affects efficiency.

slide-17
SLIDE 17

Our Approach: Timed Encryption

Theorem: There is a construction of timed Encryption from one-way functions.

slide-18
SLIDE 18

Using Timed Encryption

Access the database via Laconic OT

slide-19
SLIDE 19

Revisiting the Hybrid Argument

Real World: Hyb 1: k[1] k[2] k[3] k[4] k[5] k[6] k[7] k[8] Ideal World:

slide-20
SLIDE 20

Conclusion

  • We give a construction of Adaptive Garbled RAM from

CDH/Factoring/LWE. CDH/Factoring/LWE.

  • We obtain the first O(1) round malicious MPC for RAM programs in

the persistent setting from standard assumptions.

  • Open question: Can we remove public-key assumptions?

Thank you!

https://eprint.iacr.org/2018/549