new and improved key homomorphic pseudorandom functions
play

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek - PowerPoint PPT Presentation

Aug 14, 2022 •400 likes •886 views

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1 Georgia Institute of Technology CRYPTO 14 19 August 2014 Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security

  1. New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1 Georgia Institute of Technology CRYPTO ’14 19 August 2014

  2. Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security (Idea) 3 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 1 / 11

  3. Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security (Idea) 3 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 1 / 11

  4. Pseudorandom Functions [GGM’84] A family of functions F = { F s : { 0 , 1 } k → B } such that, given adaptive query access, c F s ← F Random U ≈ ✻ ✻ ❄ ❄ x i x i F s ( x i ) U ( x i ) ?? Lots of applications in symmetric key cryptography: encryption, message authentication, friend or foe identification, . . . (Thanks to Seth MacFarlane for the adversary) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 2 / 11

  5. Cooking a (Provably Secure) PRF 1 Goldreich-Goldwasser-Micali [GGM’84] Based on any (doubling) PRG: F s ( x 1 , . . . , x k ) = G x k ( · · · ( G x 1 ( s )) · · · ) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 3 / 11

  6. Cooking a (Provably Secure) PRF 1 Goldreich-Goldwasser-Micali [GGM’84] Based on any (doubling) PRG: F s ( x 1 , . . . , x k ) = G x k ( · · · ( G x 1 ( s )) · · · ) 2 Number-theoretic direct constructions [NR’97, NRR’00] Framework: exponentiate to a product of (secret) exponents Security from number-theoretic assumptions (DDH, factoring, . . . ) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 3 / 11

  7. Cooking a (Provably Secure) PRF 1 Goldreich-Goldwasser-Micali [GGM’84] Based on any (doubling) PRG: F s ( x 1 , . . . , x k ) = G x k ( · · · ( G x 1 ( s )) · · · ) 2 Number-theoretic direct constructions [NR’97, NRR’00] Framework: exponentiate to a product of (secret) exponents Security from number-theoretic assumptions (DDH, factoring, . . . ) 3 Lattice-based direct constructions [BPR’12] Framework: round a product of (secret) matrices/ring elements Security from lattice assumptions (LWE, worst-case lattice problems) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 3 / 11

  8. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  9. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, 1 DDH-based construction [NPR’99] Security in the random oracle model Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  10. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  11. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Main drawback: has huge parameters, keys, and runtimes Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  12. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Main drawback: has huge parameters, keys, and runtimes [BPR’12] also gives (non-KH) PRFs having much better parameters, with slightly worse (still polylog) depth Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  13. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Main drawback: has huge parameters, keys, and runtimes [BPR’12] also gives (non-KH) PRFs having much better parameters, with slightly worse (still polylog) depth Can we obtain similar tradeoffs for KH-PRFs? Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  14. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  15. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Reference Key Pub Params Time/Bit λ 3 [ λ 3 ] λ 6 [ λ 4 ] λ 5 [ λ 3 ] [BLMR’13] λ 2 [ λ ] λ ω [ λ ] This work λ [ λ ] Figure : For input length λ with 2 λ security under standard assumptions. Log factors omitted. Ring-based constructions appear in [brackets]. Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  16. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Reference Key Pub Params Time/Bit λ 3 [ λ 3 ] λ 6 [ λ 4 ] λ 5 [ λ 3 ] [BLMR’13] λ 2 [ λ ] λ ω [ λ ] This work λ [ λ ] Figure : For input length λ with 2 λ security under standard assumptions. Log factors omitted. Ring-based constructions appear in [brackets]. ⋆ New proof technique that may be useful elsewhere Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  17. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Reference Key Pub Params Time/Bit λ 3 [ λ 3 ] λ 6 [ λ 4 ] λ 5 [ λ 3 ] [BLMR’13] λ 2 [ λ ] λ ω [ λ ] This work λ [ λ ] Figure : For input length λ with 2 λ security under standard assumptions. Log factors omitted. Ring-based constructions appear in [brackets]. ⋆ New proof technique that may be useful elsewhere Full version: http://eprint.iacr.org/2014/074 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  18. Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security (Idea) 3 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  19. Boneh et al. KH-PRF Construction [BLMR’13] Secret key s ∈ Z n q , pub params B 0 , B 1 ∈ { 0 , 1 } n × n , input x ∈ { 0 , 1 } k � � k � F s ( x ) = s · B x i i =1 p Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 6 / 11

  20. Boneh et al. KH-PRF Construction [BLMR’13] Secret key s ∈ Z n q , pub params B 0 , B 1 ∈ { 0 , 1 } n × n , input x ∈ { 0 , 1 } k 1 � � k � F s ( x ) = s · B x i 0 i =1 p 2 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 6 / 11

  21. Boneh et al. KH-PRF Construction [BLMR’13] Secret key s ∈ Z n q , pub params B 0 , B 1 ∈ { 0 , 1 } n × n , input x ∈ { 0 , 1 } k 1 � � k � F s ( x ) = s · B x i 0 i =1 p 2 “Somewhat key-homomorphic:” F s ( x ) + F t ( x ) ∈ F s + t ( x ) + { 0 , ± 1 } n Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 6 / 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pseudorandom Generators from Regular One-way Functions: New Constructions with Improved Parameters

Pseudorandom Generators from Regular One-way Functions: New Constructions with Improved Parameters

Pseudorandom Generators from Regular One-way Functions: New Constructions with Improved Parameters Yu Yu Joint work with Xiangxue Li and Jian Weng Asiacrypt 2013 One-way Functions One-way functions are an ensemble of functions ( ) n l

214 views • 20 slides
An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel Abdalla, Fabrice Benhamouda, Alain Passelgue Pseudorandom functions [GGM86] - efficiently computable function : -

1.01k views • 56 slides
Pseudorandom Functions and Lattices Abhishek Banerjee 1 Chris Peikert 1 Alon Rosen 2 1 Georgia Tech

Pseudorandom Functions and Lattices Abhishek Banerjee 1 Chris Peikert 1 Alon Rosen 2 1 Georgia Tech

Pseudorandom Functions and Lattices Abhishek Banerjee 1 Chris Peikert 1 Alon Rosen 2 1 Georgia Tech 2 IDC Herzliya Faces of Modern Cryptography 9 September 2011 1 / 14 2 / 14 Pseudorandom Functions [GGM84] A family F = { F s : { 0 , 1 }

1.03k views • 59 slides
Constrained Pseudorandom Functions for Unconstrained Inputs Apoorvaa Deshpande (Brown

Constrained Pseudorandom Functions for Unconstrained Inputs Apoorvaa Deshpande (Brown

Constrained Pseudorandom Functions for Unconstrained Inputs Apoorvaa Deshpande (Brown University) Venkata Koppula (University of Texas at Austin) Brent Waters (University of Texas at Austin) Pseudorandom Functions (Goldreich-Goldwasser-Micali

1.96k views • 97 slides
Pseudorandom fu functions in in alm lmost constant depth fr from lo low-noise LPN Yu Yu

Pseudorandom fu functions in in alm lmost constant depth fr from lo low-noise LPN Yu Yu

Pseudorandom fu functions in in alm lmost constant depth fr from lo low-noise LPN Yu Yu Cryptologic Research Center joint work with (John Steinberger) Outline Introduction to LPN Decisional and Computational LPN

416 views • 15 slides
Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier Ala lain in Passel

Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier Ala lain in Passel

Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier Ala lain in Passel elgue Ecole normale suprieure Joint work with: Mich ichel l Abdalla la (ENS), Fabric ice Be Benhamouda (ENS), Ken enneth G. . Paterson

986 views • 61 slides
On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software

On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software

On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software Encryption 17, Tokyo Ashwin Jha 1 , Avradip Mandal 2 , Mridul Nandi 1 1 Indian Statistical Institute, Kolkata, India 2 Fujitsu Laboratories of America,

751 views • 28 slides
Substitution-permutation networks, pseudorandom functions, and natural proofs Eric Miles

Substitution-permutation networks, pseudorandom functions, and natural proofs Eric Miles

Substitution-permutation networks, pseudorandom functions, and natural proofs Eric Miles Northeastern University joint work with Emanuele Viola Theory vs. practice gap in cryptography Theoreticians have . . . - liberal

654 views • 21 slides
SPRING Fast Pseudorandom Functions from Rounded Ring Products G. Leurent () . . . . . . . . . .

SPRING Fast Pseudorandom Functions from Rounded Ring Products G. Leurent () . . . . . . . . . .

1 / 16 SPRING FSE 2014 Tweaks SPRING Implementation SPRING Fast Pseudorandom Functions from Rounded Ring Products G. Leurent () . . . . . . . . . . . . . . . Abhishek Banerjee 1 Hai Brenner 2 Gatan Leurent 3 Chris Peikert 1 Alon Rosen 2

568 views • 29 slides
Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Homomorphic Encryption for Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption Homomorphic encryption (HE): encryption schemes that support computation on ciphertexts Consists of three functions: m c

548 views • 26 slides
Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects:

Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects:

Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects: examples and constructions David Xiao LIAFA CNRS, Universit Paris 7 Plan Today: examples of pseudorandom objects Expander graphs

403 views • 17 slides
Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic Encryption Group Homomorphism: Two groups G and G are homomorphic if there exists a function (homomorphism) f:G G such that for all x,y G,

1.79k views • 165 slides
Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based

853 views • 52 slides
Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery Ananth Raghunathan Stanford University Pseudorandom Functions (PRFs) x { 0 , 1 } R k K x k PRF PRF( k , x ) x Rand Rand(

565 views • 23 slides
Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Function Families PRF from OWF PRP from PRF Applications Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel Aviv University November 29, 2011 Function Families PRF from OWF PRP from PRF

1.17k views • 58 slides
Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for Boolean functions Pierrick M AUX cole normale suprieure, INRIA, CNRS, PSL Boolean Functions and their Applications (BFA) Os, Norway Tuesday

1.23k views • 101 slides
367 $90M 385 $150,000 METRICS Greened Acres Awarded Greened Acres per Greened Acre SPRING

367 $90M 385 $150,000 METRICS Greened Acres Awarded Greened Acres per Greened Acre SPRING

INCENTIVES 367 $90M 385 $150,000 METRICS Greened Acres Awarded Greened Acres per Greened Acre SPRING 2018 complete in progress on average STORMWATER INCENTIVES CASE STUDY Community Ventures Francisville Senior Housing Survey: HAKS

351 views • 20 slides
Single-Trace Attacks on Keccak Matthias J. Kannwischer 1 , Peter Pessl 2 , Robert Primas 3 1

Single-Trace Attacks on Keccak Matthias J. Kannwischer 1 , Peter Pessl 2 , Robert Primas 3 1

Single-Trace Attacks on Keccak Matthias J. Kannwischer 1 , Peter Pessl 2 , Robert Primas 3 1 Radboud University, Nijmegen 2 Graz University of Technology (now with Infineon Technologies) 3 Graz University of Technology Side-Channel Attacks on Hash

569 views • 39 slides
rss sst s s

rss sst s s

sst ss srt ts t rs r sts strts rss

312 views • 30 slides
Improving Construction Safety with AI Dmitry Grenader dgrenader@smartvid.io C ONSTRUCTION : H

Improving Construction Safety with AI Dmitry Grenader dgrenader@smartvid.io C ONSTRUCTION : H

Improving Construction Safety with AI Dmitry Grenader dgrenader@smartvid.io C ONSTRUCTION : H IGH - HAZARD I NDUSTRY D RIVERS OF R ISK IN C ONSTRUCTION Cost Schedule Quality Safety F ATALITIES HAVEN T CHANGED IN 10+ YEARS Rate per

400 views • 22 slides
On weakly intersecting pairs of sets Zoltn Kirly 1 Zoltn L. Nagy 1 Dmtr Plvlgyi 1 ,

On weakly intersecting pairs of sets Zoltn Kirly 1 Zoltn L. Nagy 1 Dmtr Plvlgyi 1 ,

Intersecting pairs of sets A new lower bound Summary On weakly intersecting pairs of sets Zoltn Kirly 1 Zoltn L. Nagy 1 Dmtr Plvlgyi 1 , 2 Mirk Visontai 3 1 Etvs University Budapest 2 Ecole Polytechnique Fdrale de

866 views • 47 slides
Non-Headed Structures and Phrasal Constructions Jackendoff (2011) gives the following examples

Non-Headed Structures and Phrasal Constructions Jackendoff (2011) gives the following examples

Unifying Everything: Simpler Syntax, Construction Grammar, Minimalism and HPSG Non-Headed Structures and Phrasal Constructions Non-Headed Structures and Phrasal Constructions Jackendoff (2011) gives the following examples for phrasal

119 views • 9 slides
Surface Construction Labeling Lori Levin Language Technologies Institute Carnegie Mellon

Surface Construction Labeling Lori Levin Language Technologies Institute Carnegie Mellon

Corpus Annotation for Surface Construction Labeling Lori Levin Language Technologies Institute Carnegie Mellon University Collaborators and acknowledgements Collaborators: Jesse Dunietz, Jaime Carbonell, Dunietz, Jesse, Lori Levin, and

1.29k views • 104 slides
Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w

Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w

Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w * if M , on input w , starting from the start state s , reaches a final state i.e., * ( s,w ) F L ( M ) is the set of all strings accepted by

652 views • 51 slides

More recommend