structure preserving smooth projective hashing
play

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline - PowerPoint PPT Presentation

Oct 26, 2022 •476 likes •940 views

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim) (SP)2H 1 / 25 Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25 Global

  1. Structure Preserving Smooth Projective Hashing Olivier Blazy , Céline Chevalier O. Blazy (Xlim) (SP)2H 1 / 25

  2. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  3. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  4. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  5. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  6. Global Framework 1 Motivation Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 3 / 25

  7. Conditional Actions Oblivious Transfer Database User C ( line ) ← − − − − − − − − − − − − − − − DB [ line ] − − − − − − − − − − − − − − − → � The User learns the value of line but nothing else � The Database learns nothing O. Blazy (Xlim) (SP)2H 4 / 25

  8. Conditional Actions Password Authenticated Key Exchange Bob Alice f ( pw A ) ← − − − − − − − − − − − − − − − f ( pw B , f A ) − − − − − − − − − − − − − − − → � The Users obtain the same key iff their passwords match � An Adversary learns nothing O. Blazy (Xlim) (SP)2H 5 / 25

  9. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  10. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  11. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  12. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  13. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  14. Global Framework 1 Cryptographic Tools 2 Encryption Scheme Smooth Projective Hash Function Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 7 / 25

  15. Definition (Encryption Scheme) E = ( Setup , KeyGen , Encrypt , Decrypt ) : Setup ( K ) : param; KeyGen ( param ) : public encryption key pk, private decryption key dk; Encrypt ( pk , m ; r ) : encrypts m ∈ M in c using pk; Decrypt ( dk , c ) : decrypts c under dk. Indistinguishability under Chosen Ciphertext Attack O. Blazy (Xlim) (SP)2H 8 / 25

  16. Definition (Smooth Projective Hash Functions) [CS02] Let { H } be a family of functions: X , domain of these functions L , subset (a language) of this domain such that, for any point x in L , H ( x ) can be computed by using either a secret hashing key hk: H ( x ) = Hash L ( hk ; x ) ; or a public projected key hp: H ′ ( x ) = ProjHash L ( hp ; x , w ) Public mapping hk �→ hp = ProjKG L ( hk , x ) O. Blazy (Xlim) (SP)2H 9 / 25

  17. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) (SP)2H 10 / 25

  18. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) (SP)2H 10 / 25

  19. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) (SP)2H 10 / 25

  20. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 11 / 25

  21. Definition (Structure Preserving Smooth Projective Hash Functions) X = G k ∗ , L � G k ∗ such that, for any point x in L , H ( x ) can be computed as: H ( x ) = Hash L ( hk ; x ) ∈ G T ; H ′ ( x ) = ProjHash L ( hp ; x , w ) hp , x , w are group elements O. Blazy (Xlim) (SP)2H 12 / 25

  22. Definition (Structure Preserving Smooth Projective Hash Functions) X = G k ∗ , L � G k ∗ such that, for any point x in L , H ( x ) can be computed as: H ( x ) = Hash L ( hk ; x ) ∈ G T ; H ′ ( x ) = ProjHash L ( hp ; x , w ) hp , x , w are group elements O. Blazy (Xlim) (SP)2H 12 / 25

  23. Why? Witnesses can now be Group Elements This means, compatible with Groth Sahai Proofs (QA-NIZK, . . . ) Witnesses can now have trapdoors O. Blazy (Xlim) (SP)2H 13 / 25

  24. Why? Witnesses can now be Group Elements This means, compatible with Groth Sahai Proofs (QA-NIZK, . . . ) Witnesses can now have trapdoors O. Blazy (Xlim) (SP)2H 13 / 25

  25. Retro-Compatibilty SPHF SP-SPHF Word u [ ω ⊙ Γ( u )] 1 [ ω ⊙ Γ( u )] 1 Witness w ω Λ = [ f ⊙ ω ] 2 hk λ λ hp = [ γ ( u )] 1 [Γ( u ) ⊙ λ ] 1 [Γ( u ) ⊙ λ ] 1 Hash ( hk , u ) [Θ( u ) ⊙ λ ] 1 [ f ⊙ Θ( u ) ⊙ λ ] T ProjHash ( hp , u , w ) [ ω ⊙ γ ( u )] 1 [ Λ ⊙ γ ( u )] T O. Blazy (Xlim) (SP)2H 14 / 25

  26. SPHF SP-SPHF h r , g r h r , g r DH g r Witness w r 2 hk λ, µ λ, µ h λ g µ h λ g µ hp ( h r ) λ ( g r ) µ e (( h r ) λ ( g r ) µ , g 2 ) Hash ( hk , u ) hp r e ( hp , g r ProjHash ( hp , u , w ) 2 ) Figure: Example of conversion of classical SPHF into SP-SPHF O. Blazy (Xlim) (SP)2H 15 / 25

  27. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 Generic Constructions SPHF-friendly UC Commitment Efficiency MDDH O. Blazy (Xlim) (SP)2H 16 / 25

  28. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) (SP)2H 17 / 25

  29. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) (SP)2H 17 / 25

  30. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) (SP)2H 17 / 25

  31. Generic 1-out-of- t Oblivious Transfer (Simplified) User U picks ℓ : Computes C = Encrypt ( ℓ ; s ) with a UC commit SPHF friendly ( d being the decommit information). He sends C and keeps d while erasing the rest. For each line L j , server S computes hk j , hp j , and H j = Hash L j ( hk j , C ) , M j = H j ⊕ L j and sends M j , hp j . For the line ℓ , user computes H ′ ℓ = ProjHash L ℓ ( hp ℓ , C , d ) , and then L ℓ = M ℓ ⊕ H ′ ℓ O. Blazy (Xlim) (SP)2H 18 / 25

  32. Generic 1-out-of- t Oblivious Transfer (Simplified) User U picks ℓ : Computes C = Encrypt ( ℓ ; s ) with a UC commit SPHF friendly ( d being the decommit information). He sends C and keeps d while erasing the rest. For each line L j , server S computes hk j , hp j , and H j = Hash L j ( hk j , C ) , M j = H j ⊕ L j and sends M j , hp j . For the line ℓ , user computes H ′ ℓ = ProjHash L ℓ ( hp ℓ , C , d ) , and then L ℓ = M ℓ ⊕ H ′ ℓ O. Blazy (Xlim) (SP)2H 18 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . .

Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . .

KDM-Security via Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . . key-dependent message security. [ Black Rogaway Shrimpton 02 ] this work. unifying framework with a simple proof of security enc pk ( sk )

955 views • 44 slides
Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective

Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective

Irrationality of quotient varieties Urban Jezernik University of the Basque Country Funded by EU Horizon 2020 under MScgrant 748129 Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective variety X rk

756 views • 28 slides
The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties

The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties

The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties Yongqiang (Ted) Liu (Joint work with Nero Budur and Botong Wang) KU Leuven Geometry, Algebra and Combinatorics of Moduli Spaces and Configurations

551 views • 40 slides
Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing? Distribute key/value pairs across bins with a hash function , Hashing Performance Hashing (Application of Probability) which maps elements from

497 views • 3 slides
Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota Advances and Challenges in Computational Relativity September 14, 2020 ICERM Structure-preserving discretization Structure-preserving

502 views • 49 slides
Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting Design a hashtable Identify the applications that require the hashtable data structure Understand the terminology of hashtables Distinguish between

319 views • 14 slides
Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi Outline n Background n Cryptographic Reverse Firewall n Part

639 views • 52 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.25k views • 98 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.5k views • 58 slides
Sparse similarity-preserving hashing Jonathan Masci , Alex M. Bronstein, Michael M. Bronstein,

Sparse similarity-preserving hashing Jonathan Masci , Alex M. Bronstein, Michael M. Bronstein,

Sparse similarity-preserving hashing Jonathan Masci , Alex M. Bronstein, Michael M. Bronstein, Pablo Sprechmann, Guillermo Sapiro The Swiss AI Lab. IDSIA University of Lugano, Switzerland Tel Aviv University Duke University ICLR 2014 1 / 30

422 views • 30 slides
Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with

Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with

Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with Tim STEGER University of Sassari Luminy, 25 February - 1 March 2018. 1 A fake projective plane is a smooth compact complex surface, not

716 views • 47 slides
Lecture 8 HASHING!!!!! Announcements HW3 due Friday! HW4 posted Friday! Today: hashing

Lecture 8 HASHING!!!!! Announcements HW3 due Friday! HW4 posted Friday! Today: hashing

Lecture 8 HASHING!!!!! Announcements HW3 due Friday! HW4 posted Friday! Today: hashing # 1 NIL 22 2 NIL 13 43 3 NIL 9 9 NIL n=9 buckets Outline Hash tables are another sort of data structure that allows fast

966 views • 59 slides
Lecture #2: Advanced hashing and concentration bounds o Bloom filters o Cuckoo hashing o Load

Lecture #2: Advanced hashing and concentration bounds o Bloom filters o Cuckoo hashing o Load

outline Lecture #2: Advanced hashing and concentration bounds o Bloom filters o Cuckoo hashing o Load balancing o Tail bounds Bloom filters Idea: For the sake of efficiency, sometime we allow our data structure to make mistakes Bloom filter:

712 views • 68 slides
Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview Intro to Hashing Hashing with Chaining Hashing Performance Hash Families Balls and Bins Load Balancing Universal Hashing

726 views • 18 slides
Advanced Algorithms COMS31900 Hashing part one Chaining, true randomness and universal

Advanced Algorithms COMS31900 Hashing part one Chaining, true randomness and universal

Advanced Algorithms COMS31900 Hashing part one Chaining, true randomness and universal hashing Rapha el Clifford Slides by Benjamin Sach and Markus Jalsenius Dictionaries In a dictionary data structure we store ( key , value ) -pairs

1.56k views • 98 slides
Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point:

Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point:

Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point: For the fundamental matrix: Ambiguity Projective ambiguity 2D projective plane Ideal points: Conics FIVE POINTS DEFIN E A CONIC Dual conics

519 views • 31 slides
HMS Luminosity Scan Ryan Ambrose University of Regina April 26, 2018 1 / 8 Procedure Using

HMS Luminosity Scan Ryan Ambrose University of Regina April 26, 2018 1 / 8 Procedure Using

HMS Luminosity Scan Ryan Ambrose University of Regina April 26, 2018 1 / 8 Procedure Using the TSelector framework, I applied several cuts to the data: | 1 . 0 | < 0 . 2 2 /N < 25 . 0 E Cal,Norm > 0 . 8 |

230 views • 8 slides
Math 233 Warm Up Problems August 28, 2009 1. Find the equation of the sphere in R 3 with radius

Math 233 Warm Up Problems August 28, 2009 1. Find the equation of the sphere in R 3 with radius

Math 233 Warm Up Problems August 28, 2009 1. Find the equation of the sphere in R 3 with radius and center at 2 , 7 , ). ( 2. Find the unit vector in the direction of the given vector V = (4 , 2 , 7) U = 1. Find the

315 views • 9 slides
Slow-Roll Dark Energy J. Richard Gott, III and Zachary Slepian arXiv.org/abs/1011.2528 The

Slow-Roll Dark Energy J. Richard Gott, III and Zachary Slepian arXiv.org/abs/1011.2528 The

Slow-Roll Dark Energy J. Richard Gott, III and Zachary Slepian arXiv.org/abs/1011.2528 The Standard Picture V 0 we are sitting at the bottom of a potential well Linde: chaotic inflation scalar field slow-rolls down potential Predicts n s

636 views • 25 slides
V ISUALIZATION (TDAV) study of approaches to EXTRACT structure from NOISY or COMPLEX data and

V ISUALIZATION (TDAV) study of approaches to EXTRACT structure from NOISY or COMPLEX data and

F EATURE E XTRACTION & D ATA C UBE V ISUALIZATION T HROUGH T OPOLOGICAL D ATA A NALYSIS Paul Rosen Assistant Professor University of South Florida In collaboration with: Bei Wang Phillips, University of Utah Chris Johnson, University of

937 views • 77 slides
Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves

Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves

Recent Advances in Parallel Implementations of Scalar Multiplication over Binary Elliptic Curves C. Negre and J.M. Robert april 8, 2015 1 / 39 Outline Overview of elliptic curve cryptography 1 Implementation of F 2 m arithmetic 2 Elliptic

781 views • 75 slides
Wavelets and Multiresolution Processing Thinh Nguyen Multiresolution Analysis (MRA) Analysis

Wavelets and Multiresolution Processing Thinh Nguyen Multiresolution Analysis (MRA) Analysis

Wavelets and Multiresolution Processing Thinh Nguyen Multiresolution Analysis (MRA) Analysis (MRA) Multiresolution A scaling function scaling function is used to create a series of approximations of a function or image, each differing by

906 views • 26 slides
Disclaimer The opinions expressed during this presentation are those of the speakers, and not

Disclaimer The opinions expressed during this presentation are those of the speakers, and not

The importance of D-E-R characterisation in dose selection, labelling and B/R - children EMA EFPIA workshop on the importance of dose finding and dose selection for the successful development, licensing and lifecycle management of medicinal

594 views • 13 slides
PERFORMANCE OF PERFORMANCE OF OPTIMIZATION OPTIMIZATION ALGORITHMS ALGORITHMS FOR DERIVING

PERFORMANCE OF PERFORMANCE OF OPTIMIZATION OPTIMIZATION ALGORITHMS ALGORITHMS FOR DERIVING

PERFORMANCE OF PERFORMANCE OF OPTIMIZATION OPTIMIZATION ALGORITHMS ALGORITHMS FOR DERIVING MATERIAL DATA FROM BENCH SCALE TESTS Patrick Lauer University of Wuppertal lauer@uni-wuppertal.de Content 1. Content 2. Introduction 3. Method

490 views • 31 slides

More recommend