notions of black box reductions revisited
play

Notions of Black-Box Reductions, Revisited ASIACRYPT 2013 Paul - PowerPoint PPT Presentation

Jan 27, 2024 •162 likes •587 views

Notions of Black-Box Reductions, Revisited ASIACRYPT 2013 Paul Baecher, Christina Brzuska, Marc Fischlin Tel Aviv University & Darmstadt University of Technology; supported by DFG Heisenberg and Center For Advanced Security Research

  1. Notions of Black-Box Reductions, Revisited ASIACRYPT 2013 Paul Baecher, Christina Brzuska, Marc Fischlin Tel Aviv University & Darmstadt University of Technology; supported by DFG Heisenberg and Center For Advanced Security Research Darmstadt (CASED)

  2. Introduction 1

  3. The Cryptographic Zoo PRP PKE PRF KA MAC MPC OWF OWP PRG CRHF COM SIG ZK • basic issues in cryptography • what can be built from what? • how (efficient)? 2

  4. A Typical Theorem in Cryptography constr. G [ f ] f e.g. OWP e.g. PRG Theorem: Let f be a P . Then construction G [ f ] is a Q . Question 1: what is G [ f ]? 3

  5. A Typical Theorem in Cryptography constr. G [ f ] f e.g. OWP e.g. PRG Theorem: Let f be a P . Then construction G [ f ] is a Q . Question 1: what is G [ f ]? • construction G uses f as an oracle ( G f ) • construction G uses f in some constricted way • construction G uses f ’s code • ??? 3

  6. A Typical Theorem in Cryptography constr. G [ f ] f e.g. OWP e.g. PRG Theorem: Let f be a P . Then construction G [ f ] is a Q . (corollary: if P exists, then Q exists.) Question 1: what is G [ f ]? • construction G uses f as an oracle ( G f ) • construction G uses f in some constricted way • construction G uses f ’s code • ??? 3

  7. Proving the Theorem constr. G [ f ] f S [ A , f ] A red. Theorem: Let f be a P . Then construction G [ f ] is a Q . • almost always: proof by reduction (show the contrapositive) • transform an attack on G into an attack on f • if algorithm A breaks G , then algorithm S [ A , f ] breaks f 4

  8. Proving the Theorem constr. G [ f ] f S [ A , f ] A red. Theorem: Let f be a P . Then construction G [ f ] is a Q . • almost always: proof by reduction (show the contrapositive) • transform an attack on G into an attack on f • if algorithm A breaks G , then algorithm S [ A , f ] breaks f • S [ A , f ] is the (constructive) reduction • Question 2: what is S [ A , f ]? • Question 3: what is S [ A , f ]? 4

  9. Why We Care About these Questions • very important for impossibility results / separations • i.e., much weaker versions of P exists �⇒ Q exists • what exactly is being ruled out? • . . . and what is left to try? • impossibility results are inspiring • enforces precise definitions of primitives • “we separate xyz from OWFs. . . ” • more black box, more efficient, more practical (usually) • better understanding of a fundamental technique in our field 5

  10. Notions of Reductions constr. G [ f ] f S [ A , f ] A red. • Defined by Reingold, Trevisan, and Vadhan (TCC ’04, [RTV04]) • three ∗ types of reductions: 6

  11. Notions of Reductions constr. G [ f ] f S [ A , f ] A red. • Defined by Reingold, Trevisan, and Vadhan (TCC ’04, [RTV04]) • three ∗ types of reductions: fully black box. ∃S∀A : if A breaks G f , then S A , f breaks f . 6

  12. Notions of Reductions constr. G [ f ] f S [ A , f ] A red. • Defined by Reingold, Trevisan, and Vadhan (TCC ’04, [RTV04]) • three ∗ types of reductions: fully black box. ∃S∀A : if A breaks G f , then S A , f breaks f . breaks G f , then S f if A f semi black box. ∀A∃S : breaks f . order switched f oracle no A oracle 6

  13. Notions of Reductions constr. G [ f ] f S [ A , f ] A red. • Defined by Reingold, Trevisan, and Vadhan (TCC ’04, [RTV04]) • three ∗ types of reductions: fully black box. ∃S∀A : if A breaks G f , then S A , f breaks f . semi black box. ∀A∃S : if A f breaks G f , then S f breaks f . breaks G f , then S f breaks f . weakly black box. ∀A∃S : if A no f oracle 6

  14. Notions of Reductions constr. G [ f ] f S [ A , f ] A red. • Defined by Reingold, Trevisan, and Vadhan (TCC ’04, [RTV04]) • three ∗ types of reductions: fully black box. ∃S∀A : if A breaks G f , then S A , f breaks f . semi black box. ∀A∃S : if A f breaks G f , then S f breaks f . weakly black box. ∀A∃S : if A breaks G f , then S f breaks f . 6

  15. In This Work • even more, fine-grained notions • . . . derived in a systematic way 7

  16. In This Work • even more, fine-grained notions • . . . derived in a systematic way • consider, for example, • reduction makes non-black-box use of primitive, but black-box use of adversary (think meta reductions) • efficient primitives and/or adversaries • black-box use, but partial information (run time, #queries, . . . ) • [RTV04] too coarse to capture such differences 7

  17. CAP 8

  18. Three Questions: A Short Encoding constr. G [ f ] f S [ A , f ] A red. Q1: what is G [ f ]? Q2: what is S [ A , f ]? Q3: what is S [ A , f ]? 9

  19. Three Questions: A Short Encoding constr. G [ f ] f S [ A , f ] A red. Q1: what is G [ f ]? C Q2: what is S [ A , f ]? Q3: what is S [ A , f ]? 9

  20. Three Questions: A Short Encoding constr. G [ f ] f S [ A , f ] A red. Q1: what is G [ f ]? Q2: what is S [ A , f ]? A C Q3: what is S [ A , f ]? 9

  21. Three Questions: A Short Encoding constr. G [ f ] f S [ A , f ] A red. Q1: what is G [ f ]? Q2: what is S [ A , f ]? A C P Q3: what is S [ A , f ]? 9

  22. Three Questions: A Short Encoding constr. G [ f ] f S [ A , f ] A red. Q1: what is G [ f ]? Q2: what is S [ A , f ]? A C P Q3: what is S [ A , f ]? • C , A , P ∈ { N , B } • Non black box / Black box 9

  23. Obtaining Actual Definitions constr. G [ f ] f S [ A , f ] A red. example: BBB 1. what is G [ f ]? B “ ∃ G ” ≺ “ ∀ f ” what is S [ A , f ]? B what is S [ A , f ]? B 10

  24. Obtaining Actual Definitions constr. G [ f ] f S [ A , f ] A red. example: BBB 1. what is G [ f ]? B “ ∃ G ” ≺ “ ∀ f ” what is S [ A , f ]? B “ ∃S ” ≺ “ ∀A ” what is S [ A , f ]? B “ ∃S ” ≺ “ ∀ f ” 2. “ ∃ G ”, “ ∃S ” ≺ “ ∀ f ”, “ ∀A ” 10

  25. Obtaining Actual Definitions constr. G [ f ] f S [ A , f ] A red. example: BBB 1. what is G [ f ]? B “ ∃ G ” ≺ “ ∀ f ” what is S [ A , f ]? B “ ∃S ” ≺ “ ∀A ” what is S [ A , f ]? B “ ∃S ” ≺ “ ∀ f ” 2. “ ∃ G ”, “ ∃S ” ≺ “ ∀ f ”, “ ∀A ” A f , G f breaks G f = ⇒ S A f , f breaks f 3. ∃ G , S ∀ f , A 10

  26. Obtaining Actual Definitions constr. G [ f ] f S [ A , f ] A red. example: NBB 1. what is G [ f ]? N “ ∀ f ” ≺ “ ∃ G ” what is S [ A , f ]? B “ ∃S ” ≺ “ ∀A ” what is S [ A , f ]? B “ ∃S ” ≺ “ ∀ f ” 2. “ ∃S ” ≺ “ ∀ f ” ≺ “ ∃ G ” and “ ∃S ” ≺ “ ∀A ” A f , G f breaks G f = ⇒ S A f , f breaks f 3. ∃S ∀ f ∃ G ∀A 10

  27. Obtaining Actual Definitions (cont’d) constr. G [ f ] f S [ A , f ] A red. Name Summary of definition (( G f , A f ) ⇒ ( f , S A , f )) BBB ∃ G ∃S ∀ f ∀A (( G f , A f ) ⇒ ( f , S A , f )) BNB ∃ G ∀A ∃S ∀ f (( G f , A f ) ⇒ ( f , S A , f )) BBN ∃ G ∀ f ∃S ∀A (( G f , A f ) ⇒ ( f , S A , f )) BNN ∃ G ∀ f ∀A ∃S (( G f , A f ) ⇒ ( f , S A , f )) NBB ∃S ∀ f ∃ G ∀A (( G f , A f ) ⇒ ( f , S A , f )) NBN ∀ f ∃ G ∃S ∀A (( G f , A f ) ⇒ ( f , S A , f )) NNN ∀ f ∃ G ∀A ∃S see page 305 of the proceedings (Part I) 11

  28. Basic Relations BBB implication (strict) BBN NBB 12

  29. Basic Relations BBB implication (strict) BBN BNB NBB BNN NBN NNB NNN 12

  30. Basic Relations BBB implication w.r.t. separations implication (strict) BBN BNB NBB BNN NBN NNB NNN 12

  31. There is More. . . • adversaries A can be PPT or inefficient • [RTV04]: mixed • here: inefficient up to now • all previous notions can be considered for efficient adversaries • shorthand: CAP a, restricted quantification ∀ PPT A 13

  32. Another Dimension BBB BBN BNB NBB BBBa BNN NBN NNB BBNa BNBa NBBa NNN BNNa NBNa NNBa NNNa 14

  33. Another Dimension fully relativizing BBB semi ∀∃ -semi weakly BBN BNB NBB BBBa ∀∃ -weakly free BNN NBN NNB BBNa BNBa NBBa NNN BNNa NBNa NNBa relativizing (e.g., [IR89]) NNNa 14

  34. Another Dimension BBB BBN BNB NBB BBBa BNN NBN NNB BBNa BNBa NBBa NNN BNNa NBNa NNBa relativizing (e.g., [IR89]) NNNa note: not all CAP a implications are strict 14

  35. Neither B nor N 15

  36. Parameterized Reductions BBB • consider the Goldreich–Levin hardcore bit [GL89] • reduction requires success BBN BNB NBB probability of adversary (but nothing else) BNN NBN NNB • black box? non black box? NNN 16

  37. Parameterized Reductions BBB • consider the Goldreich–Levin somewhere here? hardcore bit [GL89] • reduction requires success BBN BNB NBB probability of adversary (but nothing else) BNN NBN NNB • black box? non black box? NNN • parameterized reduction • here: par( A ) := success probability • BBB w/ param: A f , G f breaks G f = ⇒ S A f , f (par( A )) breaks f → parameters made explicit 16

  38. Summary • things I forgot to tell you • CAP p: efficient primitives • CAP ap: efficient adversaries and efficient primitives • careful when defining primitives 17

  39. Summary • things I forgot to tell you • CAP p: efficient primitives • CAP ap: efficient adversaries and efficient primitives • careful when defining primitives • things to remember • given any reduction/separation, ask three (five) questions • “impossibility” rarely means impossible • look for hidden parameters 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Polynomial-time reductions We have seen several reductions: Polynomial-time reductions Informal

Polynomial-time reductions We have seen several reductions: Polynomial-time reductions Informal

Polynomial-time reductions We have seen several reductions: Polynomial-time reductions Informal explanation of reductions: We have two problems, X and Y. Suppose we have a black-box solving problem X in polynomial-time. Can we use the black-box

1.38k views • 32 slides
STRUCTURAL REDUCTIONS Yann Thierry-Mieg LIP6, Sorbonne Universit, CNRS REVISITED Petri Nets

STRUCTURAL REDUCTIONS Yann Thierry-Mieg LIP6, Sorbonne Universit, CNRS REVISITED Petri Nets

STRUCTURAL REDUCTIONS Yann Thierry-Mieg LIP6, Sorbonne Universit, CNRS REVISITED Petri Nets 2020, June 2020, Paris 41ST INTERNATIONAL CONFERENCE ON APPLICATION AND THEORY OF PETRI NETS AND CONCURRENCY VERIFYING PROPERTIES OF PETRI NETS

454 views • 26 slides
ARE BLACK HOLES REAL ? Sergiu Klainerman Princeton University November 16, 2015 TWO NOTIONS OF

ARE BLACK HOLES REAL ? Sergiu Klainerman Princeton University November 16, 2015 TWO NOTIONS OF

ARE BLACK HOLES REAL ? Sergiu Klainerman Princeton University November 16, 2015 TWO NOTIONS OF REALITY MATHEMATICAL REALITY. An object is real if it is 1 mathematically consistent. PHYSICAL REALITY. A mathematical model is real if it 2

456 views • 44 slides
Reductions So far, two reductions that preserve the CS 611 meaning of a lambda calculus

Reductions So far, two reductions that preserve the CS 611 meaning of a lambda calculus

Reductions So far, two reductions that preserve the CS 611 meaning of a lambda calculus Advanced Programming Languages expression: Andrew Myers ( x e ) ( x e { x / x }) (if x FV e ) Cornell University

358 views • 3 slides
CS 301 Lecture 20 Reductions Stephen Checkoway April 9, 2018 1 / 17 Reductions Reductions

CS 301 Lecture 20 Reductions Stephen Checkoway April 9, 2018 1 / 17 Reductions Reductions

CS 301 Lecture 20 Reductions Stephen Checkoway April 9, 2018 1 / 17 Reductions Reductions are a way of saying, If problem B can be solved, then problem A can as well 2 / 17 Reductions Reductions are a way of saying, If problem B

640 views • 28 slides
Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and

Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and

Hom and Ext, Revisited Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and Ext, Revisited Hom and Ext, Revisited Joint work with Hailong Dao and Mohammad Eghbali JL Hom and Ext, Revisited Hom

871 views • 45 slides
Ideal quasi-normal convergence and related notions y , J . Pratulananda Das , L . Bukovsk

Ideal quasi-normal convergence and related notions y , J . Pratulananda Das , L . Bukovsk

Basic notions Properties of the Ideal and Decompositions Equivalences with classical notions ( I , J )QN, ( I , J )wQN and properties of C p ( X ) I - -covers Ideal quasi-normal convergence and related notions y , J . Pratulananda Das

646 views • 62 slides
Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions

Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions

Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions Continued 2.1.1 The Satisfiability Problem (SAT) 2.1.1.1 Propositional Formulas Definition 2.1.1. Consider a set of boolean variables x 1 , x 2 , . . .

355 views • 12 slides
Budget Proposal Personnel/BOCES Personnel Reductions Personnel Reductions Assistant

Budget Proposal Personnel/BOCES Personnel Reductions Personnel Reductions Assistant

2020-2021 Staffing and Budget Proposal Personnel/BOCES Personnel Reductions Personnel Reductions Assistant Superintendent for School Administration Supervisor of Special Programs HS English positions due to retirement BOCES

595 views • 13 slides
The Greek case Basic notions Three are the basic notions taking part into our presentation: WAR

The Greek case Basic notions Three are the basic notions taking part into our presentation: WAR

The use of the internet in Informational War: Propaganda of coverage and coverage of propaganda of the wars in Iraq and Afghanistan- The Greek case Basic notions Three are the basic notions taking part into our presentation: WAR 1.

323 views • 16 slides
Recommended Round 2 March Budget Reductions GENERAL FUND SUMMARY TOTAL REDUCTIONS ROUNDS

Recommended Round 2 March Budget Reductions GENERAL FUND SUMMARY TOTAL REDUCTIONS ROUNDS

ATTACHMENT A FY 2013-14 Already Approved Round 1 VSIP and Recommended Round 2 March Budget Reductions GENERAL FUND SUMMARY TOTAL REDUCTIONS ROUNDS 1-2: Recommended Reductions in NCC: ($4,262,491) Total Personnel Materials

373 views • 6 slides
Successful Emission Reductions in Yard Locomotives Yard Emissions Reductions Repower Slug

Successful Emission Reductions in Yard Locomotives Yard Emissions Reductions Repower Slug

Successful Emission Reductions in Yard Locomotives Yard Emissions Reductions Repower Slug Locomotives Shore Power Norfolk Southern Repower Successes Georgia (GA EPD/GDOT Grant) Atlanta - 10 GP33ECO Mother and Slug

485 views • 21 slides
Databases notions

Databases notions

Databases notions slide 11 Technical context DB advantages DB vocabulary DB data models slide 31 A Reference

259 views • 14 slides
Dj Q All Over Again: Tighter and Broader Reductions of q -Type Assumptions Melissa Chase -

Dj Q All Over Again: Tighter and Broader Reductions of q -Type Assumptions Melissa Chase -

Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Dj Q All Over Again: Tighter and Broader Reductions of q -Type Assumptions Melissa Chase - MSR Redmond Mary Maller - University College London

662 views • 51 slides
A proposal for User-Defined Reductions in OpenMP A. Duran 1 , R. Ferrer 1 , M. Klemm 2 , B. de

A proposal for User-Defined Reductions in OpenMP A. Duran 1 , R. Ferrer 1 , M. Klemm 2 , B. de

A proposal for User-Defined Reductions in OpenMP A. Duran 1 , R. Ferrer 1 , M. Klemm 2 , B. de Supinski 3 , E. Ayguad 1 1 BSC, 2 Intel, 3 LLNL June 16th 2010 Outline Motivation 1 UDR Design rationale 2 Declaring UDRs 3 Array reductions 4

532 views • 36 slides
NOVEMBER 1, 2015 SERMON NOTES Misguided Notions about God 1 Timothy 4:1-5 Pastor John Sloan

NOVEMBER 1, 2015 SERMON NOTES Misguided Notions about God 1 Timothy 4:1-5 Pastor John Sloan

NOVEMBER 1, 2015 SERMON NOTES Misguided Notions about God 1 Timothy 4:1-5 Pastor John Sloan Introduction : The world is full of bad theology. Wrong views about God. And while no one is immune to these misguided notions about our

221 views • 3 slides
Exotic BBN Ryan et al. Possible sources for the discrepancy Nuclear Rates - Restricted by

Exotic BBN Ryan et al. Possible sources for the discrepancy Nuclear Rates - Restricted by

How to best reconcile Big Bang Nucleosynthesis with Li abundance determinations? Exotic BBN Ryan et al. Possible sources for the discrepancy Nuclear Rates - Restricted by solar neutrino flux Discussed by Coc - Role of resonances

355 views • 33 slides
Conformal Freeze-in Sungwoo Hong Cornell work in progress with Maxim Perelstein and Gowri Kurup

Conformal Freeze-in Sungwoo Hong Cornell work in progress with Maxim Perelstein and Gowri Kurup

Conformal Freeze-in Sungwoo Hong Cornell work in progress with Maxim Perelstein and Gowri Kurup Utah Workshop: Leaving no stone unturned! I. Motivation / Question * Universe consistent with QM + SR * Universe described by QFT I. Motivation

1.31k views • 96 slides
Chapter 14 Probabilistic Reasoning Sections 14.1 14.3 Bayesian Belief Networks (BBNs)

Chapter 14 Probabilistic Reasoning Sections 14.1 14.3 Bayesian Belief Networks (BBNs)

Chapter 14 Probabilistic Reasoning Sections 14.1 14.3 Bayesian Belief Networks (BBNs) Representation CS5811 - Artificial Intelligence Nilufer Onder Department of Computer Science Michigan Technological University Outline Syntax

668 views • 24 slides
Experimental signatures of non-standard pre-BBN cosmologies Graciela Gelmini - UCLA

Experimental signatures of non-standard pre-BBN cosmologies Graciela Gelmini - UCLA

Experimental signatures of non-standard pre-BBN cosmologies Graciela Gelmini - UCLA GGI-Florence, Feb 20, 2009 Graciela Gelmini-UCLA If detected, DM particles will be the earliest relics we can study: they come from the pre-BBN era, from which

705 views • 38 slides
SRI, 8 Feb 2008 Bayesian Belief Nets: Demo and Introduction to Hugin John Rushby Computer

SRI, 8 Feb 2008 Bayesian Belief Nets: Demo and Introduction to Hugin John Rushby Computer

SRI, 8 Feb 2008 Bayesian Belief Nets: Demo and Introduction to Hugin John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Hugin Intro: 1 Overview Background and motivation Example 1:

528 views • 14 slides
Operational Choices in Generating Real Time Political Event Data Philip A. Schrodt, Ph.D. Parus

Operational Choices in Generating Real Time Political Event Data Philip A. Schrodt, Ph.D. Parus

Operational Choices in Generating Real Time Political Event Data Philip A. Schrodt, Ph.D. Parus Analytics LLC and Open Event Data Alliance Charlottesville, Virginia USA http://philipschrodt.org https://github.com/openeventdata/ Institute for

737 views • 50 slides
Sterile neutrinos and precision cosmology Yvonne Y. Y. Wong RWTH Aachen SNAC2011, Blacksburg

Sterile neutrinos and precision cosmology Yvonne Y. Y. Wong RWTH Aachen SNAC2011, Blacksburg

Sterile neutrinos and precision cosmology Yvonne Y. Y. Wong RWTH Aachen SNAC2011, Blacksburg VA, September 25 28, 2011 Probe 1: Cosmic microwave background anisotropies... TT TE Many probes : EE > 0.5 deg: COBE, WMAP, Planck

431 views • 32 slides
SLED: an update Supersymmetric Large Extra Dimensions Cliff Burgess Moriond 2007 Partners in

SLED: an update Supersymmetric Large Extra Dimensions Cliff Burgess Moriond 2007 Partners in

SLED: an update Supersymmetric Large Extra Dimensions Cliff Burgess Moriond 2007 Partners in Crime CC Problem: Y. Aghababaie, J. Cline, C. de Rham, H. Firouzjahi, D. Hoover, S. Parameswaran, F. Quevedo, G. Tasinato, A. Tolley, I. Zavala

1.51k views • 107 slides

More recommend