adaptively secure succinct garbled ram with persistent
play

Adaptively Secure Succinct Garbled RAM with Persistent Memory Ran - PowerPoint PPT Presentation

Nov 25, 2023 •116 likes •1.28k views

Adaptively Secure Succinct Garbled RAM with Persistent Memory Ran Canetti, Yilei Chen, Justin Holmgren, Mariana Raykova DIMACS workshop MIT Media Lab June 8~10, 2016 1 : June 11, 2016, Boston, heavy snow. 2 : June 11, 2016, Boston, heavy

  1. Starting point: Canetti-Holmgren’s selective secure scheme. High-level idea of the Canetti-Holmgren construction: Garble the CPU-step circuit, encrypt and authenticate the intermediate states, memories. Canetti-Holmgren scheme details: Fixed-transcript => Fixed-access => Fixed-address => Fully secure Indistinguishable as long as q can be different Memory content transc = (q, op) are the same. [encrypt the state] can be different [KLW-technique] [encrypt the data] 58

  2. Starting point: Canetti-Holmgren’s selective secure scheme. High-level idea of the Canetti-Holmgren construction: Garble the CPU-step circuit, encrypt and authenticate the intermediate states, memories. Canetti-Holmgren scheme details: Fixed-transcript => Fixed-access => Fixed-address => Fully secure Indistinguishable as long as q can be different Memory content Hide access transc = (q, op) are the same. [encrypt the state] can be different pattern. [KLW-technique] [encrypt the data] [oram] 59

  3. Starting point: Canetti-Holmgren’s selective secure scheme. High-level idea of the Canetti-Holmgren construction: Garble the CPU-step circuit, encrypt and authenticate the intermediate states, memories. Canetti-Holmgren scheme details: Fixed-transcript => Fixed-access => Fixed-address => Fully secure Indistinguishable as long as q can be different Memory content Hide access transc = (q, op) are the same. [encrypt the state] can be different pattern. [KLW-technique] [encrypt the data] [oram] 60

  4. Canetti-Holmgren (ITCS16) 61

  5. Canetti-Holmgren (ITCS16) + Zoom-in the core step: 62

  6. Canetti-Holmgren (ITCS16) + Zoom-in the core step: Koppula-Lewko-Waters (STOC15) (iO-friendly) Iterator (iO-friendly) Accumulator (iO-friendly) Splittable signature 63

  7. Canetti-Holmgren (ITCS16) + Zoom-in the core step: Koppula-Lewko-Waters (STOC15) (iO-friendly) Iterator (iO-friendly) Accumulator (iO-friendly) Splittable signature Accumulator iO-friendly Merkle-tree What is written in eprint 2015/1074 64

  8. Canetti-Holmgren (ITCS16) + Zoom-in the core step: Koppula-Lewko-Waters (STOC15) (iO-friendly) Iterator G(D 0 ) (iO-friendly) Accumulator (iO-friendly) Splittable signature e z i l a i t i n i Accumulator iO-friendly Merkle-tree What is written in eprint 2015/1074 65

  9. Canetti-Holmgren (ITCS16) + Zoom-in the core step: Koppula-Lewko-Waters (STOC15) (iO-friendly) Iterator G(D 0 ) (iO-friendly) Accumulator (iO-friendly) Splittable signature e z i l a i t i n i G(P i+1 ) e t a c t i n e h t u A Accumulator iO-friendly Merkle-tree key What is written in eprint 2015/1074 66

  10. Canetti-Holmgren (ITCS16) + Zoom-in the core step: Koppula-Lewko-Waters (STOC15) (iO-friendly) Iterator G(D 0 ) (iO-friendly) Accumulator (iO-friendly) Splittable signature e z i l a i t i n i G(P i+1 ) e t a c t i n e h t u A Accumulator iO-friendly Merkle-tree key update G(D i+1 ) What is written in eprint 2015/1074 67

  11. Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator 68

  12. Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. #Merkletree 69

  13. Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. #Merkletree 70

  14. Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. #Merkletree 71

  15. Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. #Merkletree 72

  16. y* Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. - Enforcement (iO-friendly property): there’s only one preimage x* of the current root value y*. x* #Merkletree 73

  17. y* Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. - Enforcement (iO-friendly property): there’s only one preimage x* of the current root value y*. Impossible information theoretically. x* #Merkletree 74

  18. y* Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. - Enforcement (iO-friendly property): there’s only one preimage x* of the current root value y*. Impossible information theoretically. x* #Merkletree KLW’s computational enforcement: Normal.Gen( )->H Enforce.Gen( x*, y*)->H*, H ≈ H* 75

  19. y* Canetti-Holmgren (ITCS16) + Zoom-in the core step: ++ Zoom-in the accumulator Properties needed for the Accumulator - Normal property like a Merkle-tree. - Enforcement (iO-friendly property): there’s only one preimage x* of the current root value y*. Impossible information theoretically. x* #Merkletree KLW’s computational enforcement: Normal.Gen( )->H Enforce.Gen( x*, y*)->H*, H ≈ H* Alternatively: SSB hashing => [Ananth-Chen-Chung-Lin-Lin] 76

  20. Selective Enforcing Adaptive Enforcing 77

  21. Selective Enforcing Adaptive Enforcing x* <= Adversary 78

  22. Selective Enforcing Adaptive Enforcing x* <= Adversary Gen( ) => H Enforcing(x*, y*) => H* 79

  23. Selective Enforcing Adaptive Enforcing x* <= Adversary Gen( ) => H Gen( ) => H Enforcing(x*, y*) => H* 80

  24. Selective Enforcing Adaptive Enforcing x* <= Adversary Gen( ) => H x* <= Adversary(H) Gen( ) => H Enforcing(x*, y*) => H* 81

  25. Selective Enforcing Adaptive Enforcing x* <= Adversary Gen( ) => H x* <= Adversary(H) Gen( ) => H Enforcing(x*, y*) => H* Enforcing(x*, y*) => H* 82

  26. Selective Enforcing Adaptive Enforcing x* <= Adversary Gen( ) => H x* <= Adversary(H) Gen( ) => H Enforcing(x*, y*) => H* Enforcing(x*, y*) => H* ( … wait, what?) 83

  27. #Mindblowing 84

  28. Fact I Can separate the key 85

  29. key = hk + vk G(D 0 ) e z i l a i t i n i G(P i+1 ) e t a c t i n e h t u A Accumulator iO-friendly Merkle-tree key update G(D i+1 ) What is written in eprint 2015/1074 86

  30. key = hk + vk G(D 0 ) hk e z i l a i t i n i G(P i+1 ) e t a c t i n e h t u A Accumulator vk iO-friendly Merkle-tree key update G(D i+1 ) hk What is written in eprint 2015/1074 87

  31. Adaptive Enforcing hk 88

  32. Adaptive Enforcing hk x* <= Adversary( hk ) 89

  33. Adaptive Enforcing hk x* <= Adversary( hk ) ≈ vk vk*(x*) 90

  34. Fact II If you believe diO ... 91

  35. Adaptive Enforcing key = hk + vk 92

  36. Adaptive Enforcing key = hk + vk hk always_hk_Gen( ) -> hk := CRHF key h 93

  37. Adaptive Enforcing key = hk + vk hk x* <= Adversary(H) always_hk_Gen( ) -> hk := CRHF key h 94

  38. Adaptive Enforcing key = hk + vk hk x* <= Adversary(H) vk always_hk_Gen( ) -> hk := CRHF key h normal_vk_Gen( ) -> vk vk(x,y) = diO( if h(x)=y, output 1; else: output 0 ) 95

  39. Adaptive Enforcing key = hk + vk hk x* <= Adversary(H) ≈ vk vk*(x*) always_hk_Gen( ) -> hk := CRHF key h normal_vk_Gen( ) -> vk vk(x,y) = diO( if h(x)=y, output 1; else: output 0 ) enforce_vk_Gen( x*, y* ) -> vk* vk*(x,y) = diO( if y!=y* and h(x)=y, output 1; Elseif y=y* and x=x*, output 1; Else: output 0 ) 96

  40. Fact III: If you don’t believe diO, can still do this with iO. 97

  41. From iO + preimage-bounded CRHF: c-to-1 CRHF can be constructed from discrete-log or factoring 98

  42. From iO + preimage-bounded CRHF: c-to-1 CRHF can be constructed from discrete-log or factoring enforce_vk( x*, y* ) -> vk* vk*(x,y) = diO( if y!=y* and h(x)=y, output 1; Elseif y=y* and x=x*, output 1; Else: output 0 ) 99

  43. From iO + preimage-bounded CRHF: c-to-1 CRHF can be constructed from discrete-log or factoring enforce_vk( x*, y* ) -> vk* vk*(x,y) = diO( if y!=y* and h(x)=y, output 1; Elseif y=y* and x=x*, output 1; Else: output 0 ) By diO-iO equivalence lemma [ Boyle-Chung-Pass ‘14 ]: “ If f1 and f2 differ only on polynomially many input-output values, and they are hard to find, then iO(f1) ≈ iO(f2) ” 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Compact Adaptively Secure ABE from -Lin: Beyond NC 1 and Towards NL Huijia (Rachel) Lin and

Compact Adaptively Secure ABE from -Lin: Beyond NC 1 and Towards NL Huijia (Rachel) Lin and

Compact Adaptively Secure ABE from -Lin: Beyond NC 1 and Towards NL Huijia (Rachel) Lin and Ji Luo 1 / 42 Attribute-Based Encryption [SW05] Setup mpk, msk KeyGen msk, sk policy Compact: ct = sk Expressive:

585 views • 42 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit

Adaptively Secure Multi-Party Computation with Dishonest Majority Sanjam Garg Amit Sahai UCLA Secure Multiparty Computation A set of mutually distrustful parties (n) wish to compute a joint function of their private inputs

309 views • 16 slides
Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work

Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work

Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption by Pratish Datta 1 joint work with Tatsuaki Okamoto 1 and Katsuyuki Takashima 2 1 NTT Secure Platform Laboratories 3-9-11 Midori-cho, Musashino-shi, Tokyo, 180-8585 Japan 2

611 views • 29 slides
Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng Zhou University of Connecticut Joint work with Juan Garay (AT&amp;T) and Daniel Wichs (NYU) CRYPTO 2009 Outline Background New Approach

789 views • 36 slides
Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation

Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation

Hashing Garbled Circuits for Free Xiong Fan, Chaya Ganesh and Vladimir Kolesnikov Motivation Garbled circuits (GC) main technique for secure computation Motivation Garbled circuits (GC) main technique for secure computation Primitive in

2k views • 188 slides
O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN

O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN

O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN Bernardo David Peter Gai Aggelos Kiayias Alexander Russell Tokyo Tech IOHK U. Edinburgh U. Connecticut &amp; IOHK &amp; IOHK Eurocrypt 2018

864 views • 60 slides
Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW &amp; BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Computation Using Garbled Circuits Yan Huang David Evans Jonathan Katz Lior Malka

Computation Using Garbled Circuits Yan Huang David Evans Jonathan Katz Lior Malka

Faster Secure Two-Party Computation Using Garbled Circuits Yan Huang David Evans Jonathan Katz Lior Malka www.MightBeEvil.com Secure Two-Party Computation Bobs Genome: ACTG Alices Genome: ACTG Markers (~1000): *0,1, , 0+

588 views • 30 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
SecPM: a Secure and Persistent Memory System for Non-volatile Memory Pengfei Zuo, Yu Hua Huazhong

SecPM: a Secure and Persistent Memory System for Non-volatile Memory Pengfei Zuo, Yu Hua Huazhong

SecPM: a Secure and Persistent Memory System for Non-volatile Memory Pengfei Zuo, Yu Hua Huazhong University of Science and Technology, China 10th USENIX Workshop on Hot Topics in Storage and File Systems (HotStorage18) Persistence Issue

577 views • 26 slides
Computation in Cryptography Examples: Multiparty Computation (MPC) Non-interactive Zero

Computation in Cryptography Examples: Multiparty Computation (MPC) Non-interactive Zero

Crypto for PRAM from iO ( via Succinct Garbled PRAM) Kai-Min Chung Academia Sinica, Taiwan Joint work with: Yu-Chi Chen, Sherman S.M. Chow, Russell W.F. Lai, Wei-Kai Lin, Hong-Sheng Zhou Computation in Cryptography Examples: Multiparty

382 views • 34 slides
In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of

In-memory processing of big data via succinct data structures Rajeev Raman University of Leicester SDP Workshop, University of Cambridge Introduction Succinct Data Structuring Succinct Tries Applications &amp; Libraries End Overview

321 views • 18 slides
Zero Knowledge Succinct Arguments: an Introduction Alessandro Chiesa UC Berkeley 1 Motivation

Zero Knowledge Succinct Arguments: an Introduction Alessandro Chiesa UC Berkeley 1 Motivation

Zero Knowledge Succinct Arguments: an Introduction Alessandro Chiesa UC Berkeley 1 Motivation 2 3 cryptography is a powerful tool for building secure systems 3 cryptography is a powerful tool for building secure systems much of the

2.47k views • 194 slides
SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei

SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei

SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei Zuo 1,2 , Yu Hua 1 , Yuan Xie 2 1 Huazhong University of Science and Technology, China 2 University of California at Santa Barbara, USA 52nd IEEE/ACM

494 views • 33 slides
Multifamily Solar Technical Assistance Services Offering About GRID Alternatives Nations

Multifamily Solar Technical Assistance Services Offering About GRID Alternatives Nations

Multifamily Solar Technical Assistance Services Offering About GRID Alternatives Nations Largest Solar Non-Profit 13 Regional Offices Across the US (CA, CO, NY/Tri-State, DC/Mid-Atlantic) Total of 24 megawatts of solar installed

150 views • 12 slides
Insightful Automatic Performance Modeling Software Alexandru Calotoiu 1 , Torsten Hoefler 2 ,

Insightful Automatic Performance Modeling Software Alexandru Calotoiu 1 , Torsten Hoefler 2 ,

VIRTUAL INSTITUTE HIGH PRODUCTIVITY SUPERCOMPUTING Insightful Automatic Performance Modeling Software Alexandru Calotoiu 1 , Torsten Hoefler 2 , Martin Schulz 3 , Sergei Shudler 1 and Felix Wolf 1 1 TU Darmstadt , 2 ETH Zrich , 3 Lawrence

342 views • 22 slides
Installation and Configuration of HTCondor from (our) Repositories Tim Theisen Terminology

Installation and Configuration of HTCondor from (our) Repositories Tim Theisen Terminology

Installation and Configuration of HTCondor from (our) Repositories Tim Theisen Terminology Personal HTCondor (narrower definition) Single node HTCondor Runs under a user account Mini-HTCondor (new term) Single node

440 views • 15 slides
1A68 SIMPLEX Specifications Silent Soft-Closing Undermount Slide (16mm) Length: 250mm to

1A68 SIMPLEX Specifications Silent Soft-Closing Undermount Slide (16mm) Length: 250mm to

Undermount Slides 1A68 SIMPLEX Specifications Silent Soft-Closing Undermount Slide (16mm) Length: 250mm to 600mm Travel: Full Extension Maximum Drawer Side Thickness: 16mm Max. Load Capacity: 45 kg(100 lb)/pair Mount:

285 views • 4 slides
Student installation of TinyOS TinyOs install Automatic

Student installation of TinyOS TinyOs install Automatic

Jan.12, 2014 Author: Rahav Dor Student installation of TinyOS TinyOs install Automatic installation

340 views • 7 slides
Today Goals: Install the Java JDK Compiling and debugging Java programs at the command

Today Goals: Install the Java JDK Compiling and debugging Java programs at the command

Today Goals: Install the Java JDK Compiling and debugging Java programs at the command line Reading compiler error messages Generating Javadoc at the command line Submit Lab 1 If you have time (next slides): Install

404 views • 4 slides
Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM,

Secure Instant Messaging Mike Davis, phar@stonedcoder.org Introduction Brief History of IM, and attacks against it How IM is being used today, and why these uses make strong security essential Current problems and examples To-do

258 views • 23 slides
feature integration Jonathan Du IAT 334 Matthew Fong Spring D103 301236539 2016 301229072

feature integration Jonathan Du IAT 334 Matthew Fong Spring D103 301236539 2016 301229072

feature integration Jonathan Du IAT 334 Matthew Fong Spring D103 301236539 2016 301229072 Brief Recap board list of Trello project management card kanban boards deadlines checklists planning organization team collaboration

548 views • 25 slides

More recommend