Outl tline Perfectly correct IPE ine Verifiable Inner Product - - PowerPoint PPT Presentation

Veri

rifia iable le Inner Produ duct t Encry ryptio ption n Sc Scheme me

Najme meh h Soroush, , Vincenz nzo

• Io

Iovino, , Alfredo do Rial, , Peter er Roenne, , Peter Y.A .A. . Ryan

PKC 202 020 0 – Vir irtual tual versi sion

• n

June 2020

2

Functional Encryption “FE”

Outl tline ine

Verifiability concept for FE Inner Product Encryption as FE Perfectly correct IPE Verifiable Inner Product Encryption Some applications of IPE/VIPE

3

Functio ional nal Encryptio ption n Scheme me Encryp yptio tion n Scheme me

Decrypti ryption

• n

CT CT m key

Decrypti ryption

• n

CT CT f(m) m) tok tokf

4

Functional ional Encryp yptio tion n for functio tionalit nality y F

={ f }:

Decrypti ryption

• n

CT CT f(m) m) tok tokf

Encry rypt ptio ion

m CT CT

MPK

TokenG enGen

MSK

f tok tok f

SetUp Up

Secur urity ty Param am

MPK MSK

5

Encryte ted data

[BGJS16]: Saikrishna Badrinarayanan, Vipul Goyal, Aayush Jain, and Amit Sahai. Veriable functional encryption. ASIACRYPT 2016

6

 Decryption(CT , )=y

Tok f

There exist some m : f(m)=y There exist some m : f(m)=y, g(m)=z Public Verification algorithm

.

CT MPK

Verif rifia iabi bility lity for r FE [BGJS16] :

 Decryption(CT , )=y  Decryption(CT , )=z

Tok

f

Tok

g

for all f:

Tok f

[BGJS16]: Saikrishna Badrinarayanan, Vipul Goyal, Aayush Jain, and Amit Sahai. Veriable functional encryption. ASIACRYPT 2016

7

verifiability

security Verifiability

Security Security verifiability

Verif rifia iabi bility lity vs Secur curity ity

8

Inner Prod

• duct

uct Enc ncrypt yption ion as as FE:

E:

9

Correctness

≈

Veri erifia iable le Inner

er Produc duct Encr crypti yption

• n:

10 10

Correctness

Veri erifia iable le Inner

er Produc duct Encr crypti yption

• n:

Verifiability

Perfect correctness

11 11

Randomness from TokGen algorithm Randomness from Encryption algorithm

First challenge : Perfectly correct IPE

[Par11]:

[Par11]: Jong Hwan Park. Inner-product encryption under standard assumptions.Des. Codes Cryptography, 58(3):235-257, 2011.

12 12

Randomness from TokGen algorithm Randomness from Encryption algorithm Decryption algorithm : m* OR ‘ERROR’

First challenge : Perfectly correct IPE

Random value

[Par11]:

[Par11]: Jong Hwan Park. Inner-product encryption under standard assumptions.Des. Codes Cryptography, 58(3):235-257, 2011.

13 13

First attemp:

Decryption algorithm

14 14

Our Solution:

Decryption algorithm

Secur urity: ty:

15 15

Security proof

Scheme

modification

Verification algorithms

Perfectly ectly correct ect Inner Product

uct Encryp rypti tion

• n

Verif rifia iable le Inne

ner Produc

uct Encryp cryptio tion Effici cienc ency: y:

x

No trusted party! No need to solve the discret log Efficient for long message space Indistinguishable-secure Attribute-Hiding Security based on DLin & BDDH

Perf rfect ectly ly bindi ding ng commitment mitment scheme eme NIWI WI pr proof

• fs:

s: 𝜌

.

4

IPE PE

16 16

Verifiable le Inner

er Product

duct Encr cryption yption 1

IPE

.

2

IPE

3

IPE

VIPE [BGJS16]

[BGJS16]: Saikrishna Badrinarayanan, Vipul Goyal, Aayush Jain, and Amit Sahai. Veriable functional encryption. ASIACRYPT 2016

17 17

Verifiable le Inner Produc

• duct Encry

ncryption ption

Perfec ectl tly bind nding ing comm mmitm itment nt scheme me

NIWI WI pr proof

• fs:

s: 𝜌

. .

VIPE

1 IPE 2 IPE 3 IPE 4 IPE

1- Relations:

19 19

Encryption Algorithm:

2- Variables

20 20

3- System of equations:

[GS08]: Jens Groth and Amit Sahai. Effecient non-interactive proof systems for bilinear groups- EUROCRYPT 2008

Groth-Sahai NIWI proof system: NIWI WI pr proof

• fs:

s: 𝜌

[GS08]:

21 21

So Some me applica pplicati tions

• ns of
• f VIPE

IPE/IP /IPE: E:

Anonymous Identity-Based Encryption [KSW08] Polynomial commitment scheme Hidden-Vector Encryption Predicate encryption schemes supporting polynomial evaluation

[KSW08]: J. Katz, A. Sahai, and B. Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. EUROCRYPT 2008

22 22

Ver erif ifia iable le Polynomi nomial al commitment mmitment Commitment Phase: Opening Phase:

[Par11]: Jong Hwan Park. Inner-product encryption under standard assumptions.Des. Codes Cryptography, 58(3):235-257, 2011. [GOS06] Jens Groth, Rafail Ostrovsky, and Amit Sahai. Non-interactive zaps and new techniques for NIZK. In Cynthia Dwork, editor, Advances in Cryptology -CRYPTO 2006 [KSW08]: Jonathan Katz, Amit Sahai, and Brent Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In Nigel P.Smart, editor, Advances in Cryptology - EUROCRYPT 2008 [BGJS16]: Saikrishna Badrinarayanan, Vipul Goyal, Aayush Jain, and Amit Sahai. Veriable functional encryption. In Proceedings, Part II, of the 22Nd International Conference on Advances in Cryptology | ASIACRYPT 2016 [BSW11]: Dan Boneh, Amit Sahai, and Brent Waters. Functional encryption: Definitions and challenges. In Yuval Ishai, editor, TCC 2011: 8th Theory of Cryptography Conference [GS08]: Jens Groth and Amit Sahai. Efficient non-interactive proof systems for bilinear groups. In Nigel P. Smart, editor, Advances in Cryptology - EUROCRYPT 2008

Reference:

Thanks for your attent ntion! ion!