lossy encryption from general assumptions
play

Lossy Encryption from General Assumptions Brett Hemenway and Rafail - PowerPoint PPT Presentation

Feb 09, 2024 •268 likes •1.84k views

Lossy Encryption from General Assumptions Brett Hemenway and Rafail Ostrovsky Crypto in the Clouds Workshop, MIT August 5, 2009 Brett Hemenway and Rafail Ostrovsky Outline Motivation Definitions Our Results Brett Hemenway and Rafail

  1. Selective Opening Security: Indistinguishability [BHY09] IND-SO-ENC (Real) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ b ← A ((( m i , r i )) i ∈ I , ( m 1 , . . . , m n )) IND-SO-ENC (Ideal) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ ( m ′ 1 , . . . , m ′ n ) ← M | M I ◮ b ← A ((( m i , r i )) i ∈ I , ( m ′ 1 , . . . , m ′ n )) Brett Hemenway and Rafail Ostrovsky

  2. Selective Opening Security: Indistinguishability [BHY09] IND-SO-ENC (Real) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ b ← A ((( m i , r i )) i ∈ I , ( m 1 , . . . , m n )) IND-SO-ENC (Ideal) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ ( m ′ 1 , . . . , m ′ n ) ← M | M I ◮ b ← A ((( m i , r i )) i ∈ I , ( m ′ 1 , . . . , m ′ n )) A IND − SO − ENC − REAL = 1 A IND − SO − ENC − IDEAL = 1 � � � � �� � Pr − Pr � < ν Brett Hemenway and Rafail Ostrovsky

  3. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  4. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  5. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  6. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  7. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Notice: Indistinguishability + Lossiness = ⇒ IND-CPA security Brett Hemenway and Rafail Ostrovsky

  8. Lossy Encryption is IND-SO-ENC Secure (BHY09) In Lossy mode, the distributions ( E ( m 1 , r 1 ) , . . . , E ( m n , r n )) ≈ s ( E ( m ′ 1 , r 1 ) , . . . , E ( m ′ n , r n )) Since the encryptions are statistically independent of the messages, so even after conditioning on certain openings, the rest remain independent of the messages. Brett Hemenway and Rafail Ostrovsky

  9. ReRandomizable Encryption Brett Hemenway and Rafail Ostrovsky

  10. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. Brett Hemenway and Rafail Ostrovsky

  11. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. ◮ There exists a function ReRand such that for all pk , m , r , r ′ Brett Hemenway and Rafail Ostrovsky

  12. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. ◮ There exists a function ReRand such that for all pk , m , r , r ′ ◮ Correctness: D (ReRand( E ( pk , m , r ))) = m Brett Hemenway and Rafail Ostrovsky

  13. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. ◮ There exists a function ReRand such that for all pk , m , r , r ′ ◮ Correctness: D (ReRand( E ( pk , m , r ))) = m ◮ Statistical rerandomization: { ReRand( E ( pk , m , r )) } ≈ s { ReRand( E ( pk , m , r ′ )) } Brett Hemenway and Rafail Ostrovsky

  14. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Brett Hemenway and Rafail Ostrovsky

  15. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Caution: this is not necessarily statistically re-randomizing. Brett Hemenway and Rafail Ostrovsky

  16. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Caution: this is not necessarily statistically re-randomizing. It is statistically re-randomizing for all known homomorphic cryptosystems. Brett Hemenway and Rafail Ostrovsky

  17. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Caution: this is not necessarily statistically re-randomizing. It is statistically re-randomizing for all known homomorphic cryptosystems. If you can sample statistically close to uniformly from the set of encryptions of 0 then homomorphic encryption is statistically rerandomizable Brett Hemenway and Rafail Ostrovsky

  18. Outline Motivation Definitions Our Results Brett Hemenway and Rafail Ostrovsky

  19. Our Results Brett Hemenway and Rafail Ostrovsky

  20. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  21. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: Brett Hemenway and Rafail Ostrovsky

  22. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik Brett Hemenway and Rafail Ostrovsky

  23. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. Brett Hemenway and Rafail Ostrovsky

  24. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  25. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  26. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  27. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption ◮ CCA2 Selective Opening Secure definitions and constructions Brett Hemenway and Rafail Ostrovsky

  28. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption ◮ CCA2 Selective Opening Secure definitions and constructions ◮ Constructions from statistically-hiding NIZKs in the simulation-based model Brett Hemenway and Rafail Ostrovsky

  29. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption ◮ CCA2 Selective Opening Secure definitions and constructions ◮ Constructions from statistically-hiding NIZKs in the simulation-based model ◮ Constructions from Lossy-Trapdoor Functions in the indistinguishability-based model Brett Hemenway and Rafail Ostrovsky

  30. ReRandomizable Encryption “is” Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  31. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. Brett Hemenway and Rafail Ostrovsky

  32. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . Brett Hemenway and Rafail Ostrovsky

  33. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . Brett Hemenway and Rafail Ostrovsky

  34. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . ◮ Decryption is the same as for the ReRandomizable scheme. Brett Hemenway and Rafail Ostrovsky

  35. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . ◮ Decryption is the same as for the ReRandomizable scheme. This is lossy if b 0 = b 1 , and injective if b 0 � = b 1 . Brett Hemenway and Rafail Ostrovsky

  36. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . ◮ Decryption is the same as for the ReRandomizable scheme. This is lossy if b 0 = b 1 , and injective if b 0 � = b 1 . The indistinguishability of modes follows immediately from the Semantic Security of ( G , E , D ). Brett Hemenway and Rafail Ostrovsky

  37. For Homomorphic Encryption Brett Hemenway and Rafail Ostrovsky

  38. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then Brett Hemenway and Rafail Ostrovsky

  39. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then ◮ We can make lossy encryption, simply by setting PK = ( pk , e ) where e = E ( pk , 0 , r ) in Lossy Mode and E ( pk , 1 , r ) in injective mode. Brett Hemenway and Rafail Ostrovsky

  40. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then ◮ We can make lossy encryption, simply by setting PK = ( pk , e ) where e = E ( pk , 0 , r ) in Lossy Mode and E ( pk , 1 , r ) in injective mode. ◮ Encryption of m is just e m · E ( pk , 0 , r ). Brett Hemenway and Rafail Ostrovsky

  41. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then ◮ We can make lossy encryption, simply by setting PK = ( pk , e ) where e = E ( pk , 0 , r ) in Lossy Mode and E ( pk , 1 , r ) in injective mode. ◮ Encryption of m is just e m · E ( pk , 0 , r ). ◮ Decryption is the same. Brett Hemenway and Rafail Ostrovsky

  42. Oblivious Transfer Implies Lossy Encryption Sender Receiver Brett Hemenway and Rafail Ostrovsky

  43. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Sender Receiver Brett Hemenway and Rafail Ostrovsky

  44. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Brett Hemenway and Rafail Ostrovsky

  45. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Q b ( x 0 , x 1 ; r ) Brett Hemenway and Rafail Ostrovsky

  46. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Q b ( x 0 , x 1 ; r ) PK inj : PK lossy : Q 0 Q 1 E ( m , r ) ≡ Q b ( m , 0; r ) Brett Hemenway and Rafail Ostrovsky

  47. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Q b ( x 0 , x 1 ; r ) PK inj : PK lossy : Q 0 Q 1 E ( m , r ) ≡ Q b ( m , 0; r ) Computational receiver privacy implies indistinguishability of modes Statistical sender privacy implies lossiness of lossy branch Brett Hemenway and Rafail Ostrovsky

  48. Chosen Ciphertext Security Chosen Ciphertext Security in the Selective Opening Setting Brett Hemenway and Rafail Ostrovsky

  49. IND-SO-CCA2: Definitions Challenger Adversary Brett Hemenway and Rafail Ostrovsky

  50. IND-SO-CCA2: Definitions Challenger Adversary Decryption Queries Brett Hemenway and Rafail Ostrovsky

  51. IND-SO-CCA2: Definitions Challenger Adversary Decryption Queries Selective Opening Query Brett Hemenway and Rafail Ostrovsky

  52. IND-SO-CCA2: Definitions Challenger Adversary Decryption Queries Selective Opening Query Decryption Queries Output b Brett Hemenway and Rafail Ostrovsky

  53. IND-SO-CCA2: Definitions Challenger Adversary c D ( c ) . . . Selective Opening Query Decryption Queries Brett Hemenway and Rafail Ostrovsky

  54. IND-SO-CCA2: Definitions Challenger Adversary c D ( c ) . . . E ( m 1 , r 1 ) , . . . , E ( m n , r n ) I { m ′ { m i , r i } i ∈ I , j } j �∈ I Decryption Queries Brett Hemenway and Rafail Ostrovsky

  55. IND-SO-CCA2: Definitions Challenger Adversary c D ( c ) . . . E ( m 1 , r 1 ) , . . . , E ( m n , r n ) I { m ′ { m i , r i } i ∈ I , j } j �∈ I c D ( c ) . . . Output b Brett Hemenway and Rafail Ostrovsky

  56. Lossy Trapdoor Functions [PW08] F I ≈ F ℓ F − 1 F ℓ I F I Injective Mode Lossy Mode Brett Hemenway and Rafail Ostrovsky

  57. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , t ) Brett Hemenway and Rafail Ostrovsky

  58. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Brett Hemenway and Rafail Ostrovsky

  59. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Trapdoor: F − 1 ( t , F ( s , x )) = x Brett Hemenway and Rafail Ostrovsky

  60. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Trapdoor: Lossiness: F − 1 ( t , F ( s , x )) = x | imF ( s , · ) | ≤ 2 r Brett Hemenway and Rafail Ostrovsky

  61. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Trapdoor: Lossiness: F − 1 ( t , F ( s , x )) = x | imF ( s , · ) | ≤ 2 r The first outputs of G LTDF (1 λ , inj ), and G LTDF (1 λ , lossy ) are computationally indistinguishable Brett Hemenway and Rafail Ostrovsky

  62. All-But-One Functions [PW08] G ABO (1 λ , b ∗ ) ( s , t ) Trapdoor: Lossiness: For b � = b ∗ | imF ( s , b ∗ , · ) | ≤ 2 r F − 1 ( t , b , F ( s , b , x )) = x The first outputs of G ABO (1 λ , b 0 ), and G ABO (1 λ , b 1 ) are computationally indistinguishable Brett Hemenway and Rafail Ostrovsky

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang SKLOIS Chinese Academy of Sciences Outline Background Our Results Our Constructions Conclusions 2 Threshold Public Key Encryption

854 views • 32 slides
Efficient Lossy Trapdoor Functions based on Subgroup Membership Assumptions Haiyang Xue, Bao Li,

Efficient Lossy Trapdoor Functions based on Subgroup Membership Assumptions Haiyang Xue, Bao Li,

Efficient Lossy Trapdoor Functions based on Subgroup Membership Assumptions Haiyang Xue, Bao Li, Xianhui Lu, Dingding Jia, Yamin Liu Institute of Information Engineering , Chinese Academy of Sciences 2013.11.21 Xue, Li, Lu, Jia, Liu (IIE)

274 views • 23 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
1 I. Major Budget Assumptions General Assumptions 1. The 2019-20 General Fund Unrestricted

1 I. Major Budget Assumptions General Assumptions 1. The 2019-20 General Fund Unrestricted

1 I. Major Budget Assumptions General Assumptions 1. The 2019-20 General Fund Unrestricted Beginning Fund Balance is projected at approximately $16.9 Million representing an adequate reserve level of 11.67%. 2. The 2019-20 Tentative Budget will

581 views • 14 slides
Authenticated Encryption in TLS Same modelling Poor TLS track record &amp; verification

Authenticated Encryption in TLS Same modelling Poor TLS track record &amp; verification

Authenticated Encryption in TLS Same modelling Poor TLS track record &amp; verification approach - Many implementation flaws - Attacks on weak cryptography concrete security: each lossy step (MD5, SHA1, ) documented by a game and a

514 views • 27 slides
Lossless compression in lossy compression systems Almost every lossy compression system

Lossless compression in lossy compression systems Almost every lossy compression system

Lossless compression in lossy compression systems Almost every lossy compression system contains a lossless compression system Lossy compression system Dequantizer Transform Lossless Lossless Inverse Quantizer Encoder Decoder

771 views • 29 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan Identity-Based Encryption [Sha84, BF03, Coc01] Identity-Based Encryption [Sha84, BF03, Coc01]

1.01k views • 64 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
The Parametric Complexity of Lossy Counter Machines Sylvain Schmitz ICALP , July 12, 2019,

The Parametric Complexity of Lossy Counter Machines Sylvain Schmitz ICALP , July 12, 2019,

Lossy Counter Machines Controlled Sequences Antichain Factorisation Width Function Theorem The Parametric Complexity of Lossy Counter Machines Sylvain Schmitz ICALP , July 12, 2019, Patras 1/15 Lossy Counter Machines Controlled Sequences

1.52k views • 123 slides
RPL- Routing over Low Power and Lossy Networks Michael Richardson Ines Robles IETF 94

RPL- Routing over Low Power and Lossy Networks Michael Richardson Ines Robles IETF 94

RPL- Routing over Low Power and Lossy Networks Michael Richardson Ines Robles IETF 94 Questions to answers today 1. What is a low power/lossy network? How does that relate to IoT? 2. What is RPL and how does it work? 3. Why couldn't we do

1.33k views • 66 slides
Ackermann-Hardness for Lossy Counter Machines (and Reset Petri Nets) Philippe Schnoebelen LSV,

Ackermann-Hardness for Lossy Counter Machines (and Reset Petri Nets) Philippe Schnoebelen LSV,

Ackermann-Hardness for Lossy Counter Machines (and Reset Petri Nets) Philippe Schnoebelen LSV, CNRS &amp; ENS Cachan + Oxford 1-year visitor QM EECSTCS Seminar, London, June 20th 2012 Part I: Lossy counter machines 2/20 C OUNTER M ACHINES

559 views • 20 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and Multi-linear Maps agan 1 and Ferucio Laurent iplea 2 Constantin C at alin Dr iu T 1 CNRS, LORIA, 54506 Vandoeuvre-l` es-Nancy Cedex France

623 views • 18 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
File Types in Bioinformatics 2017-11-28 Martin Dahl martin.dahlo@scilifelab.uu.se Valentin

File Types in Bioinformatics 2017-11-28 Martin Dahl martin.dahlo@scilifelab.uu.se Valentin

File Types in Bioinformatics 2017-11-28 Martin Dahl martin.dahlo@scilifelab.uu.se Valentin Georgiev valentin.georgiev@icm.uu.se Jacques Dainat jacques.dainat@nbis.se http://xkcd.com Overwhelming at first Overview FASTA

736 views • 34 slides
Today The multiplicative weights framework. Experts framework. n experts. Every day, each offers

Today The multiplicative weights framework. Experts framework. n experts. Every day, each offers

Today The multiplicative weights framework. Experts framework. n experts. Every day, each offers a prediction. Rain or Shine. Day 1 Day 2 Day 3 Day T Experts/Multiplicative Weights. Expert 1 Shine Rain Shine

283 views • 5 slides
Learning and Inference to Exploit High Order Poten7als Richard

Learning and Inference to Exploit High Order Poten7als Richard

Learning and Inference to Exploit High Order Poten7als Richard Zemel CVPR Workshop June 20, 2011 Collaborators Danny Tarlow Inmar Givoni Nikola Karamanov Maks Volkovs Hugo Larochelle Framework

623 views • 44 slides
UPDATE ON WANO Zack T. Pate Chairman World Association of Nuclear Operators WANO Mission To

UPDATE ON WANO Zack T. Pate Chairman World Association of Nuclear Operators WANO Mission To

UPDATE ON WANO Zack T. Pate Chairman World Association of Nuclear Operators WANO Mission To maximize the safety and reliability of the operation of nuclear power plants worldwide 2 WANO Organization London Paris Moscow Atlanta Tokyo

341 views • 21 slides
Efficient Wavefield Simulators Based on Krylov Model-Order Reduction Techniques From Resonators

Efficient Wavefield Simulators Based on Krylov Model-Order Reduction Techniques From Resonators

Introduction Basic equations Lanczos algorithms PML Efficient Wavefield Simulators Based on Krylov Model-Order Reduction Techniques From Resonators to Open Domains Rob Remis Delft University of Technology November 3, 2017 ICERM Brown

555 views • 42 slides
t s

t s

t s ss r r

1.71k views • 139 slides
Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo /AIST) *Pronounced as Shu ichi Katsumata (The University of Tokyo /AIST) Shota Yamada Takashi Yamakawa (AIST) (NTT) 1 Post Quantum Cryptography

1.22k views • 86 slides
A Lossy Bosonic Quantum Channel with Non-Markovian Memory O. V. Pilyavets, V. G. Zborovskii and

A Lossy Bosonic Quantum Channel with Non-Markovian Memory O. V. Pilyavets, V. G. Zborovskii and

A Lossy Bosonic Quantum Channel with Non-Markovian Memory O. V. Pilyavets, V. G. Zborovskii and S. Mancini Universit` a di Camerino (Italy) &amp; P. N. Lebedev Physical Institute (Russia) August 30, 2008 Introduction Quantum channels

611 views • 27 slides

More recommend