inner product functional encryption
play

Inner Product Functional Encryption Edouard Dufour Sans January 25, - PowerPoint PPT Presentation

Sep 21, 2022 •278 likes •930 views

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical

  1. Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018

  2. Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical security The first practical scheme: ABDP Presentation Correctness A fully secure scheme: ALS Presentation Correctness Security

  3. Functional Encryption Traditional PKE: all or nothing.

  4. Functional Encryption Traditional PKE: all or nothing. ◮ Have the key? Get the plaintext.

  5. Functional Encryption Traditional PKE: all or nothing. ◮ Have the key? Get the plaintext. ◮ Don’t have the key? Get nothing.

  6. Functional Encryption Traditional PKE: all or nothing. Functional Encryption: A new ◮ Have the key? Get the paradigm . plaintext. ◮ Don’t have the key? Get nothing.

  7. Functional Encryption Traditional PKE: all or nothing. Functional Encryption: A new ◮ Have the key? Get the paradigm . plaintext. Get a function of the cleartext. ◮ Don’t have the key? Get nothing.

  8. Functional Encryption Traditional PKE: all or nothing. Functional Encryption: A new ◮ Have the key? Get the paradigm . plaintext. Get a function of the cleartext. ◮ Don’t have the key? Get Function depends on the key . nothing.

  9. Functional Encryption: Formal definition Four algorithms:

  10. Functional Encryption: Formal definition Four algorithms: ◮ Setup ◮ Encrypt ◮ KeyGen ◮ Decrypt

  11. Functional Encryption: Formal definition Four algorithms: ◮ Setup( λ ): Returns ( ek , msk ). ◮ Encrypt ◮ KeyGen ◮ Decrypt

  12. Functional Encryption: Formal definition Four algorithms: ◮ Setup( λ ): Returns ( ek , msk ). ◮ Encrypt( ek , x ): Returns c . ◮ KeyGen ◮ Decrypt

  13. Functional Encryption: Formal definition Four algorithms: ◮ Setup( λ ): Returns ( ek , msk ). ◮ Encrypt( ek , x ): Returns c . ◮ KeyGen( msk , f ): Returns sk f . ◮ Decrypt

  14. Functional Encryption: Formal definition Four algorithms: ◮ Setup( λ ): Returns ( ek , msk ). ◮ Encrypt( ek , x ): Returns c . ◮ KeyGen( msk , f ): Returns sk f . ◮ Decrypt( sk f , c ): Returns f ( x ).

  15. Functional Encryption: Formal definition Four algorithms: ◮ Setup( λ ): Returns ( ek , msk ). ◮ Encrypt( ek , x ): Returns c . ◮ KeyGen( msk , f ): Returns sk f . ◮ Decrypt( sk f , c ): Returns f ( x ). Function hiding.

  16. Functional Encryption: Formal definition Four algorithms: ◮ Setup( λ ): Returns ( ek , msk ). ◮ Encrypt( ek , x ): Returns c . ◮ KeyGen( msk , f ): Returns sk f . ◮ Decrypt( sk f , c ): Returns f ( x ). Function hiding (or not ).

  17. Functional Encryption: Formal definition Four algorithms: ◮ Setup( λ ): Returns ( ek , msk ). ◮ Encrypt( ek , x ): Returns c . ◮ KeyGen( msk , f ): Returns sk f . ◮ Decrypt( sk f , c ): Returns f ( x ). Function hiding (or not ). f ∈ F : the functionality .

  18. Security definitions Can we simply re-use the definitions of standard SE or PKE?

  19. Security definitions Can we simply re-use the definitions of standard SE or PKE? No .

  20. Security definitions Can we simply re-use the definitions of standard SE or PKE? No. For any non-trivial f = ⇒ distinguish by submitting x 0 , x 1 with f ( x 0 ) � = f ( x 1 ).

  21. Security definitions Can we simply re-use the definitions of standard SE or PKE? No. For any non-trivial f = ⇒ distinguish by submitting x 0 , x 1 with f ( x 0 ) � = f ( x 1 ). Would not be a useful definition.

  22. Security definitions Indistinguishibility-Based Game

  23. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles:

  24. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles: ◮ Initialize: Run the setup and send the public key.

  25. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles: ◮ Initialize: Run the setup and send the public key. ◮ KeyDer: Run KeyGen and give the decryption key.

  26. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles: ◮ Initialize: Run the setup and send the public key. ◮ KeyDer: Run KeyGen and give the decryption key. ◮ LeftOrRight: Receive ( x 0 , x 1 ), return Encrypt( ek , x b ).

  27. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles: ◮ Initialize: Run the setup and send the public key. ◮ KeyDer: Run KeyGen and give the decryption key. ◮ LeftOrRight: Receive ( x 0 , x 1 ), return Encrypt( ek , x b ). ◮ Finalize: If key requests were legitimate, check validity of guess.

  28. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles: ◮ Initialize: Run the setup and send the public key. ◮ KeyDer: Run KeyGen and give the decryption key. ◮ LeftOrRight: Receive ( x 0 , x 1 ), return Encrypt( ek , x b ). ◮ Finalize: If key requests were legitimate, check validity of guess. One query to LeftOrRight is enough.

  29. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles: ◮ Initialize: Run the setup and send the public key. ◮ KeyDer: Run KeyGen and give the decryption key. ◮ LeftOrRight: Receive ( x 0 , x 1 ), return Encrypt( ek , x b ). ◮ Finalize: If key requests were legitimate, check validity of guess. One query to LeftOrRight is enough. Requests were illegitimate if for some f queries to KeyDer, f ( x 0 ) � = f ( x 1 ).

  30. Security definitions Indistinguishibility-Based Game Polynomial number of queries to the following oracles: ◮ Initialize: Run the setup and send the public key. ◮ KeyDer: Run KeyGen and give the decryption key. ◮ LeftOrRight: Receive ( x 0 , x 1 ), return Encrypt( ek , x b ). ◮ Finalize: If key requests were legitimate, check validity of guess. One query to LeftOrRight is enough. Requests were illegitimate if for some f queries to KeyDer, f ( x 0 ) � = f ( x 1 ). Selective game: Adversary must query LeftOrRight first. Adaptive game: No such constraint.

  31. Notations ◮ Brackets: [ x ] = g x . ◮ Matrices and brackets:       . . . [ x 11 ] . . . [ x 1 n ] x 11 x 1 n . . . . ... ... . . . .  =       . . . .      x d 1 . . . x dn [ x d 1 ] . . . [ x dn ] ◮ We encrypt vectors x , and give keys for vectors y . We conflate f y : x → � n i =1 x i y i and y . ◮ Scalar x , vector x and matrix X .

  32. Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical security The first practical scheme: ABDP Presentation Correctness A fully secure scheme: ALS Presentation Correctness Security

  33. The Power of Inner Products We will work towards constructing schemes for the inner product functionality.

  34. The Power of Inner Products We will work towards constructing schemes for the inner product functionality. Is this a useful primitive?

  35. Descriptive statistics ◮ Averages.

  36. Descriptive statistics ◮ Averages. ◮ Weighted averages.

  37. Descriptive statistics ◮ Averages. ◮ Weighted averages. ◮ Standard deviation.

  38. Descriptive statistics ◮ Averages. ◮ Weighted averages. ◮ Standard deviation (if we encrypt the squares).

  39. Machine learning: linear regression Predict t (e.g. income) from x (e.g. housing data about the family).

  40. Machine learning: linear regression Predict t (e.g. income) from x (e.g. housing data about the family). A somewhat naive model: � n t ≈ i =1 x i y i ≈ � x , y �

  41. Machine learning: linear regression Predict t (e.g. income) from x (e.g. housing data about the family). A somewhat naive model: � n t ≈ i =1 x i y i ≈ � x , y � Works very well for some (basic) problems!

  42. Machine learning: linear classification Figure: The CIFAR10 dataset. Source: https://www.cs.toronto.edu/ ∼ kriz/cifar.html

  43. Machine learning: linear classification Figure: CIFAR10 linear classifiers as images. Source: http://cs231n.github.io/linear-classify/

  44. Leakage The key for y lets you compute � x , y � = ⇒ one projection.

  45. Leakage The key for y lets you compute � x , y � = ⇒ one projection. m independent keys = ⇒ m projections.

  46. Leakage The key for y lets you compute � x , y � = ⇒ one projection. m independent keys = ⇒ m projections. Actual number of keys you can give?

  47. Leakage The key for y lets you compute � x , y � = ⇒ one projection. m independent keys = ⇒ m projections. Actual number of keys you can give depends on plaintext distribution.

  48. Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical security The first practical scheme: ABDP Presentation Correctness A fully secure scheme: ALS Presentation Correctness Security

  49. Presentation ABDP15 Fixed n . F ≈ Z n p , f y ≈ y .

  50. Presentation ABDP15 Fixed n . F ≈ Z n p , f y ≈ y . ◮ Setup ◮ Encrypt ◮ KeyGen ◮ Decrypt

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David Pointcheval Ecole Normale Sup erieure INRIA June 6, 2019 Table of Contents Background Functional Encryption ABDP Applications of Inner

970 views • 51 slides
Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Multi-input Inner-Product Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana Raykova, Yale University Hoeteck Wee, CNRS and ENS Functional Encryption [Boneh, Sahai, Waters 11] m Alice Functional

585 views • 40 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional Encryption f g h KeyGen PK SK SK f PK f(x) Dec SK g x g(x) Enc Dec Ciphertext SK h h(x) Dec Index-Payload Functions Message x=(

166 views • 13 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Functional Encryption for Inner Product with Full Function Privacy by Sourav Mukhopadhyay joint

Functional Encryption for Inner Product with Full Function Privacy by Sourav Mukhopadhyay joint

Functional Encryption for Inner Product with Full Function Privacy by Sourav Mukhopadhyay joint work with Pratish Datta and Ratna Dutta Department of Mathematics Indian Institute of Technology Kharagpur Kharagpur-721302 India PKC 2016

340 views • 23 slides
Practical Fully Secure Inner Product Functional Encryption modulo p Guilhem Castagnos 1 Fabien

Practical Fully Secure Inner Product Functional Encryption modulo p Guilhem Castagnos 1 Fabien

Practical Fully Secure Inner Product Functional Encryption modulo p Guilhem Castagnos 1 Fabien Laguillaumie 2 Ida Tucker 2 1 Universit de Bordeaux, INRIA, CNRS, IMB UMR 5251, F-33405 Talence, France. 2 Univ Lyon, CNRS, Universit Claude Bernard

1.22k views • 101 slides
Practical Fully Secure Inner Product Functional Encryption modulo p Guilhem Castagnos 1 Fabien

Practical Fully Secure Inner Product Functional Encryption modulo p Guilhem Castagnos 1 Fabien

Practical Fully Secure Inner Product Functional Encryption modulo p Guilhem Castagnos 1 Fabien Laguillaumie 2 Ida Tucker 2 1 Universit de Bordeaux, INRIA, CNRS, IMB UMR 5251, F-33405 Talence, France. 2 Univ Lyon, CNRS, Universit Claude Bernard

1.12k views • 59 slides
Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de

Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de

Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de Kamp David Stritzl Willem Jonker Andreas Peter ACISP 2019 Functional Encryption for Set Operations n evaluate i = 1 S i S 1 S 2 S n

707 views • 32 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov Gil Segev Hebrew University This Talk A framework for proving impossibility results for commonly-used non-black-box techniques Limits on

596 views • 22 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse, Angelo De Caro, and David Pointcheval ENS, CNRS, INRIA, and PSL, 45 Rue dUlm, 75230 Paris Cedex 05, France {

535 views • 19 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Overview of the results The Framework Work in progress Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De Caro, and David Pointcheval Ecole normale sup erieure, CNRS, INRIA, PSL, Paris,

866 views • 71 slides
Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans

Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans

Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans 1 Romain Gay 1,3 Th Francis Bach 2,1 David Pointcheval 1,2 1 Ecole Normale Sup erieure 2 INRIA 3 UC Berkeley August 18, 2019 Table of

418 views • 38 slides
Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

1 Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69 submissions in first round, from hundreds of people. (+13 submissions that NIST declared incomplete or improper.) 22 signature-system submissions. 5

1.97k views • 196 slides
Bootstrapping (with Small Error Growth) Chris Peikert University of Michigan HEAT Summer School

Bootstrapping (with Small Error Growth) Chris Peikert University of Michigan HEAT Summer School

Bootstrapping (with Small Error Growth) Chris Peikert University of Michigan HEAT Summer School 12 Oct 2015 1 / 14 Fully Homomorphic Encryption [RAD78,Gentry09] FHE lets you do this: Eval ( f ) f ( ) A cryptographic holy

1.01k views • 66 slides
Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1

Controlled Sharing of Sensitive Content NDN Case Study Yingdi Yu UCLA 10/3/15 1 Content-based confidentiality Confidentiality stays with content independent from where the content is independent from how it is

647 views • 10 slides
How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20

How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20

How Dangerous are Decryp- tion Failures in Lattice-based Encryption? Jan-Pieter DAnvers 20 november 2019 1 Outline 1 Introduction 2 How to find 1st failure 3 How to find next failure 4 Recovering the secret 5 Conclusion 1 1 LWE hard

1.07k views • 81 slides
Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September

Code-based Cryptography Christiane Peters Technical University of Denmark ECC 2011 September 20, 2011 Code-based cryptography 1. Background 2. The McEliece cryptosystem 3. Information-set-decoding attacks 4. Designs: Wild McEliece 5.

721 views • 55 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
Liquidsoap Audio & Video Streaming Language 1 / 73 What is Liquidsoap? 2 / 73 What is

Liquidsoap Audio & Video Streaming Language 1 / 73 What is Liquidsoap? 2 / 73 What is

Liquidsoap Audio & Video Streaming Language 1 / 73 What is Liquidsoap? 2 / 73 What is Liquidsoap? A language to create audio and video streams 3 / 73 What is Liquidsoap? A language to create audio and video streams myplaylist =

1.08k views • 73 slides
CBRE GROUP, INC. First Quarter 2017: Earnings Conference Call APRIL 27, 2017 FORWARD-LOOKING

CBRE GROUP, INC. First Quarter 2017: Earnings Conference Call APRIL 27, 2017 FORWARD-LOOKING

CBRE GROUP, INC. First Quarter 2017: Earnings Conference Call APRIL 27, 2017 FORWARD-LOOKING STATEMENTS This presentation contains statements that are forward looking within the meaning of the Private Securities Litigation Reform Act of 1995.

782 views • 29 slides

More recommend