on basing search sivp on np hardness
play

On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu - PowerPoint PPT Presentation

Oct 12, 2022 •457 likes •1.46k views

On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu Sixteenth IACR Theory of Cryptography Conference Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 1 / 18 Assumptions and Primitives in Cryptography

  1. On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu Sixteenth IACR Theory of Cryptography Conference Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 1 / 18

  2. Assumptions and Primitives in Cryptography Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 2 / 18

  3. Assumptions and Primitives in Cryptography Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Can we prove the security of a cryptographic primitive from the minimal assumption NP � BPP ? (Brassard 1979) Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 2 / 18

  4. (Black-box) Security Proofs To prove the security of X based on NP � BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT R Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 3 / 18

  5. (Black-box) Security Proofs To prove the security of X based on NP � BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT A R Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 3 / 18

  6. (Black-box) Security Proofs To prove the security of X based on NP � BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT A � � accepts w.p. ≥ 2 / 3 , if x ∈ SAT � x accepts w.p. ≤ 1 / 3 , if x / ∈ SAT R Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 3 / 18

  7. Impossibility Results Add-Homomorphic Enc No known cryptographic scheme based on NP � BPP . Trapdoor PIR Several negative results* Permutation [Brassard’79, . . . ] Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  8. Impossibility Results Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP One-way Permutations [Brassard’79] OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  9. Impossibility Results Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP One-way Permutations OWF ∗ [Brassard’79] OWF Size-Verifiable One-way Functions Avg-NP � BPP [Akavia-Goldreich-Goldwasser- Moshkovitz’06, NP � BPP Bogdanov-Brzuska’14] Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  10. Impossibility Results Add-Homomorphic Enc Add-Homomorphic Encryption [Bogdanov-Lee’13] Trapdoor PIR Permutation Pub-key Enc CRHF OWP One-way Permutations OWF ∗ [Brassard’79] OWF Size-Verifiable One-way Functions Avg-NP � BPP [Akavia-Goldreich-Goldwasser- Moshkovitz’06, NP � BPP Bogdanov-Brzuska’14] Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  11. Impossibility Results Add-Homomorphic Enc Add-Homomorphic Encryption [Bogdanov-Lee’13] Trapdoor PIR Permutation Private Information Retrieval [Liu-Vaikuntanathan’16] Pub-key Enc CRHF OWP One-way Permutations OWF ∗ [Brassard’79] OWF Size-Verifiable One-way Functions Avg-NP � BPP [Akavia-Goldreich-Goldwasser- Moshkovitz’06, NP � BPP Bogdanov-Brzuska’14] Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  12. Impossibility Results (restricting the reductions) Add-Homomorphic Enc Public-key Encryption Scheme, via “smart” reduction Trapdoor PIR [Goldreich-Goldwasser’98] Permutation Collision-resistant Hash Functions, Pub-key Enc CRHF OWP via constant-adaptive reduction [Haitner-Mahmoody-Xiao’09] OWF Average-case NP, via non-adaptive reduction Avg-NP � BPP [Bogdanov-Trevisan’06] NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  13. A New Hope Hardness of Add-Homomorphic Enc Lattice Problems Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  14. A New Hope Hardness of Add-Homomorphic Enc A successful history of Lattice Problems lattice-based cryptography Trapdoor LWE PIR SIS [GGH’97, Regev’05, GPV’08, Permutation Gentry’09, BV’11, . . . ] Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  15. A New Hope gapSVP , gapSIVP � BPP Hardness of Add-Homomorphic Enc A successful history of SIVP � BPP Lattice Problems lattice-based cryptography Trapdoor LWE PIR SIS [GGH’97, Regev’05, GPV’08, Permutation Gentry’09, BV’11, . . . ] Pub-key Enc CRHF OWP Based on worst-case hardness of lattice problems OWF such as SIVP, gapSVP [Ajtai’96, MR’04, Regev’05, Avg-NP � BPP Peikert’09, LPR’10, MP’12, . . . ] NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  16. A New Hope gapSVP , gapSIVP � BPP Hardness of Add-Homomorphic Enc Impossibility Results [GG’00, SIVP � BPP Lattice Problems Trapdoor MV’03,AR’04,GMR’04,PV’08] LWE PIR SIS Permutation gapSVP ˜ O ( √ n ) , gapSIVP ˜ O ( √ n ) are not NP -hard unless Pub-key Enc CRHF OWP polynomial hierarchy collapses. OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  17. A New Hope gapSVP , gapSIVP � BPP Hardness of Add-Homomorphic Enc Impossibility Results [GG’00, SIVP � BPP Lattice Problems Trapdoor MV’03,AR’04,GMR’04,PV’08] LWE PIR SIS Permutation gapSVP ˜ O ( √ n ) , gapSIVP ˜ O ( √ n ) are not NP -hard unless Pub-key Enc CRHF OWP polynomial hierarchy collapses. OWF Our Result Search problem SIVP ˜ O ( n ) is not Avg-NP � BPP NP -hard unless polynomial hierarchy collapses. NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  18. Lattice Full-rank discrete additive subgroup in R n Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  19. Lattice Full-rank discrete additive subgroup in R n Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  20. Lattice Full-rank discrete additive subgroup in R n Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  21. Lattice b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  22. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP) Search Find shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  23. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP) Search Find shortest basis in lattice L ( B ). Decision Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  24. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP), γ -Approx. Search Find shortest basis in lattice L ( B ). Decision Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  25. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP), γ -Approx. SIVP γ Find short basis whose length ≤ γ · λ n ( B ). Decision Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  26. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP), γ -Approx. SIVP γ Find short basis whose length ≤ γ · λ n ( B ). GapSIVP γ Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > γ · d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  27. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Vector Problem (SVP), γ -Approx. SVP γ Find short non-zero vector whose length ≤ γ · λ 1 ( B ). GapSVP γ Given a real d , distinguish between λ 1 ( B ) ≤ d and λ 1 ( B ) > γ · d . λ 1 ( B ) := length of the shortest non-zero vector in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT liutr@mit.edu , vinodv@csail.mit.edu Thirteenth IACR Theory of Cryptography Conference . . . . . . . . . . . . . . . . . . . . .

696 views • 56 slides
Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness ASTM D2583 Fiberglass Aluminum Aluminum Alloys Soft Metals Plastics Scratch Hardness- (IS 101 - Part 5/Sec 2) BS 3900 Hardness can

1.89k views • 30 slides
Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical Comments Optimization Problems More Complexity Classes 1 Tautology Problem & NP-Hardness & co-NP 2 NP-Hardness Another

559 views • 23 slides
Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP Next best thing: define hardest problem in NP A problem P is NP -hard if Every problem Q in NP can be solved in this way: 1. given an instance

609 views • 14 slides
Basing Elk Population Limits on Direct Measurements of Vegetation Health and Use Patterns. By:

Basing Elk Population Limits on Direct Measurements of Vegetation Health and Use Patterns. By:

Basing Elk Population Limits on Direct Measurements of Vegetation Health and Use Patterns. By: Catherine Schnurrenberger, C.S. Ecological Surveys and Assessments, 11331 Star Pine Rd. Truckee, CA 96161. cadavis@ltol.com Why do we need effective

808 views • 42 slides
On basing one-way permutations on NP-hard problems under quantum reductions Nai-Hui Chia

On basing one-way permutations on NP-hard problems under quantum reductions Nai-Hui Chia

On basing one-way permutations on NP-hard problems under quantum reductions Nai-Hui Chia (PennState to UTAustin) Joint work with Sean Hallgren (PennState) and Fang Song (PortlandState to TAMU) 1 How do people say a crypto system is

567 views • 24 slides
G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen, Switzerland 2) Northeastern University, Boston, USA * ) on leave from INR(Moscow) LIGHT 07, September 26, 2007, Ringberg Castle G-APD radiation hardness

375 views • 23 slides
CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Backtracking Local Search Wheeler Ruml

CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Backtracking Local Search Wheeler Ruml

CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Backtracking Local Search Wheeler Ruml (UNH) Class 25, CS 758 1 / 20 Backtracking Hardness Optimization Backtracking Depth-first Search DFS Order Problems

466 views • 20 slides
From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems Kevin Leyton Brown Computer Science Department University of British Columbia CATS Empirical Hardness Models EHMs for SAT SATzilla Intro

1.15k views • 75 slides
Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay Cohen Noah Smith Carnegie Mellon University July 14, 2010 Outline Hardness results for unsupervised learning of PCFGs Background and problem

602 views • 46 slides
Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for the legal users, but are very difficult to the eavesdroppers. Public Key Cryptography 1 Such problems are called trapdoor problems .

345 views • 3 slides
Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for the legal users, but are very difficult to the eavesdroppers. Public Key Cryptography 1 Such problems are called trapdoor problems . They allow to

379 views • 5 slides
Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan

Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan

Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan Darwiche Nov 4, 2015, INFORMS Basing Decisions on Sentences US Senate: 54 Rep., 44 Dem., and 2 Indep. p1 s1 p2 s2 p3 s3 Basing Decisions on

931 views • 65 slides
Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit Laekhanukit McGill University 1 This Talk Investigate the connection between 2-Prover-1-Round Game (2P1R) and Hardness of Approximating

540 views • 43 slides
NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs . . . Usual Proofs of NP- . . . Proofs of NP- . . . Pedagogical Problem . . . NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers Instead What Is NP-Hard: . . . Proof that . . . of

296 views • 12 slides
Basing Markov Transition Systems on the Giry Monad Smooth Equiva- lence Relations Congruences

Basing Markov Transition Systems on the Giry Monad Smooth Equiva- lence Relations Congruences

EED. Motivation The Giry Monad Basing Markov Transition Systems on the Giry Monad Smooth Equiva- lence Relations Congruences Ernst-Erich Doberkat Factoring Chair for Software Technology Some Technische Universitt Dortmund Conclu-

379 views • 16 slides
RCU Annual Seminar A year in review and future outlook 1 Contents of Presentation DGS

RCU Annual Seminar A year in review and future outlook 1 Contents of Presentation DGS

GIBRALTAR RESOLUTION AND COMPENSATION UNIT RCU Annual Seminar A year in review and future outlook 1 Contents of Presentation DGS & Bank Resolution Macro Focus A year in Review: Achieving our goals Industry Dialogue

613 views • 20 slides
Directors of Graduate Studies Meeting Minutes Wednesday, February 7, 2018 3:30 p.m.-5:00 p.m.,

Directors of Graduate Studies Meeting Minutes Wednesday, February 7, 2018 3:30 p.m.-5:00 p.m.,

Directors of Graduate Studies Meeting Minutes Wednesday, February 7, 2018 3:30 p.m.-5:00 p.m., IMU Iowa Theater Meeting was called to order at 3:33 p.m. by Senior Associate Dean Sarah Larsen. Announcements and Updates DGS meetings will return

711 views • 22 slides
AB20 CA/CSU/UC Model Agreement Jeff Warner These slides were based on a presentation from:

AB20 CA/CSU/UC Model Agreement Jeff Warner These slides were based on a presentation from:

AB20 CA/CSU/UC Model Agreement Jeff Warner These slides were based on a presentation from: Sue DeRosa, CSUCO Andrew Boulter, UCOP History AB20 required the Department of General S ervices (DGS ) on behalf of the S tate to negotiate a

850 views • 30 slides
Dual-Way Gradient Sparsification for Asynchronous Distributed Deep Learning Zijie Yan,

Dual-Way Gradient Sparsification for Asynchronous Distributed Deep Learning Zijie Yan,

Dual-Way Gradient Sparsification for Asynchronous Distributed Deep Learning Zijie Yan, Danyang Xiao, MengQiang Chen, Jieying Zhou, Weigang Wu Sun Yat-sen University Guangzhou, China 1 Outline 1. Introduction 2. The Proposed

524 views • 31 slides
SZDG, eCom4Com technology, EDGeS-EDGI in large P. Kacsuk MTA SZTAKI 1 The EDGI/EDGeS projects

SZDG, eCom4Com technology, EDGeS-EDGI in large P. Kacsuk MTA SZTAKI 1 The EDGI/EDGeS projects

SZDG, eCom4Com technology, EDGeS-EDGI in large P. Kacsuk MTA SZTAKI 1 The EDGI/EDGeS projects receive(d) Community research funding Outline of the talk SZTAKI Desktop Grid (SZDG) SZDG technology: eCom4Com EDGeS EDGI

702 views • 30 slides
Europe 2020: the EU strategy for smart, sustainable and inclusive growth The role of the social

Europe 2020: the EU strategy for smart, sustainable and inclusive growth The role of the social

Europe 2020: the EU strategy for smart, sustainable and inclusive growth The role of the social partners in the definition, implementation and follow-up of the Europe 2020 strategy Vice-President efovi - EESC- ECOSOC- 17 September 2010

74 views • 6 slides
CS 591 PHD Seminar Beginning the journey toward earning a PhD CS Graduate Office Viveka

CS 591 PHD Seminar Beginning the journey toward earning a PhD CS Graduate Office Viveka

CS 591 PHD Seminar Beginning the journey toward earning a PhD CS Graduate Office Viveka Kudaligama Kara McGregor Maggie M. Chappell Assistant DGS Senior Grad Advisor Grad Advisor Nancy Amato Robin Kravets Darko Marinov Head of CS Dir.

639 views • 22 slides
FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W.

FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W.

FrodoKEM practical quantum-secure key encapsulation from generic lattices Erdem Alkim Joppe W. Bos L eo Ducas Patrick Longa Ilya Mironov Michael Naehrig Valeria Nikolaenko Chris Peikert Ananth Raghunathan Douglas Stebila 1 / 11

950 views • 49 slides

More recommend