on basing private information retrieval on np hardness
play

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 - PowerPoint PPT Presentation

Mar 27, 2023 •118 likes •696 views

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT liutr@mit.edu , vinodv@csail.mit.edu Thirteenth IACR Theory of Cryptography Conference . . . . . . . . . . . . . . . . . . . . .

  1. On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT liutr@mit.edu , vinodv@csail.mit.edu Thirteenth IACR Theory of Cryptography Conference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 1 / 14

  2. Assumptions and Primitives in Cryptography Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP ⊈ BPP NP ⊈ BPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 2 / 14

  3. Assumptions and Primitives in Cryptography Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP ⊈ BPP NP ⊈ BPP Can we prove the security of a cryptographic primitive from the minimal assumption NP ⊈ BPP ? (Brassard 1979) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 2 / 14

  4. (Black-box) Security Proofs To prove the security of X based on NP ⊈ BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 3 / 14

  5. (Black-box) Security Proofs To prove the security of X based on NP ⊈ BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT A R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 3 / 14

  6. (Black-box) Security Proofs To prove the security of X based on NP ⊈ BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT A ) { accepts w.p. ≥ 2 / 3 , if x ∈ SAT ( x accepts w.p. ≤ 1 / 3 , if x / ∈ SAT R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 3 / 14

  7. (Black-box) Security Proofs To prove the security of X based on NP ⊈ BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT A ) { accepts w.p. ≥ 2 / 3 , if x ∈ SAT ( x accepts w.p. ≤ 1 / 3 , if x / ∈ SAT R Note: Black-box security proof but allow arbitrary construction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 3 / 14

  8. Impossibility Results Add-Homomorphic Enc No known cryptographic scheme based on NP ⊈ BPP . Trapdoor PIR Several negative results* (Brassard Permutation 1979, . . . ) Pub-key Enc CRHF OWP OWF Avg-NP ⊈ BPP NP ⊈ BPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 4 / 14

  9. Impossibility Results Add-Homomorphic Enc One-way Permutations (Brassard 1979) Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP ⊈ BPP NP ⊈ BPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 4 / 14

  10. Impossibility Results (restricting the primitives) Add-Homomorphic Enc Homomorphic Encryption ∗ (Bogdanov-Lee 2013) Trapdoor PIR One-way Functions ∗ Permutation (Akavia-Goldreich-Goldwasser- Pub-key Enc CRHF OWP Moshkovitz 2006, Bogdanov-Brzuska 2014) OWF Avg-NP ⊈ BPP NP ⊈ BPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 4 / 14

  11. Impossibility Results (restricting the reductions) Add-Homomorphic Enc Public-key Encryption Scheme, via “smart” reduction Trapdoor PIR (Goldreich-Goldwasser 1998) Permutation Collision-resistant Hash Functions, Pub-key Enc CRHF OWP via constant-adaptive reduction (Haitner-Mahmoody-Xiao 2009) OWF Average-case NP, via non-adaptive reduction Avg-NP ⊈ BPP (Bogdanov-Trevisan 2006) NP ⊈ BPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 4 / 14

  12. Our Result: Private Information Retrieval [CGKS95, KO97] Add-Homomorphic Enc Theorem (Informal) Trapdoor PIR Permutation Let Π be a single-server one-round PIR scheme. Pub-key Enc CRHF OWP Security of Π can not be based on NP-hardness unless OWF polynomial hierarchy collapses. Avg-NP ⊈ BPP NP ⊈ BPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 5 / 14

  13. Our Result: Private Information Retrieval [CGKS95, KO97] Add-Homomorphic Enc Theorem (Informal) Trapdoor PIR Permutation Let Π be a single-server one-round PIR scheme. Pub-key Enc CRHF OWP Security of Π can not be based on NP-hardness unless OWF polynomial hierarchy collapses. Avg-NP ⊈ BPP Rule out approximately correct PIR. NP ⊈ BPP Rule out PIR with communication complexity n − o ( n ). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 5 / 14

  14. Proof Overview Lemma 1 (Single-server one-round) PIR can be broken with an SZK oracle Lemma 2 Language L ∈ BPP SZK = ⇒ L ∈ AM ∩ coAM (Mahmoody & Xiao, 2010) Thus: if there is a reduction from SAT to breaking PIR, then SAT ∈ AM ∩ coAM . Lemma 3 NP ̸⊆ coAM unless polynomial hierarchy collapses (Boppana, H˚ astad & Zachos, 1987) Thus: if there is a reduction from SAT to breaking PIR, then polynomial hierarchy collapses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 6 / 14

  15. Proof Overview Lemma 1 (Single-server one-round) PIR can be broken with an SZK oracle Lemma 2 Language L ∈ BPP SZK = ⇒ L ∈ AM ∩ coAM (Mahmoody & Xiao, 2010) Thus: if there is a reduction from SAT to breaking PIR, then SAT ∈ AM ∩ coAM . Lemma 3 NP ̸⊆ coAM unless polynomial hierarchy collapses (Boppana, H˚ astad & Zachos, 1987) Thus: if there is a reduction from SAT to breaking PIR, then polynomial hierarchy collapses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 6 / 14

  16. Proof Overview Lemma 1 (Single-server one-round) PIR can be broken with an SZK oracle Lemma 2 Language L ∈ BPP SZK = ⇒ L ∈ AM ∩ coAM (Mahmoody & Xiao, 2010) Thus: if there is a reduction from SAT to breaking PIR, then SAT ∈ AM ∩ coAM . Lemma 3 NP ̸⊆ coAM unless polynomial hierarchy collapses (Boppana, H˚ astad & Zachos, 1987) Thus: if there is a reduction from SAT to breaking PIR, then polynomial hierarchy collapses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 6 / 14

  17. Proof Overview Lemma 1 (Single-server one-round) PIR can be broken with an SZK oracle Lemma 2 Language L ∈ BPP SZK = ⇒ L ∈ AM ∩ coAM (Mahmoody & Xiao, 2010) Thus: if there is a reduction from SAT to breaking PIR, then SAT ∈ AM ∩ coAM . Lemma 3 NP ̸⊆ coAM unless polynomial hierarchy collapses (Boppana, H˚ astad & Zachos, 1987) Thus: if there is a reduction from SAT to breaking PIR, then polynomial hierarchy collapses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 6 / 14

  18. Proof Overview Lemma 1 (Single-server one-round) PIR can be broken with an SZK oracle Lemma 2 Language L ∈ BPP SZK = ⇒ L ∈ AM ∩ coAM (Mahmoody & Xiao, 2010) Thus: if there is a reduction from SAT to breaking PIR, then SAT ∈ AM ∩ coAM . Lemma 3 NP ̸⊆ coAM unless polynomial hierarchy collapses (Boppana, H˚ astad & Zachos, 1987) Thus: if there is a reduction from SAT to breaking PIR, then polynomial hierarchy collapses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tianren, Vinod (MIT) Basing PIR on NP-Hardness TCC 2016-A 6 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu Sixteenth IACR Theory of

On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu Sixteenth IACR Theory of

On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu Sixteenth IACR Theory of Cryptography Conference Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 1 / 18 Assumptions and Primitives in Cryptography

1.46k views • 99 slides
Heterogenous Private Information Retrieval Hamid Mozaffari, Amir Houmansadr University of

Heterogenous Private Information Retrieval Hamid Mozaffari, Amir Houmansadr University of

Heterogenous Private Information Retrieval Hamid Mozaffari, Amir Houmansadr University of Massachusetts Amherst Pr Private Information Retrieval u Private information retrieval (PIR) enables clients to query and retrieve data from untrusted

415 views • 25 slides
Private Information Retrieval Over Gaussian MAC Ori Shmuel Joint Work with Asaf Cohen Ben

Private Information Retrieval Over Gaussian MAC Ori Shmuel Joint Work with Asaf Cohen Ben

Private Information Retrieval PIR for Gaussian Multiple Access Channels Private Information Retrieval Over Gaussian MAC Ori Shmuel Joint Work with Asaf Cohen Ben Gurion University of the Negev shmuelor@bgu.ac.il IEEE International Symposium

1.09k views • 73 slides
Computational Code-Based Single-Server Private Information Retrieval Lukas Holzbaur , Camilla

Computational Code-Based Single-Server Private Information Retrieval Lukas Holzbaur , Camilla

Computational Code-Based Single-Server Private Information Retrieval Lukas Holzbaur , Camilla Hollanti, Antonia Wachter-Zeh Technical University of Munich Institute for Communications Engineering Private Information Retrieval Goal: Retrieve

431 views • 28 slides
Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Introduction to Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval Information Retrieval (IR) is finding material (usually documents) of an unstructured nature (usually text) that satisfies an

1.01k views • 57 slides
Private Information Retrieval over ICN Christian Tschudin University of Basel ,

Private Information Retrieval over ICN Christian Tschudin University of Basel ,

Private Information Retrieval over ICN Christian Tschudin University of Basel , Switzerland and Symphony.com , Palo Alto, USA /edu/ucla/cs/nom16/PIRoverICN/ndx sha256 MPHF PIR Overview How to lookup secrets over public NDN?

585 views • 12 slides
Single-Database Private Information Retrieval 07.11.2005 Aleksandr Grebennik Tartu University a

Single-Database Private Information Retrieval 07.11.2005 Aleksandr Grebennik Tartu University a

MTAT.07.006 Research Seminar in Cryptography Single-Database Private Information Retrieval 07.11.2005 Aleksandr Grebennik Tartu University a g@ut.ee Single-Database Private Information Retrieval Aleksandr Grebennik 1 Overview of the Lecture

626 views • 15 slides
Improved User-Private Information Retrieval via Finite Geometry RMIT Padraig O Cath ain

Improved User-Private Information Retrieval via Finite Geometry RMIT Padraig O Cath ain

Improved User-Private Information Retrieval via Finite Geometry RMIT Padraig O Cath ain (WPI) joint with Oliver W. Gnilke, Marcus Greferath, Camilla Hollanti, Guillermo Nu nez Ponasso, Eric Swartz 7th October 2019 Private

955 views • 62 slides
1 What is multimedia information retrieval? 1.1 Information retrieval 1.2 Multimedia 1.3

1 What is multimedia information retrieval? 1.1 Information retrieval 1.2 Multimedia 1.3

1 What is multimedia information retrieval? 1.1 Information retrieval 1.2 Multimedia 1.3 Semantic Gap? 1.4 Challenges of automated multimedia indexing 2 Basic multimedia search technologies 2.1 Meta-data driven retrieval 2.2 Piggy-back text

902 views • 56 slides
CS54701: Information Retrieval CS-54701 Information Retrieval Luo Si Department of Computer

CS54701: Information Retrieval CS-54701 Information Retrieval Luo Si Department of Computer

CS54701: Information Retrieval CS-54701 Information Retrieval Luo Si Department of Computer Science Purdue University Overview of Information Retrieval Why Information Retrieval: Information Overload: The world produces between 1 and 2

366 views • 33 slides
Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness ASTM D2583 Fiberglass Aluminum Aluminum Alloys Soft Metals Plastics Scratch Hardness- (IS 101 - Part 5/Sec 2) BS 3900 Hardness can

1.89k views • 30 slides
Private Information Retrieval Vesa Vaskelainen Helsinki University of Technology

Private Information Retrieval Vesa Vaskelainen Helsinki University of Technology

T-79.514 Special Course on Cryptology Private Information Retrieval Vesa Vaskelainen Helsinki University of Technology vvaskela@cc.hut.fi T-79.514 Special Course in Cryptology, Private Information Retrieval, Vesa Vaskelainen 1 Overview of

195 views • 18 slides
Extended Private Information Retrieval and its Application in Biometrics Authentications J.

Extended Private Information Retrieval and its Application in Biometrics Authentications J.

Extended Private Information Retrieval and its Application in Biometrics Authentications J. Bringer and H. Chabanne D. Pointcheval and Q. Tang Sagem S ecurit Ecole normale sup e, France erieure, France CANS 2007 December 2007

372 views • 12 slides
Information Retrieval Introducing Information Retrieval and Web Search

Information Retrieval Introducing Information Retrieval and Web Search

Introduction to Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval Information Retrieval (IR) is finding material (usually documents) of

585 views • 57 slides
Information Retrieval CS-7961: Topics in Information retrieval (IR) is finding material (usually

Information Retrieval CS-7961: Topics in Information retrieval (IR) is finding material (usually

Information Retrieval CS-7961: Topics in Information retrieval (IR) is finding material (usually documents) of an unstructured nature Information Retrieval (usually text) that satisfies an information need Seminar from within large

276 views • 4 slides
Weakly Private Information Retrieval Under the Maximal Leakage Metric Ruida Zhou, Tao Guo, Chao

Weakly Private Information Retrieval Under the Maximal Leakage Metric Ruida Zhou, Tao Guo, Chao

Weakly Private Information Retrieval Under the Maximal Leakage Metric Ruida Zhou, Tao Guo, Chao Tian Texas A&M University ISIT 2020 R. Zhou, T. Guo, C. Tian Weakly PIR Under the Maximal Leakage Metric 1 / 20 Private Information Retrieval

653 views • 31 slides
Isogeny Graphs in Cryptography Luca De Feo hand-drawings by Rachel Deyts Universit de

Isogeny Graphs in Cryptography Luca De Feo hand-drawings by Rachel Deyts Universit de

Isogeny Graphs in Cryptography Luca De Feo hand-drawings by Rachel Deyts Universit de Versailles & Inria, Universit Paris-Saclay May 31, 2018, Journes du Pr-GDR Scurit, Paris Elliptic curves Let E y 2 x 3 ax b be

1.01k views • 73 slides
Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm?

Trapdoor simulation Algorithms in CS courses of quantum algorithms WHAT is your algorithm? Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische

922 views • 70 slides
from a single quantum device THOMAS VIDICK CALIFORNIA INSTITUTE OF TECHNOLOGY Joint work with

from a single quantum device THOMAS VIDICK CALIFORNIA INSTITUTE OF TECHNOLOGY Joint work with

Certifiable randomness from a single quantum device THOMAS VIDICK CALIFORNIA INSTITUTE OF TECHNOLOGY Joint work with Zvika Brakerski (Weizmann), Paul Christiano, Urmila Mahadev, and Umesh Vazirani (UC Berkeley) Quantum Computing 1.0

359 views • 12 slides
Numb3rs 11 2 10 3 Some Cryptographic Functions 9 4 8 5 7 6 A Word on Efficiency Very

Numb3rs 11 2 10 3 Some Cryptographic Functions 9 4 8 5 7 6 A Word on Efficiency Very

0 12 1 Numb3rs 11 2 10 3 Some Cryptographic Functions 9 4 8 5 7 6 A Word on Efficiency Very huge numbers have very short representation Take a 256 bit integer, 111 = 2 256 -1 Can a computer just count up to this number? No. Not

427 views • 7 slides
Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning

Secure indexes and other oblivious search structures (Privaatne otsing: indeksid ning alternatiivid) Sven Laur swen@math.ut.ee Helsinki University of Technology Basic motivation Secure storage problem Client Alice does not have skills for

428 views • 16 slides
Asymmetric encrypCon CS642: Computer Security Professor

Asymmetric encrypCon CS642: Computer Security Professor

Asymmetric encrypCon CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

662 views • 33 slides
One Way Functions Amit Suthar 05CS3016 Amar Patel 05CS3017 Computer Science and Engineering

One Way Functions Amit Suthar 05CS3016 Amar Patel 05CS3017 Computer Science and Engineering

One Way Functions Amit Suthar 05CS3016 Amar Patel 05CS3017 Computer Science and Engineering Department Indian Institute of Kharagpur, Kharagpur West Bengal, 721302 India Contents 1 Introduction 1 1.1 One Way Function . . . . . . . . . .

825 views • 8 slides
Updatable and Universal Common Reference Strings with Applications to zk-SNARKs Jens Groth,

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs Jens Groth,

Updatable and Universal Common Reference Strings with Applications to zk-SNARKs Jens Groth, Markulf Kohlweiss, Mary Maller, Sarah Meiklejohn, Ian Miers. Crypto - 23/08/2018 Our Goal Find a better method than trusted setups for generating the

889 views • 59 slides

More recommend