anonymous ibe leakage resilience and circular security
play

Anonymous IBE, Leakage Resilience and Circular Security from New - PowerPoint PPT Presentation

Apr 10, 2024 •355 likes •1.01k views

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan Identity-Based Encryption [Sha84, BF03, Coc01] Identity-Based Encryption [Sha84, BF03, Coc01]

  1. Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan

  2. Identity-Based Encryption [Sha84, BF03, Coc01]

  3. Identity-Based Encryption [Sha84, BF03, Coc01]

  4. Identity-Based Encryption [Sha84, BF03, Coc01] To Bob:

  5. Identity-Based Encryption [Sha84, BF03, Coc01] Ciphertext may reveal Bob’s identity To Bob:

  6. Anonymous Identity-Based Encryption [BCOP04] To Bob:

  7. Constructions of IBE Reference Assumption RO? Anonymous? Boneh-Franklin Bilinear Maps Yes Yes Cocks QR Yes No Boneh-Gentry- QR Yes Yes Hamburg + Crescenzo-Saraswat Boneh-Boyen Bilinear Maps No No Boyen-Waters Bilinear Maps No Yes + Gentry Gentry-Peikert- LWE Yes Yes Vaikuntanathan Cash-Hofheinz-Kiltz- LWE No Yes Peikert + Agrawal-Boneh- Boyen

  8. A “Postmodern” Construction of IBE

  9. A “Postmodern” Construction of IBE • [DG17a] Non-black-box construction of IBE from CDH (implied by both DDH and Factoring) • New primitive: Chameleon Encryption

  10. A “Postmodern” Construction of IBE • [DG17a] Non-black-box construction of IBE from CDH (implied by both DDH and Factoring) • New primitive: Chameleon Encryption Questions

  11. A “Postmodern” Construction of IBE • [DG17a] Non-black-box construction of IBE from CDH (implied by both DDH and Factoring) • New primitive: Chameleon Encryption Questions • What about anonymity? [DG] is not anonymous. • IBE from more assumptions? Generic assumptions?

  12. This Work

  13. This Work • Notions/Tools • Compactness of IBE (“weak IBE” full IBE) • Batch Encryption (from which we construct “weak IBE”) • Blindness (to help obtain Anonymous IBE)

  14. This Work • Notions/Tools • Compactness of IBE (“weak IBE” full IBE) • Batch Encryption (from which we construct “weak IBE”) • Blindness (to help obtain Anonymous IBE) • More from CDH : Anonymous IBE from CDH

  15. This Work • Notions/Tools • Compactness of IBE (“weak IBE” full IBE) • Batch Encryption (from which we construct “weak IBE”) • Blindness (to help obtain Anonymous IBE) • More from CDH : Anonymous IBE from CDH • IBE from More : IBE from a variant of the LPN assumption

  16. This Work • Notions/Tools • Compactness of IBE (“weak IBE” full IBE) • Batch Encryption (from which we construct “weak IBE”) • Blindness (to help obtain Anonymous IBE) • More from CDH : Anonymous IBE from CDH • IBE from More : IBE from a variant of the LPN assumption • Leakage-Resilient and KDM secure public key encryption from CDH and LPN

  17. This Work • Notions/Tools • Compactness of IBE (“weak IBE” full IBE) * • Batch Encryption (from which we construct “weak IBE”) • Blindness (to help obtain Anonymous IBE) • More from CDH : Anonymous IBE from CDH * • IBE from More : IBE from a variant of the LPN assumption • Leakage-Resilient and KDM secure public key encryption from CDH and LPN * Also in concurrent work [DGHM18]

  18. Outline • A blueprint for constructing IBE • Batch Encryption • Blindness and Anonymous IBE

  19. A Blueprint for Constructing IBE

  20. A Blueprint for Constructing IBE “IBE” Schemes (supporting T identities) Primitive |mpk| |ct| |sk| Full IBE

  21. A Blueprint for Constructing IBE “IBE” Schemes (supporting T identities) Primitive |mpk| |ct| |sk| Trivial IBE Full IBE

  22. A Blueprint for Constructing IBE “IBE” Schemes (supporting T identities) Primitive |mpk| |ct| |sk| Trivial IBE Weakly Compact IBE Full IBE

  23. A Blueprint for Constructing IBE “IBE” Schemes (supporting T identities) Primitive |mpk| |ct| |sk| Trivial IBE Weakly Compact IBE Full IBE • Theorem: Weakly Compact IBE IBE

  24. A Blueprint for Constructing IBE “IBE” Schemes (supporting T identities) Primitive |mpk| |ct| |sk| Trivial IBE Weakly Compact IBE Full IBE • Theorem: Weakly Compact IBE IBE • Uses ideas from [DG17b] (which obtained adaptively secure IBE from selectively secure IBE)

  25. A Blueprint for Constructing IBE “IBE” Schemes (supporting T identities) Primitive |mpk| |ct| |sk| Trivial IBE Weakly Compact IBE Full IBE • Theorem: Weakly Compact IBE IBE • Uses ideas from [DG17b] (which obtained adaptively secure IBE from selectively secure IBE) • Theorem: “ Batch Encryption” can compress a Trivial IBE scheme into a Weakly Compact IBE scheme

  26. How to construct IBE CDH (LWE) LPN

  27. How to construct IBE Batch Encryption [DG17] (CDH) Step 1 [this work] (LPN) CDH (LWE) LPN

  28. How to construct IBE wIBE Step 2 [this work] Batch Encryption [DG17] (CDH) Step 1 [this work] (LPN) CDH (LWE) LPN

  29. How to construct IBE IBE Step 3 [this work] wIBE Step 2 [this work] Batch Encryption [DG17] (CDH) Step 1 [this work] (LPN) CDH (LWE) LPN

  30. Batch Encryption (taking the “chameleon” out of Chameleon Encryption)

  31. Batch Encryption (taking the “chameleon” out of Chameleon Encryption)

  32. Batch Encryption (taking the “chameleon” out of Chameleon Encryption) • Correctness: for all i . • Security: computationally hidden from Bob.

  33. Batch Encryption (taking the “chameleon” out of Chameleon Encryption) • This is Laconic OT [CDGGMP17] without receiver privacy

  34. Batch Encryption (taking the “chameleon” out of Chameleon Encryption) • This is Laconic OT [CDGGMP17] without receiver privacy • Why is this notion powerful?

  35. Batch Encryption (taking the “chameleon” out of Chameleon Encryption) • This is Laconic OT [CDGGMP17] without receiver privacy • Why is this notion powerful?

  36. Batch Encryption (taking the “chameleon” out of Chameleon Encryption) • Simple black box construction of Leakage-Resilient and KDM secure PKE from Batch Encryption

  37. Constructing Batch Encryption • CDH/Factoring [DG17]. • Hash function is the standard discrete log CRHF. • Encryption is essentially El-Gamal • LWE • Hash function is the standard SIS CRHF. • Encryption is essentially Dual Regev • LPN • CRHF constructed by [BLVW18, YZWGL17] • Encryption is “an LPN analogue to Dual Regev” • Requires noise rate (only quasipolynomially secure)

  38. wIBE from Batch Encryption

  39. wIBE from Batch Encryption • Question: How do you encrypt without the public key? (can’t store T public keys)

  40. wIBE from Batch Encryption • Question: How do you encrypt without the public key? (can’t store T public keys) • Answer: garble the encryption circuit + Batch Encrypt the labels (“Deferred Encryption Paradigm”)

  41. wIBE from Batch Encryption • Question: How do you encrypt without the public key? (can’t store T public keys) • Answer: garble the encryption circuit + Batch Encrypt the labels (“Deferred Encryption Paradigm”)

  42. wIBE from Batch Encryption • Question: How do you encrypt without the public key? (can’t store T public keys) • Answer: garble the encryption circuit + Batch Encrypt the labels (“Deferred Encryption Paradigm”)

  43. How to construct IBE IBE (non-black-box) [this work] wIBE [this work] + Garbled PKE Batch Encryption [DG17] (CDH) [this work] (LPN) CDH LPN

  44. How to construct Anonymous IBE? AnonIBE wAnonIBE “Anonymous” Batch Encryption CDH LPN

  45. How to construct Anonymous IBE? AnonIBE NO wAnonIBE “Anonymous” Batch Encryption CDH LPN

  46. Attack on Anonymity What is the problem? In some intermediate decryption steps, Adversary has the correct secret keys.

  47. Attack on Anonymity What is the problem? In some intermediate decryption steps, Adversary has the correct secret keys.

  48. Attack on Anonymity What is the problem? In some intermediate decryption steps, Adversary has the correct secret keys.

  49. Attack on Anonymity Learns the first two bits of id What is the problem? In some intermediate decryption steps, Adversary has the correct secret keys.

  50. Attack on Anonymity Learns the first two bits of id What is the problem? In some intermediate decryption steps, Adversary has the correct secret keys. We need a notion of wIBE security that holds even against authorized users.

  51. Blind IBE A notion of security that holds even against authorized users. To Bob:

  52. Blind IBE A notion of security that holds even against authorized users. • Semantic Security, and To Bob:

  53. Blind IBE A notion of security that holds even against authorized users. • Semantic Security, and

  54. Blind IBE A notion of security that holds even against authorized users. • Semantic Security, and For random m • * *We actually allow a relaxation of this definition

  55. Blind IBE A notion of security that holds even against authorized users. • Semantic Security, and For random m • * • We build Blind IBE from Blind Batch Encryption • Reminiscent of weak attribute hiding vs. strong attribute hiding for PE *We actually allow a relaxation of this definition

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the Circular Security of Bit Encryption Ron Rothblum Weizmann Institute Circular Security

On the Circular Security of Bit Encryption Ron Rothblum Weizmann Institute Circular Security

On the Circular Security of Bit Encryption Ron Rothblum Weizmann Institute Circular Security Circular Security Q: Is it in general safe to encrypt your own key? A: For some schemes (e.g. [BHHO08,ACPS09] ) yes but in general No! Circular

545 views • 33 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
BUILDING CAPACITY FOR SECURITY RESILIENCE Building CapaCity FOR SeCuRity ReSilienCe INTRODUCTION

BUILDING CAPACITY FOR SECURITY RESILIENCE Building CapaCity FOR SeCuRity ReSilienCe INTRODUCTION

BUILDING CAPACITY FOR SECURITY RESILIENCE Building CapaCity FOR SeCuRity ReSilienCe INTRODUCTION Mr. S pea k e r , wish to dedicate this sectoral presentation to the hardworking, devoted and uncompromising I members of Jamaicas security

478 views • 21 slides
SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23 May Government Panel on Priority Resilience Issues Cyber Resiliency of Mission Critical Automation Systems Thr, 24 May Resilience

564 views • 27 slides
Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal 1 Yuval Ishai 2

Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal 1 Yuval Ishai 2

Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal 1 Yuval Ishai 2 , 3 Hemanta K. Maji 4 Amit Sahai 3 Alexander A. Sherstov 3 1 Microsoft Research, India 2 Technion 3 University of California, Los Angeles 4 Purdue

488 views • 21 slides
Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya

Tamper and Leakage Resilience in the Split State Model Feng-Hao Liu Anna Lysyanskaya Brown University I/O Access to a Device Secret s x x D s (x) D s (x) Device for D s ( ) User

683 views • 24 slides
Climate resilience, resource efficiency and circular economy Support to SMEs in international

Climate resilience, resource efficiency and circular economy Support to SMEs in international

Climate resilience, resource efficiency and circular economy Support to SMEs in international value chains By Annegret Brauss 11 June, 2019 2 ITC helps businesses do good trade ITC is dedicated to support the competitiveness and

434 views • 16 slides
Security and Resilience Juan Torres, SNL April 21, 2016 Overview The "Security and

Security and Resilience Juan Torres, SNL April 21, 2016 Overview The "Security and

Security and Resilience Juan Torres, SNL April 21, 2016 Overview The "Security and Resilience" focus area has five main activities, based on the NIST cybersecurity framework, but expanded to all- hazards. Improve the Ability to

647 views • 6 slides
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy Dodis, Daniel Wichs New York University Speaker: Daniel Wichs CRYPTO 09 Goal of Leakage-Resilient Crypto Model of Leakage Resilience

303 views • 29 slides
Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and Dan Boneh and Kenny Paterson USENIX Security Symposium Meet Alice the Anonymous Activist Blogger PK A anonymous 2 Alices Lack of Privacy Send

395 views • 21 slides
Leakage Resilience from Lattices Marco Martinoli ( ESR10 ) Supervised by Prof. Elisabeth Oswald

Leakage Resilience from Lattices Marco Martinoli ( ESR10 ) Supervised by Prof. Elisabeth Oswald

11 th October 2017 Leakage Resilience from Lattices Marco Martinoli ( ESR10 ) Supervised by Prof. Elisabeth Oswald and Dr. Martijn Stam University of Bristol Leaky Lattices 11 th October 2017 HIGHLIGHTS 09/16 09/17 I went to NXP for my

424 views • 25 slides
Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional Account Director Arcom Digital < HOME Digital Leakage Outline Digital Leakage Traditional Leakage LTE Ingress and Egress issues

877 views • 68 slides
Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience Antonio Faonio 1

Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience Antonio Faonio 1

Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience Antonio Faonio 1 Daniele Venturi 2 Department of Computer Science, Aarhus University, Aarhus, Denmark Department of Information Engineering and Computer Science,

763 views • 34 slides
Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent

Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent

Separating Semantic and Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent Waters n-Circular Security [C amenisch L ysyanskya 01] PK 1 PK 1 . . . . . . PK n PK n Enc PKn (0) Enc PKn (SK 1 ) Enc PK1

1.07k views • 89 slides
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2,

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2,

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 oday Goals For T State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored Adversaries Anonymous

974 views • 58 slides
Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed, F.-X. Standaert , A. Joux NXP & UCL Crypto Group & Univ. Versailles CHES 2012, Leuven, Belgium SCA security (implementation level) 1 SCA

857 views • 70 slides
Algorithms for Matching and Clustering Using only Ordinal Information Elliot Anshelevich

Algorithms for Matching and Clustering Using only Ordinal Information Elliot Anshelevich

Blind, Greedy, and Random: Algorithms for Matching and Clustering Using only Ordinal Information Elliot Anshelevich (together with Shreyas Sekar) Rensselaer Polytechnic Institute (RPI), Troy, NY Maximum Utility Matching Edges have

953 views • 35 slides
Slides for Staff Meetings & CAC Meetings Name Title Use 44 Point Font Use 36 point font

Slides for Staff Meetings & CAC Meetings Name Title Use 44 Point Font Use 36 point font

Slides for Staff Meetings & CAC Meetings Name Title Use 44 Point Font Use 36 point font Atl Text How would you describe this object and its context to someone who is blind or has low vision? Be mindful of contrast with

255 views • 4 slides
Blind Signatures with flying colors Olivier Blazy XLim, Universit de Limoges Feb 2014 O.

Blind Signatures with flying colors Olivier Blazy XLim, Universit de Limoges Feb 2014 O.

Blind Signatures with flying colors Olivier Blazy XLim, Universit de Limoges Feb 2014 O. Blazy (XLim) Blind Sig Feb 2014 1 / 50 General Remarks 1 Building blocks 2 Non-Interactive Proofs of Knowledge 3 Interactive Implicit Proofs 4

1.24k views • 89 slides
New Figure Schemes for Stata: blindschemes The Schemes plotplain & plottig Adaptation

New Figure Schemes for Stata: blindschemes The Schemes plotplain & plottig Adaptation

The Issue Solutions New Figure Schemes for Stata: blindschemes The Schemes plotplain & plottig Adaptation Conclusion Daniel Bischof 1 1 University of Zurich November 17, 2016 1/17 The Default Stata Figure Schemes 6 The Issue

207 views • 20 slides
Its 2050: What am I reading? Kim Marrio7 Monash University

Its 2050: What am I reading? Kim Marrio7 Monash University

Its 2050: What am I reading? Kim Marrio7 Monash University Magical Books The Future eBooks should not be digital copies of print books--we

288 views • 6 slides
BlindBox: Deep Packet Inspection Over Encrypted Traffic Justine Sherry, Chang Lan, Raluca Ada

BlindBox: Deep Packet Inspection Over Encrypted Traffic Justine Sherry, Chang Lan, Raluca Ada

BlindBox: Deep Packet Inspection Over Encrypted Traffic Justine Sherry, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley (Work under submission). Intrusion Prevention Deep Packet Inspection Parental Filtering (DPI) In-network

851 views • 42 slides
Supporting accessibility in your distribution Some feedback from Debian

Supporting accessibility in your distribution Some feedback from Debian

Supporting accessibility in your distribution Some feedback from Debian Samuel Thibault Slides & stuff on http://brl.thefreecat.org/ http://liberte0.org/ 1 Outline Introduction to

917 views • 46 slides
Musical Source Separation: Principles and State of the Art Juan Jos Burred quipe

Musical Source Separation: Principles and State of the Art Juan Jos Burred quipe

Musical Source Separation: Principles and State of the Art Juan Jos Burred quipe Analyse/Synthse, IRCAM burred@ircam.fr 2nd International Workshop on Learning Semantics of Audio Signals (LSAS), Paris, 21st June 2008 Presentation

847 views • 36 slides

More recommend