indistinguishability theory
play

Indistinguishability Theory Ueli Maurer ETH Zurich FOSAD 2009, - PowerPoint PPT Presentation

Dec 24, 2022 •196 likes •1.12k views

Indistinguishability Theory Ueli Maurer ETH Zurich FOSAD 2009, Bertinoro, Sept. 2009. Distinguishing two objects: Distinguishing two objects: left or right? Distinguishing two types of numbers Set A: Set B: 2048-bit integers with exactly

  1. Indistinguishability Theory Ueli Maurer ETH Zurich FOSAD 2009, Bertinoro, Sept. 2009.

  2. Distinguishing two objects:

  3. Distinguishing two objects: left or right?

  4. Distinguishing two types of numbers Set A: Set B: 2048-bit integers with exactly 2048-bit integers with exactly 2 prime factors, each with at 3 prime factors, each with at least 512 bits. least 512 bits.

  5. Distinguishing two types of numbers Set A: Set B: 2048-bit integers with exactly 2048-bit integers with exactly 2 prime factors, each with at 3 prime factors, each with at least 512 bits. least 512 bits. 374095762974511873398056743981753957783254673845967825364509871 365295584882333644985766091852825640501638759879538762635485678 243091425765253648526374099125231764748985576600963327393947586 123498750533495862054987746524351089758393218367443278968764534 3127364987564354675092736565475849823142537584950243685261 left or right?

  6. Random vs. pseudo-random bit generator RBG PRBG output output sequence sequence

  7. Random vs. pseudo-random bit generator RBG PRBG output output sequence sequence 101100011101111001001110100010000011101100101110010111010001101 000011011010111101010001101011010100100101011110101000001101101 111000111011000101111010010101101001010110000101011010101101001 110011001001100010110100011100101010001011010100001111000101010 left or right?

  8. Distinguisher’s advantage D’s task: Guess left/right 50% 50% View Distinguisher D left / right

  9. � ✄ Distinguisher’s advantage D’s task: Guess left/right 50% 50% � /2 Prob(correct guess) = 0.5 + D ✁ I = I I I I I ✂ I I I I I I (D’s advantage) View Distinguisher D left / right

  10. ✞ ☎ ✞ Distinguisher’s advantage D’s task: Guess left/right 50% 50% Prob(correct guess) = 0.5 + ☎ /2 D ✆ I = I I I I I ✝ I I I I I I (D’s advantage) View ✆ I best D: I I I I I ✝ I I I I I I Distinguisher D left / right

  11. Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v

  12. ✔ ✘ ✔ ✡ ✔ ✔ ✓ ✗ ✎ ✍ ✡ ✔ ✙ ✙ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v Statistical distance: ✏✒✑ d ✟ V ✠ U ✔ PV (sum of red quantities) ☛✌☞ ✟✖✕

  13. ✜ ✩ ✩ ✜ ✫ ✬ ✭ ✭ ✩ ✩ ✩ ✩ ✩ ✩ ✩ ✣ ✩ ✩ ✩ ✥ ★ ✩ ✜ ✤ Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v Statistical distance: ✦✒✧ d ✚ V ✛ U ✩ PV (sum of red quantities) ✢✌✣ ✚✖✪ ✚ V ✛ U

  14. ✰ ✸ ✺ ✼ ✼ ✸ ✸ ✸ ✸ ✸ ✸ ✸ ✲ ✰ ✲ ✰ ✲ ✻ ✺ ✰ ✻ ✸ ✴ ✸ ✰ ✸ ✸ ✳ ✸ ✷ Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v Statistical distance: ✵✒✶ d ✮ V ✯ U ✸ PV (sum of red quantities) ✱✌✲ ✮✖✹ ✮ V ✯ U Possible interpretation: P ✮ V U d ✮ V ✯ U

  15. Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S

  16. Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ...

  17. Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior?

  18. ✽ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant!

  19. ✾ ▼ ✾ ◆ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ✿❁❀❃❂❅❄ ❆❈❇❉❇❊❇❋❄ ❀●✿❍❆■❇❊❇❊❇❏✿❑❀●▲ pS ❆ for ❖◗P❙❘ P❯❚❱❚❱❚ Characterized by:

  20. ❨ ❲ ❨ ❡ ❡ ❡ ❵ ❴ ❲ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ❳❁❨❃❩❅❬ ❭❈❪❉❪❊❪❋❬ ❨●❳❍❭■❪❊❪❊❪❏❳❑❨●❫ pS ❭ for ❛◗❜❙❝ ❜❯❞❱❞❱❞ Characterized by: abstraction called random system [Mau02] This description is minimal! ❳❍❭■❪❊❪❊❪❢❳ ❩❅❬ ❭■❪❊❪❊❪❋❬ Redundant (better) description: pS

  21. ♦ ❣ ✈ ✐ ✐ ✉ ✉ ✉ ♣ ❣ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ❤❁✐❃❥❅❦ ❧❈♠❉♠❊♠❋❦ ✐●❤❍❧■♠❊♠❊♠❏❤❑✐●♥ pS ❧ for q◗r❙s r❯t❱t❱t Characterized by: abstraction called random system [Mau02] This description is minimal! ❤❍❧■♠❊♠❊♠❢❤ ❥❅❦ ❧■♠❊♠❊♠❋❦ Redundant (better) description: pS Equivalence of systems: S T if same behavior

  22. ➁ ⑧ ❹ ❻ ➀ ❽ ❿ ❾ ❽ ❻ ❺ ② ② ❹ ❹ ⑨ ❹ ✇ ✇ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ①❁②❃③❅④ ⑤❈⑥❉⑥❊⑥❋④ ②●①❍⑤■⑥❊⑥❊⑥❏①❑②●⑦ pS ⑤ for ⑩◗❶❙❷ ❶❯❸❱❸❱❸ Characterized by: abstraction called random system [Mau02] This description is minimal! ①❍⑤■⑥❊⑥❊⑥❢① ③❅④ ⑤■⑥❊⑥❊⑥❋④ Redundant (better) description: pS Equivalence of systems: S T if same behavior ❼ S Realization of S from a RV (range ):

  23. ➒ ➐ ➐ ➐ ➐ ➐ ↕ ➄ ➒ ➊ ➄ ↔ ➔ ➑ ➣ → ➔ ➋ ➂ ➂ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ➃❁➄❃➅❅➆ ➇❈➈❉➈❊➈❋➆ ➄●➃❍➇■➈❊➈❊➈❏➃❑➄●➉ pS ➇ for ➌◗➍❙➎ ➍❯➏❱➏❱➏ Characterized by: abstraction called random system [Mau02] This description is minimal! ➃❍➇■➈❊➈❊➈❢➃ ➅❅➆ ➇■➈❊➈❊➈❋➆ Redundant (better) description: pS Equivalence of systems: S T if same behavior ➓ S Realization of S from a RV (range ): notion of independence

  24. Distinguishers X , X , ... Y , Y , ... 1 2 1 2 S D

  25. ➩ ➟ ➙ ➜ ➭ ➭ ➜ ➥ ➙ ➭ ➤ ➞ ➞ ➭ ➛ ➙ ➙ ➺ ➜ ➡ ➛ ➥ ➙ ➙ ➛ ➥ Distinguishers X , X , ... Y , Y , ... 1 2 1 2 S D ➯ pD ➥➫➩ ➥➫➩ ➥➫➩ PDS pS ➠➢➡ ➧❢➙ ➛➝➜ ➜➦➥➨➧❢➙ ➯ pD pS ➛➵➧➸➜ ➛➲➧➳➙ ➭➼➻❱➽❯➽❱➽❱➻ ➥➚➾ notation:

  26. ➱ ➘ ➹ ❒ ❒ ➹ ➱ ➘ ➹ ➮ ➶ ➴ ➶ ❒ ➪ ➪ ➶ ❐ ❒ ➪ ➱ ➬ ❰ ➪ ➪ ➪ Distinguishers X , X , ... Y , Y , ... 1 2 1 2 S D W = 0/1 ❮ pD ➱➫❐ ➱➫❐ ➱➫❐ PDS pS ➷➢➬ ✃❢➪ ➶➝➹ ➹➦➱➨✃❢➪ ❮ pD pS ➶➵✃➸➹ ➶➲✃➳➪ ❒➼Ï❱Ð❯Ð❱Ð❱Ï ➱➚Ñ notation:

  27. Ø Ø Ú × Ù Ø Ø Ø Ø × Û Ø Ø × Ø Ø × Õ Ú Ü Ý Ø Ø Ø Ø Ù Õ Ø Ø Ø Ò Ø Ø Õ Distinguishing advantage 2 equivalent views: S Z 0 S T 1 T D D D W = 0/1 W = 0/1 W = 0/1 PDS PDT D Ó S Ó W Ó W Ô T Ö✌× Õ✒Ø PDSTZ Ó W Z

  28. á ä ä ä ä ä ä ã ã á å á æ ä ä ã ç ä ä é Þ ä ä ä ä ä è ä æ á ã ä ä ä Þ å Distinguishing advantage 2 equivalent views: S Z 0 S T 1 T D D D W = 0/1 W = 0/1 W = 0/1 PDS PDT D ß S ß W ß W à T â✌ã á✒ä PDSTZ ß W Z ß S best (adaptive) D: à T

  29. í ï ð ð ð ð ð ó ñ ð í ò ï ð ï ñ ð ð í ð ð ê í ê ð ð ð ð õ ð ô ò í ï ð ê ð ð Distinguishing advantage 2 equivalent views: S Z 0 S T 1 T D D D W = 0/1 W = 0/1 W = 0/1 PDS PDT D ë S ë W ë W ì T î✌ï í✒ð PDSTZ ë W Z ë S best (adaptive) D: ì T ë S NA best non-adapt. D: ì T

  30. Game-winning S X , X , ... Y , Y , ... 1 2 1 2

  31. Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2

  32. Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2 D

  33. û ö ù ø Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2 D ÷ D D’s prob. of winning with queries: ú S

  34. ✁ ü ÿ þ ✁ ÿ þ ý ✁ ÿ þ Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2 D ý D D’s prob. of winning with queries: � S ✂☎✄ ý D Optimal (adaptive) D: � S maxD � S

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation Dan Boneh Mark Zhandry Stanford University {dabo, zhandry}@cs.stanford.edu Abstract In this work, we show how to use indistinguishability

780 views • 49 slides
Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien Koutsos LSV, CNRS, ENS Paris-Saclay June 29, 2019 Adrien Koutsos (LSV, ENS PS) Indistinguishability June 29, 2019 1 / 34 Introduction Motivation

1.06k views • 76 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to stateful AE Phillip Rogaway Yusi (James) Zhang University of California, Davis, USA C RYPTO 2018 1. Introduction 2. IND|C 3. Examples 1

523 views • 20 slides
Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations Adrien Koutsos March 13, 2018 Adrien Koutsos Deciding Indistinguishability March 13, 2018 1 / 37 Introduction 1 The Model 2 Game

746 views • 73 slides
Geo-indistinguishability: A Principled Approach to Location Privacy Kostas Chatzikokolakis CNRS,

Geo-indistinguishability: A Principled Approach to Location Privacy Kostas Chatzikokolakis CNRS,

Geo-indistinguishability: A Principled Approach to Location Privacy Kostas Chatzikokolakis CNRS, INRIA, LIX Ecole Polytechnique joint work with Miguel Andr es, Nicol as Bordenabe, Catuscia Palamidessi, Marco Stronati PRINCESS QIF Day,

478 views • 45 slides
PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse

PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse

PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse prpare au sein du LSV, ENS Paris-Saclay September 27, 2019 Introduction Motivation Security Protocols Distributed programs which aim at providing some

1.55k views • 142 slides
Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov Gil Segev Hebrew University This Talk A framework for proving impossibility results for commonly-used non-black-box techniques Limits on

596 views • 22 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Voice-Indistinguishability Protecting Voiceprint in Privacy-Preserving Speech Data Release

Voice-Indistinguishability Protecting Voiceprint in Privacy-Preserving Speech Data Release

Voice-Indistinguishability Protecting Voiceprint in Privacy-Preserving Speech Data Release Yaowei Han, Sheng Li, Yang Cao, Qiang Ma, Masatoshi Yoshikawa Department of Social Informatics, Kyoto University, Kyoto, Japan 1 National Institute of

611 views • 27 slides
Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS,

Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS,

Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS, France November 16th, 2016 VIP in a nutshell V erifiation of I ndistinguishability P roperties Projet JCJC Jeunes Chercheuses Jeunes Chercheurs

488 views • 31 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
Verification of Indistinguishability Properties Stphanie Delaune LSV, CNRS & ENS Cachan

Verification of Indistinguishability Properties Stphanie Delaune LSV, CNRS & ENS Cachan

Verification of Indistinguishability Properties Stphanie Delaune LSV, CNRS & ENS Cachan & INRIA Saclay le-de-France, France Thursday, October 11th, 2012 S. Delaune (LSV) VIP project 11th October 2012 1 / 30 VIP in a nutshell

673 views • 63 slides
Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek

Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek

Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek Amit Ananth Jain Sahai Software Evolution 1990 Software Evolution 1990 1995 Software Evolution 1997 1990 1995 Software Evolution 1997 1990

1.03k views • 78 slides
SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? ! What does a theory consist of?

SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? ! What does a theory consist of?

SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? ! What does a theory consist of? (e.g. what are the elements of a theory?) ! Answer: A theory is a proposition or a set of interrelated propositions that purports to explain a given

379 views • 12 slides
Abstraction in Cryptography Ueli Maurer ETH Zurich CRYPTO 2009, August 19, 2009 Abstraction in

Abstraction in Cryptography Ueli Maurer ETH Zurich CRYPTO 2009, August 19, 2009 Abstraction in

Abstraction in Cryptography Ueli Maurer ETH Zurich CRYPTO 2009, August 19, 2009 Abstraction in Cryptography I can only understand simple things. J AMES M ASSEY Ueli Maurer ETH Zurich CRYPTO 2009, August 19, 2009 Abstraction

1.8k views • 169 slides
Bluering Prototype System Results G. Hampson, W. Cheng, D. Humphrey, J. Bunton, P. Roberts, K.

Bluering Prototype System Results G. Hampson, W. Cheng, D. Humphrey, J. Bunton, P. Roberts, K.

Bluering Prototype System Results G. Hampson, W. Cheng, D. Humphrey, J. Bunton, P. Roberts, K. Bengston, R. Beresford, Y. Chen, R. Chekkala 22 nd September 2020 RadioNet Workshop: Future Trends in Radio Astronomy Instrumentation Bluering

448 views • 20 slides
Variable & Value Ordering Heuristics Heuristics for backtracking algorithms Variable

Variable & Value Ordering Heuristics Heuristics for backtracking algorithms Variable

Variable & Value Ordering Heuristics Heuristics for backtracking algorithms Variable ordering what variable to branch on next Value ordering given a choice of variable, what order to try values Constraint ordering what

622 views • 31 slides
Using OKRs for the First Time Learn more at 7geese.com/okrs Presented by WENDY PAT FONG

Using OKRs for the First Time Learn more at 7geese.com/okrs Presented by WENDY PAT FONG

Using OKRs for the First Time Learn more at 7geese.com/okrs Presented by WENDY PAT FONG Director of Talent and Operations, 7Geese @7Geese #OKRs e x p r e s s Align your team and achieve more, together. i o f b 7Geese is a

361 views • 20 slides
protoDUNE single-phase Instrumentation - Gas Analyzers Stephen Pordes, Fermilab 4/25/17 S.

protoDUNE single-phase Instrumentation - Gas Analyzers Stephen Pordes, Fermilab 4/25/17 S.

protoDUNE single-phase Instrumentation - Gas Analyzers Stephen Pordes, Fermilab 4/25/17 S. Pordes - protoDUNE single-phase Instrumentation review - gas analzyzers 1 protoDUNE single-phase Instrumentation - Gas Analyzers Motivation:

472 views • 9 slides
A JS S D S O

A JS S D S O

A JS S D S O Matthew Sackman matthew@rabbitmq.com Introduction I T

835 views • 44 slides
a formal framework for the symbol grounding problem benjamin johnston + mary-anne williams mouse

a formal framework for the symbol grounding problem benjamin johnston + mary-anne williams mouse

a formal framework for the symbol grounding problem benjamin johnston + mary-anne williams mouse wiffme_blag how can the semantic interpretation of a formal symbol system be made intrinsic to the system , rather than just parasitic on the

392 views • 16 slides
Capital Accumulation, Private Property, and Inequality in China, 1978-2015 Thomas Piketty Li

Capital Accumulation, Private Property, and Inequality in China, 1978-2015 Thomas Piketty Li

Capital Accumulation, Private Property, and Inequality in China, 1978-2015 Thomas Piketty Li Yang Gabriel Zucman PARIS SCHOOL OF PARIS SCHOOL OF UC BERKELEY & ECONOMICS ECONOMICS NBER Paris, December, 2017 The First WID.world

870 views • 61 slides

More recommend