Adaptive Oblivious Transfer And Generalization Olivier Blazy, C - PowerPoint PPT Presentation

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C´ eline Chevalier, Paul Germouty December 5, 2016 O. Blazy, C. Chevalier, P . Germouty December 5, 2016 1 / 31

Oblivious Transfer 1 OLBE: A Natural Generalization 2 Adaptive Oblivious Transfer 3 What To Remember 4 O. Blazy, C. Chevalier, P . Germouty December 5, 2016 2 / 31

Oblivious Transfer 1 OLBE: A Natural Generalization 2 Adaptive Oblivious Transfer 3 What To Remember 4 O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 3 / 31

Oblivious Transfer O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 4 / 31

Oblivious Transfer Server DB 1 DB 2 ... DB n O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 4 / 31

Oblivious Transfer Recipient Server Request( i ) DB 1 DB 2 ... DB n O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 4 / 31

Oblivious Transfer Recipient Server Request( i ) DB 1 DB i DB 2 ... DB n O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 4 / 31

Oblivious Transfer Recipient Server Request( i ) DB 1 DB i DB 2 ... DB n Privacy: S shouldn’t know i and R shouldn’t have any information about other lines. O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 4 / 31

Identity Based Encryption O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 5 / 31

Identity Based Encryption Alice O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 5 / 31

Identity Based Encryption Bob Alice O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 5 / 31

Identity Based Encryption mpk , Bob, m → C C Bob Alice O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 5 / 31

Identity Based Encryption mpk , Bob, m → C C Bob Alice usk [ Bob ] , C → m O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 5 / 31

Identity Based Key Encapsulation Mechanism Gen ( param ) : generates ( mpk , msk ) USKGen ( msk , id ) : computes usk [ id ] Enc ( mpk , id ) : encrypts a key K into C Dec ( usk [ id ] , C ) : decrypts C into K O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 6 / 31

UC-framework and Security Model O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 7 / 31

UC-framework and Security Model Ideal functionality vs real world O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 7 / 31

UC-framework and Security Model Ideal functionality vs real world Adaptive corruptions: the adversary can ask for internal state of the recipient at any moment and then play his role. O. Blazy, C. Chevalier, P . Germouty Oblivious Transfer December 5, 2016 7 / 31

Oblivious Transfer 1 OLBE: A Natural Generalization 2 Adaptive Oblivious Transfer 3 What To Remember 4 O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 8 / 31

The Oblivious Signature Based Envelope Protocol Server Info O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 9 / 31

The Oblivious Signature Based Envelope Protocol Recipient Server C =Commit( σ ; ρ ) Info O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 9 / 31

The Oblivious Signature Based Envelope Protocol Recipient Server C =Commit( σ ; ρ ) ⊕ Mask Info Info ⊕ Mask O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 9 / 31

The Oblivious Signature Based Envelope Protocol Recipient Server C =Commit( σ ; ρ ) ⊕ Mask Info Info ⊕ Mask ⊕ Mask Info O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 9 / 31

The Oblivious Signature Based Envelope Protocol Recipient Server C =Commit( σ ; ρ ) ⊕ Mask Info Info ⊕ Mask ⊕ Mask Info Mask computable for the user if and only if C is a commitment of σ O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 9 / 31

How To Do So: Commitment O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 10 / 31

How To Do So: Commitment Commitment: Setup KeyGen Commit Decommit O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 10 / 31

How To Do So: Commitment Commitment: Properties: Setup Extractable KeyGen Equivocable Commit Decommit O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 10 / 31

How To Do So: Commitment Commitment: Properties: Setup Extractable KeyGen Equivocable Commit Decommit Example: Encryption, Chameleon Hash Function: ( KeyGen , CH , Coll ) O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 10 / 31

How To Do So: Commitment Commitment: Properties: Setup Extractable KeyGen Equivocable Commit Decommit Example: Encryption, Chameleon Hash Function: ( KeyGen , CH , Coll ) If CH ( ck , m ; r ) = H then coll ( ck , tk , H ; m ′ ) = r ′ s. t. CH ( ck , m ′ ; r ′ ) = H O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 10 / 31

How To Do So: Smooth Projective Hash Function Functions over a set X and L ⊂ X O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 11 / 31

How To Do So: Smooth Projective Hash Function Functions over a set X and L ⊂ X HashKG ( L , param ) → hk O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 11 / 31

How To Do So: Smooth Projective Hash Function Functions over a set X and L ⊂ X HashKG ( L , param ) → hk ProjKG ( hk , ( L , param ) , W ) → hp O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 11 / 31

How To Do So: Smooth Projective Hash Function Functions over a set X and L ⊂ X HashKG ( L , param ) → hk ProjKG ( hk , ( L , param ) , W ) → hp Hash ( hk , ( L , param ) , W ) → H ∈ G O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 11 / 31

How To Do So: Smooth Projective Hash Function Functions over a set X and L ⊂ X HashKG ( L , param ) → hk ProjKG ( hk , ( L , param ) , W ) → hp Hash ( hk , ( L , param ) , W ) → H ∈ G ProjHash ( hp , ( L , param ) , W, w ) → H ′ ∈ G O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 11 / 31

How To Do So: Smooth Projective Hash Function Functions over a set X and L ⊂ X HashKG ( L , param ) → hk ProjKG ( hk , ( L , param ) , W ) → hp Hash ( hk , ( L , param ) , W ) → H ∈ G ProjHash ( hp , ( L , param ) , W, w ) → H ′ ∈ G Hash ( hk , ( L , param ) , W ) = ProjHash ( hp , ( L , param ) , W, w ) . If w is a witness for W ∈ L . O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 11 / 31

Properties Of SPHF Smoothness: If W / ∈ L nobody can distinguish a hashed value from a random one. O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 12 / 31

Properties Of SPHF Smoothness: If W / ∈ L nobody can distinguish a hashed value from a random one. Pseudo-Randomness: Without w , if W ∈ L it is hard to distinguish a hashed value from a random one. O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 12 / 31

A Simple Example Of SPHF Here param contains ( g, h ) ∈ G O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 13 / 31

A Simple Example Of SPHF Here param contains ( g, h ) ∈ G L = { ( g 1 , h 1 ) |∃ α ∈ Z p , g 1 = g α ∧ h 1 = h α } , w = α . O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 13 / 31

A Simple Example Of SPHF Here param contains ( g, h ) ∈ G L = { ( g 1 , h 1 ) |∃ α ∈ Z p , g 1 = g α ∧ h 1 = h α } , w = α . hk = ( λ, µ ) ∈ Z 2 p O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 13 / 31

A Simple Example Of SPHF Here param contains ( g, h ) ∈ G L = { ( g 1 , h 1 ) |∃ α ∈ Z p , g 1 = g α ∧ h 1 = h α } , w = α . hk = ( λ, µ ) ∈ Z 2 p hp = g λ h µ O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 13 / 31

A Simple Example Of SPHF Here param contains ( g, h ) ∈ G L = { ( g 1 , h 1 ) |∃ α ∈ Z p , g 1 = g α ∧ h 1 = h α } , w = α . hk = ( λ, µ ) ∈ Z 2 p hp = g λ h µ 1 h µ H = g λ 1 O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 13 / 31

A Simple Example Of SPHF Here param contains ( g, h ) ∈ G L = { ( g 1 , h 1 ) |∃ α ∈ Z p , g 1 = g α ∧ h 1 = h α } , w = α . hk = ( λ, µ ) ∈ Z 2 p hp = g λ h µ 1 h µ H = g λ 1 H ′ = hp α O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 13 / 31

SPHF And Implicit Decommitment Achieving OSBE Server Info O. Blazy, C. Chevalier, P . Germouty OLBE: A Natural Generalization December 5, 2016 14 / 31

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C - PowerPoint PPT Presentation

Adaptive Oblivious Transfer And Generalization Olivier Blazy, C eline Chevalier, Paul Germouty December 5, 2016 O. Blazy, C. Chevalier, P . Germouty December 5, 2016 1 / 31 Oblivious Transfer 1 OLBE: A Natural Generalization 2 Adaptive

Adaptive Garbled RAM from Adaptive Garbled RAM from Laconic Oblivious Transfer Sanjam Garg

A Framework for Efficient and Composable Oblivious Transfer Chris Peikert 1 Vinod Vaikuntanathan

Generic Construction of UC-Secure Oblivious Transfer O. Blazy , C.Chevalier O. Blazy (Xlim)

ON THE FEASIBILITY OF EXTENDING OBLIVIOUS TRANSFER Yehuda Lindell Yehuda Lindell Hila Zarosim

SFE: Yaos Garbled Circuit Oblivious Transfer IDEAL World Pick one out of two, without

Constant-Rate Oblivious Transfer from Noisy Channels Yuval I shai Eyal K ushilevitz Rafail O

Optimistic Fair Priced Oblivious Transfer A. Rial B. Preneel Katholieke Universiteit Leuven -

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

The Simplest Protocol for Oblivious Transfer Tung Chou Technische Universiteit Eindhoven, The

k -Round Multiparty Computation from k -Round Oblivious Transfer via Garbled Interactive Circuits

Experimental realisation of quantum oblivious transfer Ryan Amiri 1 , Robert Strek 2 , Michal

Two Round Oblivious Transfer from CDH or LPN Eurocrypt 2020 Nico Dttling Sanjam Garg Mohammad

July 23, 2016 STM 2016 Outline Background Additively homomorphic encryption Beacon

Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki

Statistical Zaps and New Oblivious Transfer Protocols Vipul Goyal Abhishek Jain Zhengzhong Jin

The generalized correlated sampling approach: toward an exact calculation of energy derivatives

Liberty Mutual Group PEBELS: Policy Exposure Based Excess Loss Smoothing Marquis J. Moehring

Robustness and Generalization Huan Xu The University of Texas at Austin Department of Electrical

Language as an Abstraction for Hierarchical Deep Reinforcement Learning Paper Authors: Yiding

Generalization of Factor Graphs and Belief Propagation for Quantum Information Science

On the Generalization of Dedekind Modules Indah Emilia Wijayanti Department of Mathematics,

FROM FINITELY GENERATED PROJECTIVE MODULES TO A GENERALIZATION OF SERRE-SWAN-MALLIOS THEOREM

Understanding Deep Learning Nati Srebro (TTIC) Based on joint work with Behnam Neyshabur (TTIC