mohammad mahmoody rafael pass modern cryptography and one
play

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way - PowerPoint PPT Presentation

Dec 02, 2023 •432 likes •686 views

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern Cryptography is based on computational assumptions. [Shannon 1950s] easy OWFs, a central player: f {0,1} n {0,1} n Easy to compute f(x) Hard to find x

  1. + Mohammad Mahmoody Rafael Pass

  2. + Modern Cryptography and One-Way Functions  Modern Cryptography is based on computational assumptions. [Shannon 1950s] easy  OWFs, a central player: f {0,1} n {0,1} n Easy to compute f(x) Hard to find x 2 f -1 (U n ) hard 1 . Almost all crypto “needs” one -way-ness [Impaliazzo- Luby’ 89] 2. We can do great things with it (Encryption, Signatures, etc).

  3. + A Success Story: OWF vs OWP easy  One-Way Permutation f: f f is OWF + it is a permutation {0,1} n {0,1} n (e.g. discrete logarithm). hard  Success Story : To do something: 1) Build it using one-way Permutations. 2) Get rid of the structure: use injective, then regular, then…. Eventually use any one-way function!  Examples : Pseudorandom Generators [BM82, Yao82, Lev87, GKL93, GL89, HILL99] Statistical Zero Knowledge [BCC88, GMR88, BCY91, NOVY98, GK96, DPP98, HHKKMS05, NOV06, HR07, HNORV07, HRVW09] Signatures, etc.  Interestingly: we know OWF  OWP [BI87, HH87, Tar87, Rud88]

  4. + Question 1: Can we always use OWFs instead of OWPs in Natural Cryptographic Tasks? Is there any natural task Q such that OWP  Q but OWF  Q ? Black-Box Separation

  5. + Black-Box Constructions (Separation: No Const. Exists) Primitive Primitive Task Task Black-Box Non -Black-Box Black-Box Constructions  The (perhaps inefficient) primitive is used only as an “oracle”.  Captures most known techniques  Usually more efficient  Can incorporate “physical” implementations and attacks

  6. + Another Success Story (from Non-Black-Box to Black-Box) Primitive Primitive By the time... Task Task Non-Black-Box Black-Box  For many Cryptographic Constructions : Start from a non-black-box const.  make it black-box. [HIKLP’ 11 , CDSMW’ 09 , WeePass’ 08 ,Wee’ 10 ,Goyal’ 10 ,…]  Our Focus: Implementation (not the security reduction) Different from setting of [GK’ 90] vs [Barak’ 05].

  7. + Question 2: Can we always make non-black- box implementations black-box? Any natural task Q and assumption A known that: A  Q black-box but A  Q non-black-box

  8. + Our Results  NIC = Non-Interactive Commitments 1) OWP  NIC but OWF  NIC 2) There is a crypto assumption A such that: NIC can be based on A using a non -black-box NIC can not use A only as a black-box.

  9. + (Non-Interactive) Commitments  digital analogue of a vault: b b bit: b Commit Receiver Sender rand rand = password Decommit • Hiding : Receiver can’t guess bit b in commit phase. • Binding : Sender can’t decommit to both 0 and 1 in decommit phase. • Non-Interactive : Commit without interaction with receiver. • Application : ZK, coin tossing, publicly verifiable secret predictions, etc… • Blum- Micali’ 81 + Yao’ 82 : One-Way Permutations  NIC

  10. + Plan  Black-Box Separation of NIC from OWF  An inherently non-black-box assumption for NIC  Extensions and Open Questions

  11. + Plan  Black-Box Separation of NIC from OWF  An inherently non-black-box assumption for NIC  Extensions and Open Questions

  12. + A General Technique for Separation from OWF [IR’86]  To get Black-Box Separation: 1. Use Random Oracle instead of OWF in construction of NIC 2. Break NIC with poly(n) queries to Random Oracle.  Why it works? Such attack against NIC + Security Reduction for NIC:  invert Random Oracle with poly(n) queries (impossible).

  13. + Applying the General Technique?  Hope: “break’’ any NIC with ``few queries’’ in the random oracle model.  But: relative to RO injective OWFs exist ! (still sufficient for NIC).  We will use a partially-fixed random oracles O: Fixed (with collisions) on poly(n) points, random elsewhere.

  14. + High Level of Proof  Theorem There is no black-box construction of NICs from OWFs  Proof : Either of the following holds: 1) Receiver can guess b in Rand Oracle by poly(n) queries. (Learn queries “likely” asked by Sender, then guess b). 2) If the cheating Receiver FAILS: Sender can decommit into b = 0 and 1 using a partially-fixed Random Oracle (fixed on poly(n) points, random elsewhere).

  15. + Cheating Sender’s Partially-Fixed Random Oracle Fixed Parts based on $$$$$$$$$$$ Receiver fail $$$$$$$$$$ to cheat $$$ $$$ Commit to 0 Commit to 1 Oracle fixed only over poly(n) points and random elsewhere. So the oracle is strongly one-way. Yet, the sender can open the commitment C into both 0 and 1 consistent with the oracle.

  16. + Theorem [this work] There is no black-box construction of NIC from OWFs. Answers our first question: OWP is indeed more useful than OWF to get NIC.

  17. + Plan  Black-Box Separation of NIC from OWF  An inherently non-black-box assumption for NIC  Extensions and Open Questions

  18. + Black-Box vs Non-Black-Box Use of OWF – a Conditional Separation Theorem [this work] There is no black-box construction of NIC from OWFs. Theorem [BOV’ 05] . Assuming certain (believable) circuit lower bounds: There is a non -black-box construction of NIC from OWFs (derandomize Naor’s two-message protocol). Conclusion: Assuming the same circuit lower bounds: NIC can be based on OWFs only by non-black-box construction.

  19. + Black-Box vs Non-Black-Box Use of OWF – Unconditional Separation ? Theorem [this work] There is no black-box construction of NIC from OWFs. even if it is a “ hitting ” OWF. Theorem [ implicit in BOV ’ 05] . There is a non -black-box construction of NIC from hitting OWFs (no circuit lower-bound assumption!) Conclusion : NIC can be based on Hitting OWFs only through a non-black-box construction.

  20. + Hitting Functions f is Hitting if {f(1),f(2),…f(n 2 )} intersects “accepting inputs” of all poly(n)-sized non-deterministic circuits that accept most of their input. Easy to show: Random Oracle is hitting with high probability. How about our partially fixed random oracle? Fixed Parts based on $$$$$$$$$$$ Receiver fail $$$$$$$$$$ to cheat $$$ $$$ Commit to 0 Commit to 1 Need technical tools: new concentration bounds using anti-concentration.

  21. + Plan  Black-Box Separation of NIC from OWF  An inherently non-black-box assumption for NIC  Extensions and Open Questions

  22. + 3-Message Zero-Knowledge Proofs  NIC used for 3-message Honest-Verifier Zero-Knowledge  Theorem. Use OWF as a black-box to get “certain” 3 -message HVZK for NP  NP is “checkable” [BK’89 ] Same barrier as in [H M X10, M X10,GWXY10]  Idea: Construct a proof system for co-NP with prover in BPP NP

  23. + Open Questions  Prove that NP is checkable based on any black-box construction of 3-message HVZK for NP from OWFs.  Other natural pairs of cryptographic primitives that inherently require non-black-box constructions?

  24. + Thank You !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Special Topics in Cryptography Mohammad Mahmoody Logistics Most submitted PS3. If you have

Special Topics in Cryptography Mohammad Mahmoody Logistics Most submitted PS3. If you have

Special Topics in Cryptography Mohammad Mahmoody Logistics Most submitted PS3. If you have not you will get delay, but email it to me ASAP. Deadline for project reports/drafts + slides : This Thursday 5pm. There will be a collab post for

348 views • 19 slides
Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational

Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational

Special Topics in Cryptography Mohammad Mahmoody Last time Secrecy based on (unproven) computational assumptions Pseudorandom generators How to encrypt longer messages in an ind-secure way using a PRG Today How to make PRGs

501 views • 16 slides
Special Topics in Cryptography Mohammad Mahmoody Last time How to combine CPA security +

Special Topics in Cryptography Mohammad Mahmoody Last time How to combine CPA security +

Special Topics in Cryptography Mohammad Mahmoody Last time How to combine CPA security + MACS: Security against active attacks CCA secure private-key encryption Today Public-key encryption and key-agreement RSA (PKE) and

358 views • 14 slides
Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Symmetric cryptography DES 3DES AES Asymmetric cryptography Diffie-Hellman key exchange 2 Modern cryptography Moving into

338 views • 16 slides
Ho Far Can Robust Learning Go? Mohammad Mahmoody based on joint works from NeurIPS-18, AAAI-19,

Ho Far Can Robust Learning Go? Mohammad Mahmoody based on joint works from NeurIPS-18, AAAI-19,

Ho Far Can Robust Learning Go? Mohammad Mahmoody based on joint works from NeurIPS-18, AAAI-19, ALT-19 with Dimitrios Diochnos Saeed Mahloujifar 1 2 Success of Machine Learning Machine learning (ML) has changed our lives Health

669 views • 32 slides
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography

Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Overview Modern cryptography Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital signing Public

682 views • 26 slides
Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The

Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The

Analysis and Design of Blockchains Rafael Pass Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The Permissioned Model Consistency Liveness Paxos/PBFT Traditional distributed systems: The

757 views • 53 slides
In the Random Oracle Model Mohammad Mahmoody, Tal Moran , Salil Vadhan Time-Lock Puzzles

In the Random Oracle Model Mohammad Mahmoody, Tal Moran , Salil Vadhan Time-Lock Puzzles

Time-Lock Puzzles In the Random Oracle Model Mohammad Mahmoody, Tal Moran , Salil Vadhan Time-Lock Puzzles Sending an encrypted message to the future shouldnt be revealed before some future date no safe storage for secrets

318 views • 14 slides
Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but

Cryptography Modern cryptography was born in 1970s when computationally easy-to-verify but hard-to-solve problems were discovered. Computational Complexity, by Fu Yuxi Cryptography 1 / 75 Cryptography is closely related to some

785 views • 76 slides
Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed Multi-Party Learning Distributions Data Providers 1 1 Model Multi-Party Learning (Round j) Distributions

540 views • 20 slides
Cryptography MELISSA CHASE, MSR Modern Cryptography the scientific study of techniques for

Cryptography MELISSA CHASE, MSR Modern Cryptography the scientific study of techniques for

Cryptography MELISSA CHASE, MSR Modern Cryptography the scientific study of techniques for securing digital information, transactions, and distributed computations Katz and Lindell 07 Authentication Verifiable elections

351 views • 20 slides
Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi IC3 1 Blockchains Satoshi Nakamoto, 2009 Public database Shared & maintained between network participants Blockchain agreement protocol

296 views • 15 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 15ws 1 / 72 Outline Cryptography

903 views • 88 slides
iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr

iLab Modern cryptography for communications security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Cryptography 14ss 1 Outline Cryptography

780 views • 54 slides
Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Related textbooks Main reference: Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography Chapman & Hall/CRC, 2nd ed., 2014 Further reading: Markus Kuhn Christof Paar, Jan Pelzl: Understanding

794 views • 27 slides
Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019

Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019

Security on the Line: Modern Curve-based Cryptography Joost Renes SCA Workshop 18 June 2019 Modern curve-based cryptography Modern curve-based cryptography 1 / 11 Modern curve-based cryptography Internet of Things Size & speed

1.39k views • 97 slides
Statistical Modelling Helen Ogden & Antony Overstall University of Southampton c 2019

Statistical Modelling Helen Ogden & Antony Overstall University of Southampton c 2019

Statistical Modelling Helen Ogden & Antony Overstall University of Southampton c 2019 (Chapters 12 closely based on original notes by Anthony Davison, Jon Forster & Dave Woods) APTS: Statistical Modelling April 2019 slide 0

1.03k views • 59 slides
XDP - challenges and future work Jesper Dangaard Brouer (Red Hat) Toke Hiland-Jrgensen

XDP - challenges and future work Jesper Dangaard Brouer (Red Hat) Toke Hiland-Jrgensen

XDP - challenges and future work Jesper Dangaard Brouer (Red Hat) Toke Hiland-Jrgensen (Karlstad University) LPC Networking Track Vancouver, Nov 2018 1 Outline Introduce scientific XDP paper Lots of XDP activity

426 views • 28 slides
HyperLoop: NIC Offloaded Primitives to Accelerate Replicated Transactions in Multi-tenant Storage

HyperLoop: NIC Offloaded Primitives to Accelerate Replicated Transactions in Multi-tenant Storage

HyperLoop: NIC Offloaded Primitives to Accelerate Replicated Transactions in Multi-tenant Storage Systems Daehyeok Kim Amirsaman Memaripour, Anirudh Badam, Yibo Zhu, Hongqiang Harry Liu Jitendra Padhye, Shachar Raindel, Steven Swanson, Vyas

463 views • 20 slides
HARROGATE TOWN MEETING Managing Phorid Flies Wednesday, March 23, 2016 Meeting Purpose Continue

HARROGATE TOWN MEETING Managing Phorid Flies Wednesday, March 23, 2016 Meeting Purpose Continue

HARROGATE TOWN MEETING Managing Phorid Flies Wednesday, March 23, 2016 Meeting Purpose Continue the process of educating ourselves regarding phorid flies and managing them as a community in a reasonable, timely, and cost-effective manner 1

968 views • 24 slides
Should We Defy Amdahls Law (or DALs motivations) Andr Seznec Andr Seznec INRIA/IRISA

Should We Defy Amdahls Law (or DALs motivations) Andr Seznec Andr Seznec INRIA/IRISA

1 Should We Defy Amdahls Law (or DALs motivations) Andr Seznec Andr Seznec INRIA/IRISA 2 DAL: Defying Amdahls Law ERC advanced grant to A. Seznec (2011-2016) DAL objective: Given that Amdahls Law is Forever

547 views • 25 slides
Books Promote Brands Promote Bili Bilingual Lit Literacy NICHE: multicultural marketing +

Books Promote Brands Promote Bili Bilingual Lit Literacy NICHE: multicultural marketing +

Books Promote Brands Promote Bili Bilingual Lit Literacy NICHE: multicultural marketing + #LatinoLit + educational needs for our STEM & success stories Graciela Tiscareo-Sato Gracefully Global Group LLC www.GracefullyGlobal.com

303 views • 14 slides
Practical Takeaways for a Healthy European Cyber Market Sponsored By: 1 Practical Takeaways for

Practical Takeaways for a Healthy European Cyber Market Sponsored By: 1 Practical Takeaways for

Practical Takeaways for a Healthy European Cyber Market Sponsored By: 1 Practical Takeaways for a Healthy European Cyber Market www.cyberrisknetwork.com www.advisenltd.com Recording of todays webinar Copy of these slides 2

541 views • 22 slides
NLP Interchange Format (NIF) http://nlp2rdf.org Sebastian Hellmann AKSW, Universitt Leipzig

NLP Interchange Format (NIF) http://nlp2rdf.org Sebastian Hellmann AKSW, Universitt Leipzig

Creating Knowledge out of Interlinked Data MultilingualWeb 2011/09/21 Limerick Page 1 http://lod2.eu NLP Interchange Format (NIF) http://nlp2rdf.org Sebastian Hellmann AKSW, Universitt Leipzig LOD2 Presentation .

491 views • 20 slides

More recommend