UCE security 𝑡 ← Gen(1 𝜇 ) 𝑔 ← Funcs(𝑛, 𝑜) ℎ 𝑡 𝑔 source 𝑇 𝐼 = (𝐻𝑓𝑜, ℎ) Bellare Hoang Keelveedhi
UCE security 𝑡 ← Gen(1 𝜇 ) 𝑔 ← Funcs(𝑛, 𝑜) ℎ 𝑡 𝑔 source 𝑇 𝐼 = (𝐻𝑓𝑜, ℎ) Bellare Hoang Keelveedhi
UCE security 𝑡 ← Gen(1 𝜇 ) 𝑔 ← Funcs(𝑛, 𝑜) ℎ 𝑡 𝑔 source 𝑇 𝑀 𝐼 = (𝐻𝑓𝑜, ℎ) 𝐸 distinguisher Bellare Hoang Keelveedhi
UCE security 𝑡 ← Gen(1 𝜇 ) 𝑡 ← Gen(1 𝜇 ) 𝑔 ← Funcs(𝑛, 𝑜) ℎ 𝑡 𝑔 source 𝑇 𝑀 𝒕 𝐼 = (𝐻𝑓𝑜, ℎ) 𝐸 distinguisher Bellare Hoang Keelveedhi
UCE security 𝑡 ← Gen(1 𝜇 ) 𝑔 ← Funcs(𝑛, 𝑜) ℎ 𝑡 𝑔 source 𝑇 𝑀 𝒕 𝐼 = (𝐻𝑓𝑜, ℎ) 0/1 𝐸 distinguisher Bellare Hoang Keelveedhi
UCE security 𝑡 ← Gen(1 𝜇 ) 𝑔 ← Funcs(𝑛, 𝑜) ℎ 𝑡 𝑔 ≈ source 𝑇 𝑀 𝒕 𝐼 = (𝐻𝑓𝑜, ℎ) 0/1 𝐸 distinguisher Bellare Hoang Keelveedhi
psPRP security 𝑡 ← Gen(1 𝜇 ) 𝝇 ← 𝐐𝐟𝐬𝐧𝐭(𝒐) 𝝇/𝝇 −𝟐 −𝟐 𝝆 𝒕 /𝝆 𝒕 𝑇 𝑄 = (𝐻𝑓𝑜, 𝜌, 𝜌 −1 ) 𝐸
psPRP security 𝑡 ← Gen(1 𝜇 ) 𝝇 ← 𝐐𝐟𝐬𝐧𝐭(𝒐) 𝝇/𝝇 −𝟐 −𝟐 𝝆 𝒕 /𝝆 𝒕 Makes forward and 𝑇 𝑄 = (𝐻𝑓𝑜, 𝜌, 𝜌 −1 ) backward queries! 𝐸
psPRP security 𝑡 ← Gen(1 𝜇 ) 𝝇 ← 𝐐𝐟𝐬𝐧𝐭(𝒐) 𝝇/𝝇 −𝟐 −𝟐 𝝆 𝒕 /𝝆 𝒕 Makes forward and 𝑇 𝑄 = (𝐻𝑓𝑜, 𝜌, 𝜌 −1 ) backward queries! 𝑀 𝒕 𝐸
psPRP security 𝑡 ← Gen(1 𝜇 ) 𝝇 ← 𝐐𝐟𝐬𝐧𝐭(𝒐) 𝝇/𝝇 −𝟐 −𝟐 𝝆 𝒕 /𝝆 𝒕 Makes forward and 𝑇 𝑄 = (𝐻𝑓𝑜, 𝜌, 𝜌 −1 ) backward queries! 𝑀 𝒕 0/1 𝐸
psPRP security 𝑡 ← Gen(1 𝜇 ) 𝝇 ← 𝐐𝐟𝐬𝐧𝐭(𝒐) 𝝇/𝝇 −𝟐 −𝟐 𝝆 𝒕 /𝝆 𝒕 Makes forward and 𝑇 𝑄 = (𝐻𝑓𝑜, 𝜌, 𝜌 −1 ) backward queries! 𝑀 𝒕 0/1 𝐸 𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , left and right are indistinguishable.
psPRP security 𝑡 ← Gen(1 𝜇 ) 𝝇 ← 𝐐𝐟𝐬𝐧𝐭(𝒐) 𝝇/𝝇 −𝟐 −𝟐 𝝆 𝒕 /𝝆 𝒕 Makes forward and 𝑇 𝑄 = (𝐻𝑓𝑜, 𝜌, 𝜌 −1 ) backward queries! 𝑀 𝒕 0/1 𝐸 𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , left and right are indistinguishable.
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , …
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 𝑇
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 (+, 0 𝑜 ) (+, 0 𝑜 ) 𝑇
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 𝑧 𝑧 (+, 0 𝑜 ) (+, 0 𝑜 ) 𝑇
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 𝑧 𝑧 (+, 0 𝑜 ) (+, 0 𝑜 ) 𝑇 𝑀 = 𝑧 𝒕 𝐸
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 𝑧 𝑧 (+, 0 𝑜 ) (+, 0 𝑜 ) 𝑇 𝑀 = 𝑧 𝒕 Outputs 1 iff 𝐸 𝑧 = 𝜌 𝑡 0 𝑜
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 𝑧 𝑧 (+, 0 𝑜 ) (+, 0 𝑜 ) 𝑇 𝑀 = 𝑧 𝒕 1 with prob. 1 Outputs 1 iff 𝐸 𝑧 = 𝜌 𝑡 0 𝑜
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 𝑧 𝑧 (+, 0 𝑜 ) (+, 0 𝑜 ) 𝑇 𝑀 = 𝑧 𝒕 1 with prob. 1 Outputs 1 iff 𝐸 𝑧 = 𝜌 𝑡 0 𝑜 with prob. 1/2 𝑜 1
𝑄 is 𝑞𝑡𝑄𝑆𝑄 -secure if ∀ PPT 𝑇, 𝐸 , … 𝑡 ← Gen(1 𝜇 ) 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 −1 𝜌 𝑡 /𝜌 𝑡 ≈ 𝑧 𝑧 (+, 0 𝑜 ) (+, 0 𝑜 ) 𝑇 𝑀 = 𝑧 𝒕 1 with prob. 1 Outputs 1 iff 𝐸 𝑧 = 𝜌 𝑡 0 𝑜 with prob. 1/2 𝑜 1 𝑞𝑡𝑄𝑆𝑄 -security is impossible against all sources!
𝑄 = (Gen, 𝜌, 𝜌 −1 ) Sources need to be restricted all sources
𝑄 = (Gen, 𝜌, 𝜌 −1 ) Sources need to be restricted all sources 𝒯
𝑄 = (Gen, 𝜌, 𝜌 −1 ) Sources need to be restricted 𝑡 ← Gen(1 𝜇 ) all sources 𝜍 ← Perms(𝑜) −1 𝜍/𝜍 −1 𝜌 𝑡 /𝜌 𝑡 𝒯 𝑇 𝑀 𝒕 𝐸 0/1 𝑄 is 𝑞𝑡𝑄𝑆𝑄[𝒯] -secure if ∀ 𝑇 ∈ 𝒯 and ∀ PPT 𝐸 , left and right are indistinguishable.
This talk – unpredictable and reset-secure sources all sources
This talk – unpredictable and reset-secure sources all sources 𝒯 𝑡𝑣𝑞 unpredictable
This talk – unpredictable and reset-secure sources all sources reset-secure 𝒯 𝑡𝑠𝑡 𝒯 𝑡𝑣𝑞 unpredictable
This talk – unpredictable and reset-secure sources all sources reset-secure 𝒯 𝑡𝑠𝑡 𝒯 𝑡𝑣𝑞 unpredictable Both restrictions model that 𝐸 cannot predict the queries made by the sources!
This talk – unpredictable and reset-secure sources all sources reset-secure 𝒯 𝑡𝑠𝑡 𝒯 𝑡𝑣𝑞 unpredictable Both restrictions model that 𝐸 cannot predict the queries made by the sources! 𝒯 𝑡𝑣𝑞 ⊆ 𝒯 𝑡𝑠𝑡
This talk – unpredictable and reset-secure sources all sources reset-secure 𝒯 𝑡𝑠𝑡 𝒯 𝑡𝑣𝑞 unpredictable Both restrictions model that 𝐸 cannot predict the queries made by the sources! 𝑞𝑡𝑄𝑆𝑄 𝒯 𝑡𝑠𝑡 is a stronger 𝒯 𝑡𝑣𝑞 ⊆ 𝒯 𝑡𝑠𝑡 ⟹ assumption than 𝑞𝑡𝑄𝑆𝑄 𝒯 𝑡𝑣𝑞
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) 𝜍/𝜍 −1 𝑇 𝐵
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) (𝜏, 𝑦 𝑗 ) 𝜏 ∈ {+, −} 𝜍/𝜍 −1 𝑇 𝐵
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) (𝜏, 𝑦 𝑗 ) 𝜏 ∈ {+, −} 𝜍/𝜍 −1 𝑇 𝑅 ← 𝑅 ∪ { 𝜏, 𝑦 𝑗 , (𝜏 , 𝑧 𝑗 )} 𝐵
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) (𝜏, 𝑦 𝑗 ) 𝜏 ∈ {+, −} 𝜍/𝜍 −1 𝑇 𝑧 𝑗 𝑅 ← 𝑅 ∪ { 𝜏, 𝑦 𝑗 , (𝜏 , 𝑧 𝑗 )} 𝐵
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) (𝜏, 𝑦 𝑗 ) 𝜏 ∈ {+, −} 𝜍/𝜍 −1 𝑇 𝑧 𝑗 𝑅 ← 𝑅 ∪ { 𝜏, 𝑦 𝑗 , (𝜏 , 𝑧 𝑗 )} 𝑀 𝐵
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) (𝜏, 𝑦 𝑗 ) 𝜏 ∈ {+, −} 𝜍/𝜍 −1 𝑇 𝑧 𝑗 𝑅 ← 𝑅 ∪ { 𝜏, 𝑦 𝑗 , (𝜏 , 𝑧 𝑗 )} 𝑀 It should be hard for 𝐵 to predict any of 𝑇 ’s queries or its inverse 𝐵 [ 𝑅 ′ ∩ 𝑅 ≠ 𝜚] = negl(𝜇) Pr 𝑅′
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) (𝜏, 𝑦 𝑗 ) 𝜏 ∈ {+, −} 𝜍/𝜍 −1 𝑇 𝑧 𝑗 𝑅 ← 𝑅 ∪ { 𝜏, 𝑦 𝑗 , (𝜏 , 𝑧 𝑗 )} 𝑀 It should be hard for 𝐵 to predict any of 𝑇 ’s queries or its inverse 𝐵 [ 𝑅 ′ ∩ 𝑅 ≠ 𝜚] = negl(𝜇) Pr 𝑅′ 𝒯 𝑡𝑣𝑞 : 𝐵 is computationally unbounded ⊆ 𝒯 𝑑𝑣𝑞 : 𝐵 is PPT
Source restrictions – unpredictability 𝜍 ← Perms(𝑜) (𝜏, 𝑦 𝑗 ) 𝜏 ∈ {+, −} 𝜍/𝜍 −1 𝑇 𝑧 𝑗 𝑅 ← 𝑅 ∪ { 𝜏, 𝑦 𝑗 , (𝜏 , 𝑧 𝑗 )} 𝑀 It should be hard for 𝐵 to predict any of 𝑇 ’s queries or its inverse 𝐵 [ 𝑅 ′ ∩ 𝑅 ≠ 𝜚] = negl(𝜇) Pr 𝑅′ 𝒯 𝑡𝑣𝑞 : 𝐵 is computationally unbounded ⊆ 𝑞𝑡𝑄𝑆𝑄[𝒯 𝑑𝑣𝑞 ] impossible if iO 𝒯 𝑑𝑣𝑞 : 𝐵 is PPT exists [BFM14]
Source restrictions – reset-security
Source restrictions – reset-security 𝜍/𝜍 −1 𝑇 𝜍 ← Perms(𝑜) 𝑆
Source restrictions – reset-security 𝜍/𝜍 −1 𝑇 𝜍 ← Perms(𝑜) 𝑆
Source restrictions – reset-security 𝜍/𝜍 −1 𝑇 𝜍 ← Perms(𝑜) 𝑀 𝜍/𝜍 −1 𝑆
Source restrictions – reset-security 𝜍/𝜍 −1 𝑇 𝜍 ← Perms(𝑜) 𝑀 𝜍/𝜍 −1 𝑆 0/1
Source restrictions – reset-security 𝜍/𝜍 −1 𝜍/𝜍 −1 𝑇 𝑇 𝜍 ← Perms(𝑜) 𝜍 ← Perms(𝑜) 𝑀 𝑀 𝜍/𝜍 −1 𝑆 𝑆 −1 𝜍 1 /𝜍 1 𝜍 1 ← Perms(𝑜) 0/1 0/1
Source restrictions – reset-security 𝜍/𝜍 −1 𝜍/𝜍 −1 𝑇 𝑇 𝜍 ← Perms(𝑜) 𝜍 ← Perms(𝑜) ≈ 𝑀 𝑀 𝜍/𝜍 −1 𝑆 𝑆 −1 𝜍 1 /𝜍 1 𝜍 1 ← Perms(𝑜) 0/1 0/1
Source restrictions – reset-security 𝜍/𝜍 −1 𝜍/𝜍 −1 𝑇 𝑇 𝜍 ← Perms(𝑜) 𝜍 ← Perms(𝑜) ≈ 𝑀 𝑀 𝜍/𝜍 −1 𝑆 𝑆 −1 𝜍 1 /𝜍 1 𝜍 1 ← Perms(𝑜) 0/1 0/1 𝒯 𝑡𝑠𝑡 : 𝑆 is computationally unbounded ⊆ 𝒯 𝑑𝑠𝑡 : 𝑆 is PPT
Source restrictions – reset-security 𝜍/𝜍 −1 𝜍/𝜍 −1 𝑇 𝑇 𝜍 ← Perms(𝑜) 𝜍 ← Perms(𝑜) ≈ 𝑀 𝑀 𝜍/𝜍 −1 𝑆 𝑆 −1 𝜍 1 /𝜍 1 𝜍 1 ← Perms(𝑜) 0/1 0/1 𝒯 𝑡𝑠𝑡 : 𝑆 is computationally unbounded ⊆ 𝒯 𝑑𝑣𝑞 ⊆ 𝒯 𝑑𝑠𝑡 𝒯 𝑑𝑠𝑡 : 𝑆 is PPT
Recap 𝑞𝑡𝑄𝑆𝑄[𝒯 𝑡𝑠𝑡 ] 𝑞𝑡𝑄𝑆𝑄[𝒯 𝑡𝑣𝑞 ]
Recap 𝑞𝑡𝑄𝑆𝑄[𝒯 𝑡𝑠𝑡 ] 𝑞𝑡𝑄𝑆𝑄[𝒯 𝑡𝑣𝑞 ]
Recap
Recap Central assumption in UCE theory
Recap Central assumption in UCE theory
Roadmap 1.Definitions 2.Constructions & Applications 3.Conclusions
Recommend
More recommend
