on elfs deterministic encryption and correlated input
play

On ELFs, Deterministic Encryption, and Correlated Input - PowerPoint PPT Presentation

Jan 31, 2023 •294 likes •568 views

On ELFs, Deterministic Encryption, and Correlated Input Security Mark Zhandry Princeton University mommy > daddy In reality = = pk c = Enc(pk,mommy > daddy) sk Random

  1. On ¡ELFs, ¡Deterministic ¡ Encryption, ¡and ¡ Correlated ¡Input ¡Security Mark ¡Zhandry Princeton ¡University

  2. “mommy > daddy”

  3. In ¡reality… = =

  4. pk c = Enc(pk,“mommy > daddy”) sk

  5. Random ¡Number ¡Cortex: r ¡= ¡0000000000…….

  6. Deterministic ¡Public ¡Key ¡Encryption ¡(DPKE) Pros: Cons: ✓ No ¡randomness ¡needed ✘ Harder ¡to ¡construct ✓ Public ¡equality ¡test ✘ Semantic ¡security ¡impossible ✘ Need ¡unpredictable ¡messages ✘ Multiple ¡messages?

  7. This ¡Work DPKE ¡secure ¡under • Arbitrary ¡computationally ¡unpredictable ¡sources • Constant number ¡of ¡arbitrarily ¡correlated ¡sources • Chosen ¡ciphertext attacks Computational ¡assumption: ¡exponential ¡DDH

  8. Computationally ¡Unpredictable ¡Sources D (x 1 , x 2 , …, x t , aux) Pr[i ≠ j ⇒ x i ≠ x j ] = 1 Pr[x i ’ = x i ] < negl (i, x i ’)

  9. DPKE ¡Experiment ¡0: D Gen (pk, sk) (x 1 , x 2 , …, x t , aux) … Enc pk Enc pk Enc pk (c 1 , c 2 , …, c t , aux, pk) Dec sk

  10. DPKE ¡Experiment ¡1: D Gen (pk, sk) (x 1 , x 2 , …, x t , aux) $ $ $ (c 1 , c 2 , …, c t , aux, pk) Dec sk

  11. Some ¡Prior ¡Work [Wichs’12] t [Brakerski-­‑Segev’11] unbounded [Bellare-­‑Boldyreva-­‑O’Neill’07] (ROM) No ¡BB ¡ reduction ¡to ¡ bounded ¡poly [Fuller-­‑O’Neill-­‑Reyzin’12] “falsifiable ¡ assumption” log This ¡Work Unbounded ¡ O(1) (exp assump, ¡non ¡BB) [Bellare-­‑Fischlin-­‑O’Neill-­‑Ristenpart’08, 1 [Brakerski-­‑Segev’11, ¡Wee’12] Boldyreva-­‑Fehr-­‑O’Neill’08] D Arbitrary ¡unpred.

  12. Step ¡1: ¡ t=1 , ¡No ¡CCA ¡queries

  13. Extremely ¡Lossy Functions ¡(ELFs) ¡[Z’16] Injective ¡Mode: Lossy Mode: ≈ c | Img | = polynomial* Thm [Z’16]: ¡ Exponential ¡DDH ¡ ⇒ ELFs *Technically ¡ |Img| depends ¡on ¡adversary

  14. PRGs ¡for ¡Comp. ¡Unpred. ¡Sources, ¡ t=1 D $ k (x , aux) Thm [Z’16]: ¡ ELFs ¡ ⇒ PRGs ¡for ¡arbitrary ¡ 1 -­‑CU ¡sources G k (y, aux, k)

  15. Upgrading ¡to ¡DPKE Encryption: Decryption: x c Dec sk G k ??? Enc pk $ c

  16. New ¡Tool: ¡Trapdoor ¡ELFs Injective ¡Mode:

  17. Constructing ¡T-­‑ELFs … x LTDF LTDF LTDF Compression ¡kills ¡trapdoor = ¡Pairwise ¡independent ¡function

  18. Constructing ¡T-­‑ELFs … x LTDF LTDF LTDF In ¡paper: ¡instantiate ¡parameters ¡ such ¡that ¡growth ¡isn’t ¡too ¡big

  19. Upgrading ¡to ¡DPKE Encryption: Decryption: x c Thm: T-­‑ELFs ¡+ ¡ Dec sk G k Pseudorandom ¡ctxts + PRG ¡for ¡CU ¡ 1 -­‑sources ¡+ DPKE ¡for ¡CU ¡ 1 -­‑sources ⇒ Enc pk $ c x

  20. Step ¡2: ¡Constant ¡ t , ¡No ¡CCA ¡queries

  21. PRGs ¡for ¡Comp. ¡Unpred. ¡Sources, ¡ t=O(1) D $ k (x 1 , x 2 , …, x t , aux) … G k G k G k (y 1 , y 2 , …, y t , aux, k)

  22. Step ¡2: ¡Constant ¡ t , ¡No ¡CCA ¡queries Thm: T-­‑ELFs ¡+ ¡ Pseudorandom ¡ctxts + PRG ¡for ¡CU ¡ O(1) -­‑sources ¡+ DPKE ¡for ¡CU ¡ O(1) -­‑sources ⇒

  23. PRG ¡for ¡CU ¡ O(1) -­‑ sources Idea ¡1: ¡each ¡ x i gets ¡it’s ¡own ¡PRG ¡for ¡CU ¡ 1 -­‑sources D (x 1 , x 2 , …, x t , aux) $ $ $ … G k G k k 1 k 2 G k k t y 1 y 2 y t

  24. PRG ¡for ¡CU ¡ O(1) -­‑ sources ? Idea ¡2: ¡Generate ¡ k as ¡function ¡of ¡ x D (x 1 , x 2 , …, x t , aux) … G k G k G k F F F y 1 y 2 y t

  25. PRG ¡for ¡CU ¡ O(1) -­‑ sources Idea ¡3: ¡Break ¡circularity ¡using ¡ t -­‑wise ¡independence ¡+ ¡ELFs D (x 1 , x 2 , …, x t , aux) … G k G k G k y 1 y 2 y t = ¡ t -­‑wise ¡independent ¡func

  26. Step ¡3: ¡CCA ¡Security See ¡paper… Difficulties ¡arise: • Need ¡“branched” ¡T-­‑ELFs • T-­‑ELFs ¡are ¡much ¡more ¡delicate ¡than ¡LTDFs ⇒ Generic ¡approaches ¡don’t ¡work • Instead, ¡modify ¡construction ¡directly

  27. Now ¡time ¡for ¡a ¡nap ¡…

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research Weizmann Institute Silicon Valley Probabilistic Encryption Enc Semantic Security [GM82]: No

341 views • 14 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic 1 / 116 2 / 116 Correct decryption requirement Example:

430 views • 29 slides
Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w

Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w

Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w * if M , on input w , starting from the start state s , reaches a final state i.e., * ( s,w ) F L ( M ) is the set of all strings accepted by

652 views • 51 slides
The Magic of ELFs Mark Zhandry Princeton University (Work done

The Magic of ELFs Mark Zhandry Princeton University (Work done

The Magic of ELFs Mark Zhandry Princeton University (Work done while at MIT) Prove this secure: Enc(m) = ( TDP(r), H(r) m ) (CPA security, many-bit messages, arbitrary

1.1k views • 64 slides
How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben Morris Phil Rogaway Till Stegers University of California, Davis University of California, Davis Dept of Mathematics Dept of Computer

1.01k views • 25 slides
Linear System Response Linear System to Random Inputs Response to deterministic input.

Linear System Response Linear System to Random Inputs Response to deterministic input.

Outline Linear System Response Linear System to Random Inputs Response to deterministic input. Response to stochastic input. Characterize the stochastic output using: mean, mean square, autocorrelation, M. Sami Fadali spectral

296 views • 14 slides
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct decryption requirement More

1.19k views • 53 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and

Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and

(A brief, incomplete) Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and Privacy June 11, 2018 Authenticated Encryption M M Its complicated Probabilistic or deterministic AE? Nonce based AE?

868 views • 47 slides
1 The Minimization Problem The Minimization Problem Input: A DFA (deterministic finite-state

1 The Minimization Problem The Minimization Problem Input: A DFA (deterministic finite-state

Simpler &amp; More General Minimization The Minimization Problem for Weighted Finite-State Automata Input: A DFA (deterministic finite-state automaton) Output: An equiv. DFA with as few states as possible Complexity: O(|arcs| log |states| )

792 views • 16 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and

Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and

Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings Michel Abdalla Dario Catalano Dario Fiore Romain Gay Bogdan Ursu August 21, 2018 August 21, 2018 1 / 30 Motivation - Spam

552 views • 31 slides
Training Deterministic Parsers with Non-Deterministic Oracles by Yoav Goldberg and Joakim

Training Deterministic Parsers with Non-Deterministic Oracles by Yoav Goldberg and Joakim

Training Deterministic Parsers with Non-Deterministic Oracles by Yoav Goldberg and Joakim Nivre, 2013 Seminarvortrag Pius Meinert July 13, 2018 Training Deterministic Parsers with Non-Deterministic Oracles root PRD SBJ DOBJ IOBJ

842 views • 47 slides
CLOC: Authenticated Encryption for Short Input Tetsu Iwata, Nagoya University Kazuhiko Minematsu,

CLOC: Authenticated Encryption for Short Input Tetsu Iwata, Nagoya University Kazuhiko Minematsu,

CLOC: Authenticated Encryption for Short Input Tetsu Iwata, Nagoya University Kazuhiko Minematsu, NEC Corporation Jian Guo, Nanyang Technological University Sumio Morioka, NEC Europe Ltd. FSE 2014 March 3, 2014, London, UK 1 Outline A new

668 views • 33 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Shallow trade cumulus: BOMEX Barbados Oceanographic and Meteorological Experiment (1969) Lecture

Shallow trade cumulus: BOMEX Barbados Oceanographic and Meteorological Experiment (1969) Lecture

Shallow trade cumulus: BOMEX Barbados Oceanographic and Meteorological Experiment (1969) Lecture 17 Slide 1 LES of nonprecipitating BOMEX trade cumulus Lecture 17 Slide 2 BOMEX LES profiles Lecture 17 Slide 3 Shallow Cu buoyancy/ flux:

145 views • 12 slides
THE OTHER HIGGSES, AT RESONANCE, IN THE LEE- WICK EXTENSION OF THE STANDARD MODEL

THE OTHER HIGGSES, AT RESONANCE, IN THE LEE- WICK EXTENSION OF THE STANDARD MODEL

THE OTHER HIGGSES, AT RESONANCE, IN THE LEE- WICK EXTENSION OF THE STANDARD MODEL ARXIV:1108.3765, JHEP10 (2011) 145 (IN COLLABORATION WITH ROMAN ZWICKY) Dr. Terrance Figy The University of Manchester Birmingham Particle Physics Seminars 29

958 views • 41 slides
A Flavor and Spectral Analysis of the Ultra-High Energy Neutrino Events at IceCube P . S. Bhupal

A Flavor and Spectral Analysis of the Ultra-High Energy Neutrino Events at IceCube P . S. Bhupal

A Flavor and Spectral Analysis of the Ultra-High Energy Neutrino Events at IceCube P . S. Bhupal Dev Consortium for Fundamental Physics, The University of Manchester, United Kingdom C.-Y. Chen, PSBD and A. Soni, Phys. Rev. D 89 , 033012 (2014)

832 views • 56 slides
DAQ Architecture Giovanna Lehmann Miotto DAQ Design Review 3 Nov 2016 Introduction From

DAQ Architecture Giovanna Lehmann Miotto DAQ Design Review 3 Nov 2016 Introduction From

DAQ Architecture Giovanna Lehmann Miotto DAQ Design Review 3 Nov 2016 Introduction From DUNE DAQ to ProtoDUNE DAQ External interfaces and constraints DAQ logical architecture Main DAQ components and their interaction Risks

530 views • 26 slides
Quark Imaging at JLab 12 GeV and beyond (2) Compton Scattering Tanja Horn , K, etc.

Quark Imaging at JLab 12 GeV and beyond (2) Compton Scattering Tanja Horn , K, etc.

Quark Imaging at JLab 12 GeV and beyond (2) Compton Scattering Tanja Horn , K, etc. Jefferson Lab Known , process K, GP etc. D ~ ~ H H E E HUGS, Newport News, VA 11 June 2009 Tanja Horn, Quark imaging at JLab 12 GeV and

875 views • 41 slides
Vietnamese Text Retrieval : Test Collection and First Experimentations Experimentations Ho Bao

Vietnamese Text Retrieval : Test Collection and First Experimentations Experimentations Ho Bao

Vietnamese Text Retrieval : Test Collection and First Experimentations Experimentations Ho Bao Quoc Vietnam National University HoChiMinh City University of Sciences Where are we ? I am here !!! Faculty of Information Technology

454 views • 24 slides
Outline SUSY Flavor Problem Motivation Model Predictions Summary and

Outline SUSY Flavor Problem Motivation Model Predictions Summary and

Outline SUSY Flavor Problem Motivation Model Predictions Summary and Conclusions Steven Gabriel, OSU, Pheno 08 p. 1/1 SUSY Flavor Problem Strongest constraint from K 0 K 0 mixing: sq &lt; 10 4 s /m 2 d

323 views • 16 slides
ThS. Trn Th Thanh Nga Khoa CNTT, Trng H Nng Lm TPHCM Email: ngattt@hcmuaf.edu.vn

ThS. Trn Th Thanh Nga Khoa CNTT, Trng H Nng Lm TPHCM Email: ngattt@hcmuaf.edu.vn

ThS. Trn Th Thanh Nga Khoa CNTT, Trng H Nng Lm TPHCM Email: ngattt@hcmuaf.edu.vn Java Basic 1 Selections When you compute area, if you enter a negative value: the program prints an invalid result. you dont want

942 views • 76 slides

More recommend