multi input functional encryption for inner products
play

Multi-Input Functional Encryption for Inner Products: Function-Hiding - PowerPoint PPT Presentation

Feb 08, 2024 •233 likes •552 views

Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings Michel Abdalla Dario Catalano Dario Fiore Romain Gay Bogdan Ursu August 21, 2018 August 21, 2018 1 / 30 Motivation - Spam

  1. Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings Michel Abdalla Dario Catalano Dario Fiore Romain Gay Bogdan Ursu August 21, 2018 August 21, 2018 1 / 30

  2. Motivation - Spam Server C Spam(M) Dec Encrypted sk Spam C email Server Spam(M)=True? Spam folder Functional Encryption Motivation August 21, 2018 2 / 30

  3. Beyond Public Key Encryption Public key encryption [Diffie, Hellman 76] Functional encryption [Boneh, Sahai, Waters 11] Enc(pk , M ) Enc(mpk , M ) sk f sk Dec M Dec f ( M ) Functional Encryption Beyond Public Key Encryption August 21, 2018 3 / 30

  4. Functional Encryption Setup: Generates mpk , msk Functional encryption [Boneh, Sahai, Waters 11] Enc(mpk , M ) mpk KeyGen(msk , · ) Master Authority sk f f sk f Dec f ( M ) C ( M ) f ( M ) sk f Alice Bob Functional Encryption Setting August 21, 2018 4 / 30

  5. Multi-Input Functional Encryption Functional encryption Enc(mpk , M ) sk f f ( M ) Multi-input functional encryption Dec [Goldwasser, Gordon, Goyal, Jain, Katz, Liu, Sahai, Shi, Zhou 14] Enc(mpk , M 1 ) Enc(mpk , M n ) . . . n inputs sk f f ( M 1 . . . M n ) Dec Independent ciphertexts Multi-Input Multi-Input Setting August 21, 2018 5 / 30

  6. Inner-Product Functional Encryption f y ( · ) = �· , y � f y 1 � ... � y n ( · , . . . , · ) = � x 1 � . . . � x n , y 1 � . . . � y n � Inner-Product Multi-input Inner-Product Functional encryption Enc(mpk , x 1 ) Enc(mpk , x n ) Enc(mpk , x ) . . . n inputs sk y 1 ... y n � x 1 � . . . � x n , y 1 � . . . � y n � Dec sk y � x , y � Dec Independent ciphertexts Multi-Input Multi-Input Setting August 21, 2018 6 / 30

  7. Previous Work Multi-input scheme Classes of functions Assumptions [GGG + 14, BLR + 15, BGJS15] General functions IO, Multilinear maps, ... [AJ15, BKS16] FH [AGRW17] Inner products, poly inputs SXDH in Pairing Groups Inner products [DOT18] FH SXDH in Pairing Groups unbounded poly inputs FH - function hiding Multi-Input Previous work August 21, 2018 7 / 30

  8. Previous Work + Our Contribution Multi-input scheme Classes of functions Assumptions [GGG + 14, BLR + 15, BGJS15] General functions IO, Multilinear maps, ... [AJ15, BKS16] FH [AGRW17] Inner products, poly inputs SXDH in Pairing Groups Inner products [DOT18] FH SXDH in Pairing Groups unbounded poly inputs This work Inner products, poly inputs DDH, DCR or LWE This work FH Inner products, poly inputs SXDH in Pairing Groups FH - function hiding Multi-Input Our contribution August 21, 2018 8 / 30

  9. Previous Work + Our Contribution Multi-input scheme Classes of functions Assumptions [GGG + 14, BLR + 15, BGJS15] General functions IO, Multilinear maps, ... [AJ15, BKS16] FH [AGRW17] Inner products, poly inputs SXDH in Pairing Groups Inner products [DOT18] FH SXDH in Pairing Groups unbounded poly inputs This work Inner products, poly inputs DDH, DCR or LWE This work FH Inner products, poly inputs SXDH in Pairing Groups FH - function hiding Multi-Input Our contribution August 21, 2018 9 / 30

  10. Security Goal Security goal Enc(mpk , x ) sk y Leaks only � x , y � , y , | x | Multi-Input Security August 21, 2018 10 / 30

  11. Security of Multi-Input Functional Encryption Security goal Enc(mpk , x 1 ) . . . Enc(mpk , x n ) sk y 1 � ... � y n Leaks only � x 1 � . . . � x n , y 1 � . . . � y n � , y 1 � . . . � y n , {| x i |} Multi-Input Security Goal August 21, 2018 11 / 30

  12. Security of Multi-Input Functional Encryption Security goal Enc(mpk , x 1 ) . . . Enc(mpk , x n ) sk y 1 � ... � y n Leaks only � x 1 � . . . � x n , y 1 � . . . � y n � , y 1 � . . . � y n , {| x i |} Leakage is more complex! Multi-Input Security Goal August 21, 2018 12 / 30

  13. Multi-Input Inner-Product Encryption sk y 1 � ... � y n Can compute � x 1 � . . . � x n , y 1 � . . . � y n � Enc(msk , x 1 ) Enc(msk , x n ) Independent ciphertexts - fresh randomness . . . Multi-Input Model August 21, 2018 13 / 30

  14. Multi-Input Inner-Product Encryption sk y 1 � ... � y n Can compute � x 1 � . . . � x n , y 1 � . . . � y n � Enc(msk , x 1 ) Enc(msk , x n ) But nothing more about � x i , y i � . . . Multi-Input Model August 21, 2018 14 / 30

  15. Public Key - Symmetric Key sk y 1 � ... � y n Can compute � x 1 � . . . � x n , y 1 � . . . � y n � But nothing more about � x i , y i � Public key, encrypt 0 Enc(msk , x 1 ) Enc(msk , x n ) . . . � 0 . . . 0 � x i � 0 . . . 0 , y 1 � . . . � y n � = � x i , y i � Multi-Input Public Key Setting August 21, 2018 15 / 30

  16. Mixing Ciphertexts Can compute: � x 1 � x 2 , y 1 � y 2 � sk y 1 � y 2 � x ′ 1 � x 2 , y 1 � y 2 � � x 1 � x ′ 2 , y 1 � y 2 � � x ′ 1 � x ′ 2 , y 1 � y 2 � Enc(msk , x 1 ) Enc(msk , x 2 ) Example for n = 2 Enc(msk , x ′ Enc(msk , x ′ 1 ) 2 ) Difficulty: Allow ciphertext mixing but not key mixing!!!. Multi-Input Mixing Ciphertexts August 21, 2018 16 / 30

  17. Multi-Input Inner-Product - Security Adversary Challenger y 1 � . . . � y n KeyGen sk y 1 � ... � y n x i , i Enc Enc(msk , i , x i ) Adversary only learns � x 1 � . . . � x n , y 1 � . . . � y n � for all queried ( x i , i ) and all queried y 1 � . . . � y n . Multi-Input Security August 21, 2018 17 / 30

  18. Construction without Pairings Roadmap 1 One ciphertext, one input 2 One ciphertext, many inputs 3 Many ciphertexts, one input 4 Many ciphertexts, many inputs Symmetric setting one ciphertext ✘✘ = ⇒ many ciphertexts ❳❳ ✘ ❳ Multi-Input Pairing-Free Construction August 21, 2018 18 / 30

  19. 1 One ciphertext, one input 1 One ciphertext, one input msk = u ∈ Z m q Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y Multi-Input Pairing-Free Construction August 21, 2018 19 / 30

  20. 1 One ciphertext, one input 1 One ciphertext, one input Decrypt with sk y : ✟ ✟ � x + u , y � − � u , y � = � x , y � + ✟✟ � u , y � − ✟✟ � u , y � msk = u ∈ Z m q Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y Multi-Input Pairing-Free Construction August 21, 2018 20 / 30

  21. 1 One ciphertext, one input 1 One ciphertext, one input Decrypt with sk y : ✟ ✟ � x + u , y � − � u , y � = � x , y � + ✟✟ � u , y � − ✟✟ � u , y � Security: msk = u ∈ Z m q ( x + u , � u , y � , y ) ≡ ( w , � w , y � − � x , y � , y ) Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y Goal: only leakage on x is � x , y � . � Multi-Input Pairing-Free Construction August 21, 2018 21 / 30

  22. 2 One ciphertext, many inputs 1 One ciphertext, one input 2 One ciphertext, many inputs msk = u 1 . . . u n ∈ Z n × m msk = u ∈ Z m q q Enc 1 (msk , x ) = x + u ∈ Z m Enc 2 (msk , i , x i ) = x i + u i ∈ Z m q q KeyGen 2 (msk , y 1 . . . y n ) = � n KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y i =1 � u i , y i � ∈ Z q , y 1 . . . y n Multi-Input Pairing-Free Construction August 21, 2018 22 / 30

  23. 2 One ciphertext, many inputs 1 One ciphertext, one input 2 One ciphertext, many inputs msk = u ∈ Z m msk = u 1 . . . u n ∈ Z n × m q q Enc 1 (msk , x ) = x + u ∈ Z m Enc 2 (msk , i , x i ) = x i + u i ∈ Z m q q KeyGen 2 (msk , y 1 . . . y n ) = � n KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y i =1 � u i , y i � ∈ Z q , y 1 . . . y n Dec: � n i =1 � x i + u i , y i � − � n i =1 � u i , y i � = � x 1 . . . x n , y 1 , . . . y n � Multi-Input Pairing-Free Construction August 21, 2018 23 / 30

  24. 3 Many ciphertexts, one input 1 One ciphertext, one input 3 Many ciphertexts, one input [ABDP15] msk = u ∈ Z m msk = v ∈ Z m q q Enc 3 (msk , x ) = g r , g x + r v ∈ G m +1 Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y KeyGen 3 (msk , y ) = � v , y � ∈ Z q , y G prime group of order q Using [ALS16], this step can also be based on LWE or DCR. Multi-Input Pairing-Free Construction August 21, 2018 24 / 30

  25. Construction without Pairings 1 One ciphertext, one input msk = u Enc 1 (msk , x ) = x + u KeyGen 1 (msk , y ) = � u , y � , y 2 One ciphertext, many inputs 3 Many ciphertexts, one input msk = u 1 . . . u n msk = v Enc 2 (msk , i , x i ) = x i + u i Enc 3 (msk , x ) = g r , g x + r v ∈ G m +1 KeyGen 2 (msk , y 1 . . . y n ) = KeyGen 3 (msk , y ) = � v , y � , y � n i =1 � u i , y i � , y 1 . . . y n 4 Many ciphertexts, many inputs msk = u i , v i Enc 4 (msk , i , x ) = Enc 3 (Enc 2 (msk , i , x i )) KeyGen 4 (msk , y 1 . . . y n ) = � n i =1 � u i , y i � , KeyGen 3 ( y i ) Multi-Input Pairing-Free Construction August 21, 2018 25 / 30

  26. Our Construction Without Pairings Pairing-free construction removed bilinear groups adaptive security support larger messages efficient schemes (linearly-sized ciphertexts and decryption keys) instantiations from DDH, LWE or DCR. polynomial number of slots Multi-Input Pairing-Free Construction August 21, 2018 26 / 30

  27. Function-Hiding Scheme Security goal sk y Enc(mpk , x ) New multi-input function-hiding scheme for the inner product � Adaptively secure Leaks only poly-many inputs � x , y � , | x | , y Multi-Input Function-Hiding August 21, 2018 27 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Multi-input Inner-Product Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana Raykova, Yale University Hoeteck Wee, CNRS and ENS Functional Encryption [Boneh, Sahai, Waters 11] m Alice Functional

585 views • 40 slides
Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de

Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de

Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de Kamp David Stritzl Willem Jonker Andreas Peter ACISP 2019 Functional Encryption for Set Operations n evaluate i = 1 S i S 1 S 2 S n

707 views • 32 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional Encryption f g h KeyGen PK SK SK f PK f(x) Dec SK g x g(x) Enc Dec Ciphertext SK h h(x) Dec Index-Payload Functions Message x=(

166 views • 13 slides
Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical

930 views • 65 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse, Angelo De Caro, and David Pointcheval ENS, CNRS, INRIA, and PSL, 45 Rue dUlm, 75230 Paris Cedex 05, France {

535 views • 19 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Overview of the results The Framework Work in progress Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De Caro, and David Pointcheval Ecole normale sup erieure, CNRS, INRIA, PSL, Paris,

866 views • 71 slides
Robust Transforming Combiners from iO to Functional Encryption Prabhanjan Ananth Aayush Jain

Robust Transforming Combiners from iO to Functional Encryption Prabhanjan Ananth Aayush Jain

Robust Transforming Combiners from iO to Functional Encryption Prabhanjan Ananth Aayush Jain Amit Sahai Since 2013 Two-Round (Adaptive) Multi-Party Computation Instantiating Random Oracles Non-Interactive Multi-party Key

1.33k views • 111 slides
Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David Pointcheval Ecole Normale Sup erieure INRIA June 6, 2019 Table of Contents Background Functional Encryption ABDP Applications of Inner

970 views • 51 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research Weizmann Institute Silicon Valley Probabilistic Encryption Enc Semantic Security [GM82]: No

341 views • 14 slides
Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov Gil Segev Hebrew University This Talk A framework for proving impossibility results for commonly-used non-black-box techniques Limits on

596 views • 22 slides
The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State

The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State

The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State University UC Santa Barbara EUROCRYPT 2017 May 3, 2017 1 Double Encryption Single Encryption: trivial E J key-recovery in O(2 k ) time. Double

1.25k views • 51 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
MULTI-AGENT NAVIGATION BACK TO THE BEGINNING A* ALGORITHM - REVISITED Nodes are in one of

MULTI-AGENT NAVIGATION BACK TO THE BEGINNING A* ALGORITHM - REVISITED Nodes are in one of

MULTI-AGENT NAVIGATION BACK TO THE BEGINNING A* ALGORITHM - REVISITED Nodes are in one of three states Visited Popped from the queue Queued Placed in the queue because a neighbor was visited Unexplored Hasnt been

822 views • 42 slides
Chapter 4 Welfare economics and the environment Introduc4on

Chapter 4 Welfare economics and the environment Introduc4on

Chapter 4 Welfare economics and the environment Introduc4on When economists consider policy ques6ons rela6ng to the environment they draw upon the basic

850 views • 56 slides
Budgeted Reinforcement Learning in Continuous State Space Nicolas Carrara 1 , Edouard Leurent 1,2

Budgeted Reinforcement Learning in Continuous State Space Nicolas Carrara 1 , Edouard Leurent 1,2

Budgeted Reinforcement Learning in Continuous State Space Nicolas Carrara 1 , Edouard Leurent 1,2 , Tanguy Urvoy 3 , Romain Laroche 4 , Odalric Maillard 1 , Olivier Pietquin 1,5 1 Inria SequeL, 2 Renault Group, 3 Orange Labs, 4 Microsoft Montr

959 views • 64 slides
Efficient and Fair Paid Peering Constantine Dovrolis School of Computer Science Georgia

Efficient and Fair Paid Peering Constantine Dovrolis School of Computer Science Georgia

Efficient and Fair Paid Peering Constantine Dovrolis School of Computer Science Georgia Institute of Technology WIE workshop @ CAIDA December 2018 1 Collaborators & funding sources Michael Schapira, Hebrew Univ. of Jerusalem Doron

391 views • 13 slides
Community Detection by Decomposing a Graph into Relaxed Cliques Fabio Furini, Timo Gschwind,

Community Detection by Decomposing a Graph into Relaxed Cliques Fabio Furini, Timo Gschwind,

General context Relaxed Clique Definitions Unified Branch-and-Price Framework Computational Results Community Detection by Decomposing a Graph into Relaxed Cliques Fabio Furini, Timo Gschwind, Stefan Irnich, Roberto Wolfler Calvo LAMSADE,

667 views • 48 slides
When computational monads go clubbing Category Theory 2017 Vancouver 1. Crash course in

When computational monads go clubbing Category Theory 2017 Vancouver 1. Crash course in

Pierre Cagne for Kan Extension Seminar II Universit Paris Diderot When computational monads go clubbing Category Theory 2017 Vancouver 1. Crash course in computational monads 2. Clubs 3. Strong monads 4. Computational monads as clubs

622 views • 40 slides
Supplemental Information Fourth-Quarter 2013 Earnings Call Market & Financial Overview

Supplemental Information Fourth-Quarter 2013 Earnings Call Market & Financial Overview

Supplemental Information Fourth-Quarter 2013 Earnings Call Market & Financial Overview 2013 Q4 and FY Capital Markets & Leasing Markets Volumes 2013 Investment Volume Strength Continued Q4 2013 v. Q4 2012 FY 2013 v. FY 2012 Market

489 views • 26 slides
2013 LLVM Developers Meeting November 6-7, 2013 Tanya Lattner Overview ~250 attendees

2013 LLVM Developers Meeting November 6-7, 2013 Tanya Lattner Overview ~250 attendees

2013 LLVM Developers Meeting November 6-7, 2013 Tanya Lattner Overview ~250 attendees Yesterday was Hackers Lab and Hackers Social Full day of talks, BOFs, posters Evening social tonight (6:30-9:30, City Club) Agenda

344 views • 7 slides

More recommend