on the circular security of bit encryption
play

On the Circular Security of Bit Encryption Ron Rothblum Weizmann - PowerPoint PPT Presentation

May 30, 2023 •201 likes •545 views

On the Circular Security of Bit Encryption Ron Rothblum Weizmann Institute Circular Security Circular Security Q: Is it in general safe to encrypt your own key? A: For some schemes (e.g. [BHHO08,ACPS09] ) yes but in general No! Circular

  1. On the Circular Security of Bit Encryption Ron Rothblum Weizmann Institute

  2. Circular Security

  3. Circular Security Q: Is it in general safe to encrypt your own key? A: For some schemes (e.g. [BHHO08,ACPS09] ) yes but in general No!

  4. Circular Security

  5. Public Key Example Public Key Example

  6. Circular Security of Bit Encryption Since general case is false, focus on interesting special case of bit-encryption . Why bit-encryption? 1. Most candidate FHE are bit-encryption whose semantic-security relies on their circular security (which is not understood). 2. Seems most natural way to foil the previous counterexample and get circular security for “free”.

  7. Bit-Encryption Conjecture Conjecture: [Folklore] Every semantically-secure bit-encryption scheme is circular secure. Focus of this work is showing obstacles to proving the conjecture.

  8. Our Results 1. A scheme that is circular insecure but is semantically secure based on multilinear maps. 2. Cannot prove the conjecture via a blackbox reduction. 3. Equivalence of different security notions for circular security of bit- encryption.

  9. Our Results 1. A scheme that is circular insecure but is semantically secure based on multilinear maps. 2. Cannot prove the conjecture via a blackbox reduction. 3. Equivalence of different security notions for circular security of bit- encryption.

  10. Our Assumption An extension of an assumption made on groups with bilinear maps to groups with multilinear maps.

  11. Multilinear Maps

  12. Multilinear Maps There exist trivial multilinear maps unconditionally but for crypto, need computational problems such as discrete-log to be hard. Do there exist multilinear groups on which discrete-log (and friends) are hard? [BS03]

  13. (Silly) Example (Silly) Example

  14. SXDH Assumption [BGMM05, ACHM05] c

  16. Theorem

  17. El-Gamal Variant Key Generation: Decrypt(c,d):

  18. Our Scheme Key Generation:

  19. Our Scheme Key Generation:

  20. Circular Security Attack … … … … … … …

  21. Circular Security Attack …. …

  22. Circular Security Attack …. …

  23. Circular Security Attack …. …

  24. Circular Security Attack With overwhelming probability

  25. Our Results 1. A scheme that is circular insecure but is semantically secure based on multilinear maps. 2. Cannot prove the conjecture via a blackbox reduction. 3. Equivalence of different security notions for circular security of bit- encryption.

  26. Blackbox Impossibility Result No blackbox reduction from circular-security of bit-encryption scheme to semantic-security (or even CCA security) of the same scheme. Blackbox access to encryption-scheme and adversary. Incomparable to [HH09] KDM blackbox separation.

  27. [HH09] KDM Blackbox Impossibility [HH09] KDM Blackbox Impossibility

  28. A Blackbox Reduction A Blackbox Reduction Encryption Circular Security Circular Security Scheme Scheme Adversary Challenger Challenger Reduction (Semantic Security (Semantic Security Adversary)

  29. Our Results 1. A scheme that is circular insecure but is semantically secure based on multilinear maps. 2. Cannot prove the conjecture via a blackbox reduction. 3. Equivalence of different security notions for circular security of bit- encryption.

  30. Circular Security Definitions

  31. Equivalence Result

  32. Open Problems

  33. Thank you!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent

Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent

Separating Semantic and Circular Security for Symmetric Key Bit Encryption from LWE Rishab Goyal Venkata Koppula Brent Waters n-Circular Security [C amenisch L ysyanskya 01] PK 1 PK 1 . . . . . . PK n PK n Enc PKn (0) Enc PKn (SK 1 ) Enc PK1

1.07k views • 89 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Circular Encryption Dan Boneh Shai Halevi Mike Hamburg Rafi Ostrovsoky Circular

Circular Encryption Dan Boneh Shai Halevi Mike Hamburg Rafi Ostrovsoky Circular

Circular Encryption Dan Boneh Shai Halevi Mike Hamburg Rafi Ostrovsoky Circular encryption (E, D) a symmetric cipher. k 1 , k 2 two keys. Which of the following is safe to publish? c E k 1 (k

573 views • 13 slides
Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan Identity-Based Encryption [Sha84, BF03, Coc01] Identity-Based Encryption [Sha84, BF03, Coc01]

1.01k views • 64 slides
Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems

Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems

Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems Benny Applebaum, David Cash, Chris Peikert, Amit Sahai Princeton University, Georgia Tech, SRI international, UCLA CRYPTO 2009 Learning Noisy Linear

352 views • 33 slides
Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ;

Authenticated Encryption Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp Motivation for Authenticated Encryption Authenticated Encryption (AE) m 1 m 2 Security goals: Confidentiality and integrity of messages

649 views • 60 slides
Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should

Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should

Encryption Debdeep Mukhopadhyay IIT Kharagpur Notion of Security A Good disguise should not reveal the persons height Shafi Goldwasser and Silvio Micali, 1982 1 Design of Encryption Algorithms Encryption algorithms are

421 views • 7 slides
Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication Encapsulation Intrusion detection Common sense Lecture 2 Page 1 CS 236 Online Physical Security Lock up your computer Actually,

465 views • 35 slides
Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH

Provable Security Meets the Real World Kenny Paterson Information Security Group 1 Outline RSA encryption in PKCS#1 The SSH Binary Packet Protocol IPsec MAC-then-Encrypt Lessons learned? 2 Outline RSA encryption in PKCS#1

948 views • 61 slides
TLS for MySQL at Large Scale Jaime Crespo Things we Security and encryption fundamentals

TLS for MySQL at Large Scale Jaime Crespo Things we Security and encryption fundamentals

TLS for MySQL at Large Scale Jaime Crespo Things we Security and encryption fundamentals are *NOT* At rest encryption Best practices for web/HTTP going to encryption How perfectly and good we are- we made

529 views • 18 slides
Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at rest and communication channels Security of Computation on Sensitive Inputs Secure multiparty computation (MPC) Differential privacy methods

595 views • 43 slides
Circular Food Systems for Nutrition Security A Transformative Research Agenda as Next GRA Flagship

Circular Food Systems for Nutrition Security A Transformative Research Agenda as Next GRA Flagship

Circular Food Systems for Nutrition Security A Transformative Research Agenda as Next GRA Flagship Martin C. Th. Scholten August 29, 2017 @mcthscholten A Global Flagship Proposal Food Production in Biobased Society From Linear to Circular, no

90 views • 7 slides
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques Allison Lewko Brent Waters Roots of Attribute-Based Encryption Moving beyond Public Key Encryption: CEO Manager 1 Manager 2 Bob

341 views • 19 slides
The Encryption Standards Appendix F Computer Security: Art and Science, 2 nd Edition Version 1.0

The Encryption Standards Appendix F Computer Security: Art and Science, 2 nd Edition Version 1.0

The Encryption Standards Appendix F Computer Security: Art and Science, 2 nd Edition Version 1.0 Slide F - 1 Outline Data Encryption Standard Algorithm Advanced Encryption Standard Background mathematics Algorithm Computer

499 views • 31 slides
Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M

Defining Encryption (ctd.) Lecture 3 SIM & IND security Beyond One-Time: CPA security Computational Indistinguishability Recall Onetime Encryption Perfect Secrecy Perfect secrecy : m, m M K 0 1 2 3 M {Enc(m,K)} K KeyGen

619 views • 20 slides
BiPo Prototype Measurements for SuperNEMO Objectives and principles Prototypes First

BiPo Prototype Measurements for SuperNEMO Objectives and principles Prototypes First

BiPo Prototype Measurements for SuperNEMO Objectives and principles Prototypes First results BONGRAND Mathieu Universit Paris-Sud 11 Rencontres de Moriond La Thuile, 2008 Objectives Measure the radiopurity in 208 Tl and 214

537 views • 15 slides
Random Walk Inference and Learning in A Large Scale Knowledge Base in A Large Scale Knowledge Base

Random Walk Inference and Learning in A Large Scale Knowledge Base in A Large Scale Knowledge Base

Random Walk Inference and Learning in A Large Scale Knowledge Base in A Large Scale Knowledge Base Ni Lao Tom Mitchell William W Cohen Ni Lao, Tom Mitchell, William W. Cohen Carnegie Mellon University 2011.7.28 EMNLP 2011, Edinburgh, Scotland, UK

379 views • 24 slides
Developing LAr Scintillation Light Applications at Neutrino Energies with LArIAT Andrzej Szelc,

Developing LAr Scintillation Light Applications at Neutrino Energies with LArIAT Andrzej Szelc,

Developing LAr Scintillation Light Applications at Neutrino Energies with LArIAT Andrzej Szelc, Manchester (for the LArIAT collaboration) What is LArIAT? A test facility to calibrate and test LArTPCs and their components using a beam of

395 views • 26 slides
For Friday Read chapter 8, sections 1-2 No homework ILP Homework Due Monday after

For Friday Read chapter 8, sections 1-2 No homework ILP Homework Due Monday after

For Friday Read chapter 8, sections 1-2 No homework ILP Homework Due Monday after Spring Break Obtain Student Relational data from the UCI ML repository Use each of FOIL, Golem, and Aleph to learn rules for the data Each

706 views • 19 slides
IMMORAL GAIN 9 Woe to him who gets evil gain for his house To put his nest on high, To be

IMMORAL GAIN 9 Woe to him who gets evil gain for his house To put his nest on high, To be

THE FOLLY OF IMMORAL GAIN 9 Woe to him who gets evil gain for his house To put his nest on high, To be delivered from the hand of calamity! THE FOLLY OF 10 You have devised a shameful thing for your house IMMORAL GAIN By cutting off many

532 views • 49 slides
Comparison of Queuing Data Structures for Traffic Analysers Maximilian Pudelko August 3, 2016

Comparison of Queuing Data Structures for Traffic Analysers Maximilian Pudelko August 3, 2016

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Comparison of Queuing Data Structures for Traffic Analysers Maximilian Pudelko August 3, 2016 Chair of Network Architectures and Services

396 views • 20 slides
God with Us [A dve nt 2013] SERMON NOTES DECEMBER 29, 2013 1. Compare this passage to Isaiah,

God with Us [A dve nt 2013] SERMON NOTES DECEMBER 29, 2013 1. Compare this passage to Isaiah,

SERMON NOTES DECEMBER 29, 2013 Jesus: The Revealer of Hearts Jesus: The Revealer of Hearts Luke 2: 25-35 Pastor Brent Whitefield Intr troduc oducti tion: on: Simeon, the obscure but pious Jerusalemite, gives us the first indication that the

482 views • 3 slides
2 SAMUEL PURSUING GODS HEART Open Your Bible To: 2 Samuel 16:1-4 D OWNLOAD T HIS P

2 SAMUEL PURSUING GODS HEART Open Your Bible To: 2 Samuel 16:1-4 D OWNLOAD T HIS P

2 SAMUEL PURSUING GODS HEART Open Your Bible To: 2 Samuel 16:1-4 D OWNLOAD T HIS P RESENTATION: L IVING W ATER C ORONA . COM / SLIDES 2 Samuel 16 & 19 Questions To Ask Before Making Decisions 2 Samuel 16 & 19 Questions To Ask

511 views • 16 slides

More recommend