structured encryption
play

Structured Encryption Seny Kamara Microsoft Research Lei Wei - PowerPoint PPT Presentation

Feb 09, 2024 •678 likes •918 views

Garbled Circuits via Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina Garbled Circuits Fundamental cryptographic primitive Possess many useful properties Homomorphic Functional General-purpose

  1. Garbled Circuits via Structured Encryption Seny Kamara – Microsoft Research Lei Wei – University of North Carolina

  2. Garbled Circuits Fundamental cryptographic primitive Possess many useful properties Homomorphic Functional General-purpose Verifiable Computationally efficient (free XOR, pipelining, garbled row reduction, …)

  3. Applications of Garbled Circuits Two-party computation [Yao82] Server-aided multi-party computation [K.-Mohassel-Raykova12] Covert multi-party computation [Chandran-Goyal-Sahai-Ostrovsky07] Homomorphic encryption [Gentry-Halevi-Vaikuntanathan10] Functional encryption [Seylioglu-Sahai10] Single-round oblivious RAMs [Lu-Ostrovsky13] Leakage-resilient OT [Jarvinen-Kolesnikov-Sadeghi-Schneider10] One-time programs [Goldwasser-Kalai-Rothblum08] Verifiable computation [Gennaro-Gentry-Parno10] Randomized encodings [Applebaum-Ishai-Kushilevitz06]

  4. Yao’s Garbled Circuits a b K 0 & K 1 K 0 & K 1 AND : 0 0 0 Enc K0 K0 (Enc K0 K0 (K 0 )) 0 1 0 Enc K0 K0 (Enc K1 K1 (K 0 )) AND AND 1 0 0 Enc K1 K1 (Enc K0 K0 (K 0 )) Enc K1 K1 (Enc K1 K1 (K 1 )) 1 1 1 c K 0 & K 1

  5. Yao’s Garbled Circuits K 0 K 1 K 1 K 1 1 1 1 0 Enc K0 K0 (Enc K0 K0 (K 0 )) Enc K0 K0 (Enc K0 K0 (K 0 )) Enc K0 K0 (Enc K1 K1 (K 1 )) Enc K0 K0 (Enc K1 K1 (K 0 )) Enc K1 K1 (Enc K0 K0 (K 1 )) Enc K1 K1 (Enc K0 K0 (K 0 )) OR AND Enc K1 K1 (Enc K1 K1 (K 1 )) Enc K1 K1 (Enc K1 K1 (K 1 )) Enc K0 K0 (Enc K0 K0 (K 0 )) AND Enc K0 K0 (Enc K1 K1 (K 0 )) Enc K1 K1 (Enc K0 K0 (K 0 )) Enc K1 K1 (Enc K1 K1 (K 1 )) 1 K 1

  6. Defining Garbled Circuits

  7. Garbling Scheme Grb ( 1 k , C ) ⟾ ( C , dk , sk ) GI ( sk, x ) ⟾ x Eval ( x ) ⟾ C , y Dec ( dk i , y ) ⟾ {⊥ , y i }

  8. Input Privacy SIM1 : “ ( C , x , dk ) can be simulated given only C and f ( x ) ” SIM SIM2 : “ ( C , x , dk ) can be simulated given only C and f ( x ), SIM even when x is chosen as a function of C ”

  9. Designing Garbled Circuits

  10. General-Purpose Garbling Schemes ⋀ ⋁ + × ⋁ + BOOLEAN CIRCUITS ARITHMETIC CIRCUITS [Yao82]: public-key techniques [Applebaum-Ishai-Kushilevitz12]: affine randomized encodings [Lindell-Pinkas09]: double encryption [Naor-Pinkas-Sumner99]: hash functions [Bellare-Hoang-Rogaway12]: dual-key ciphers

  11. General-Purpose Garbling Schemes Boolean circuits Efficient: bit- wise operations (e.g., shifts, comparisons, …) Inefficient: arithmetic operations Arithmetic circuits Efficient: arithmetic operations (e.g., additions, multiplications, polynomials, …) Inefficient: bit-wise operations Many problems are neither [Naor-Nissim01]: circuits with lookup tables ≈ RAMs Not Garbling Schemes [Barkol-Ishai05]: constant-depth circuits [Gordon et al.12]: DB lookups

  12. Structured Circuits Efficient for “structured problems” Search, graphs, DFAs, branching programs Can be garbled 2PC, homomorphic encryption, one- time programs, verifiable computation, …

  13. Structured Encryption [Chase-K.10] Gen(1 𝑙 ) K Enc 𝐿 𝜀, 𝑛 𝛿 Token 𝐿 (𝑟) 𝜐 Query(𝛿, 𝜐) 𝐽 Dec 𝐿 (𝑑 𝑗 ) 𝑛 𝑗

  14. How to Garble a Structured Circuit 𝜐 𝜐 Enc K Enc K 𝜐 𝜐 Enc K 0/1 Security Correctness CQA1 enc ⇒ SIM1 & UNF1 garbling Encrypt data structures CQA2 enc ⇒ SIM2 & UNF2 garbling Associativity (store & release tokens) Dimensionality (merge tokens)

  15. Previous Structured Encryption Associativity [Curtmola-Garay-K.-Ostrovsky06]: CQA1 & CQA2 inverted index encryption [Chase-K.10]: CQA2 matrix, graph & web graph encryption Dimensionality All previously-known constructions are 1-D

  16. 2-D Matrix Encryption

  17. 1-D Matrix Encryption [Chase-K.10] 1 1 2 2 3 3 m 11 m 12 m 13 1 P: [n] x [n] → [n] x [n] m 21 m 22 m 23 2 m 31 m 32 M 33 C 1,3 3 = F K (1,3) ⊕ m 13 Encrypt: permute & XOR with PRF-based pad Search: 𝜐(1,3) = F K (1,3), P(1,3)

  18. 2-D Matrix Encryption 1 1 2 2 3 3 P : [n] → [n] m 11 m 12 m 13 1 Q: [n] → [n] m 21 m 22 m 23 2 m 31 m 32 M 33 C 1,3 3 = Synth[ F K (row|P(1)) , F K (col|Q(3) ] ⊕ m 13 Encrypt: permute & XOR with synthesizer-based pad Search: 𝜐(1) = F K (row|P(1)) 𝜐(3) = F K (col|Q(3))

  19. Matrix Garbling Schemes [Chase-K.10] + synthesizers ⇒ SIM1-secure Garb schemes for matrices [Chase-K.10] + synthesizers + SIM1-to-SIM2 ⇒ SIM2-secure schemes for matrices Observation: Yao garbled gate ⟺ 2-D associative CQA1 matrix encryption scheme

  20. Applications

  21. New Special-Purpose Garbling Schemes! DFAs Branching programs Boolean circuits w/ cheaper gate evaluation than Yao Adjacency queries on graphs Neighbor queries on graphs Our transform + [Chase-K.10] Focused subgraph queries on web graphs More efficient: Two-party computation , server-aided multi-party computation , covert multi-party computation, homomorphic encryption, functional encryption, single- round oblivious RAMs, leakage-resilient OT, one-time programs, verifiable computation, randomized encodings, …

  22. Secure Two-Party Graph Computation Are and friends? Who are ‘s friends? Find the friends of anyone who likes my product Find the friends of anyone with disease X

  23. Thanks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Structured Encryption and Leakage Suppression Tarik Moataz Part I is a joint work with Seny

Structured Encryption and Leakage Suppression Tarik Moataz Part I is a joint work with Seny

Structured Encryption and Leakage Suppression Tarik Moataz Part I is a joint work with Seny Kamara and Olya Ohrimenko Part II is a joint work with Seny Kamara Structured Encryption (STE) [CK10] EDS DS tk ans Query tk , Setup 1 k , ans ,

1.04k views • 85 slides
A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE

A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE

A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE by Kirk Gittings Note: Kirk Gittings has been photographing the prehistor- coast, but m aking a real living as an art photographer ic,

1.16k views • 8 slides
DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY: TIMOTHY PETERS NICHOLAS BURTON MARK GONDREE ZACHARY PETERSON What is encryption? Why hide encryption? Previous Work on the Matter u Anderson and

550 views • 39 slides
Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research Cloud Storage Security for Cloud Storage o Main concern: will my data be safe? o it will be encrypted o it will be authenticated o it will be backed

794 views • 42 slides
Breach-Resistant Structured Encryption Ghous Amjad, Seny Kamara & Tarik Moataz 2 Databases

Breach-Resistant Structured Encryption Ghous Amjad, Seny Kamara & Tarik Moataz 2 Databases

Breach-Resistant Structured Encryption Ghous Amjad, Seny Kamara & Tarik Moataz 2 Databases A database is an organized collection of data --- Wikipedia 3 Encrypted Database Enc K 4 Q : can we encrypt DBs even in use? 5 Efficiency

770 views • 44 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Structured Prediction Introduction What is structured prediction? CS 6355: Structured Prediction

Structured Prediction Introduction What is structured prediction? CS 6355: Structured Prediction

Structured Prediction Introduction What is structured prediction? CS 6355: Structured Prediction Our goal today To define a Structure and Structured Prediction 1 What are structures? 2 Examples of structured data? 3 Examples of structured

661 views • 34 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Machine Learning Fall 2017 Structured Prediction (structured perceptron, HMM, structured SVM)

Machine Learning Fall 2017 Structured Prediction (structured perceptron, HMM, structured SVM)

Machine Learning Fall 2017 Structured Prediction (structured perceptron, HMM, structured SVM) Professor Liang Huang (Chap. 17 of CIML) Structured Prediction x x the man bit the dog the man bit the dog x x DT NN

672 views • 27 slides
Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 & 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides
Symmetric encrypBon CS642: Computer Security Professor

Symmetric encrypBon CS642: Computer Security Professor

Symmetric encrypBon CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

389 views • 34 slides
Proof-of-work Certificates for High Complexity Computations for Linear Algebra Erich L. Kaltofen

Proof-of-work Certificates for High Complexity Computations for Linear Algebra Erich L. Kaltofen

Proof-of-work Certificates for High Complexity Computations for Linear Algebra Erich L. Kaltofen NCSU , DUKE UNIVERSITY google->kaltofen 2 Computations for the Cloud: RSA Challenge RSA220 =

543 views • 38 slides
1 Scenario I: Semantic Parsing [CoNLL 10 ,ACL 11 ] Scenario II. The language-world

1 Scenario I: Semantic Parsing [CoNLL 10 ,ACL 11 ] Scenario II. The language-world

Can we rely on this interaction to provide supervision? Connecting Language to the World Can I get a coffee with sugar and no milk Learning Great ! from Natural Instructions Arggg Semantic Parser MAKE(COFFEE,SUGAR=YES,MILK=NO) Dan Roth

820 views • 14 slides
List edge multicoloring in bounded cyclicity graphs Dniel Marx Budapest University of

List edge multicoloring in bounded cyclicity graphs Dniel Marx Budapest University of

List edge multicoloring in bounded cyclicity graphs Dniel Marx Budapest University of Technology and Economics dmarx@cs.bme.hu 1 List edge multicoloring Generalization of list edge coloring: multiple colors have to be assigned to each

551 views • 38 slides
Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based

853 views • 52 slides
Driving Semantic Parsing from the Worlds Response James Clarke , Dan Goldwasser, Ming-Wei

Driving Semantic Parsing from the Worlds Response James Clarke , Dan Goldwasser, Ming-Wei

Driving Semantic Parsing from the Worlds Response James Clarke , Dan Goldwasser, Ming-Wei Chang, Dan Roth Cognitive Computation Group University of Illinois at Urbana-Champaign CoNLL 2010 Clarke, Goldwasser, Chang, Roth 1 What is Semantic

1.07k views • 78 slides
Ou Outso source urced Co Comp mputatio tation Graham Cormode G.Cormode@warwick.ac.uk Amit

Ou Outso source urced Co Comp mputatio tation Graham Cormode G.Cormode@warwick.ac.uk Amit

St Streamin aming g Ve Verifica ficatio tion n of Ou Outso source urced Co Comp mputatio tation Graham Cormode G.Cormode@warwick.ac.uk Amit Chakrabarti (Dartmouth) Andrew McGregor (U Mass Amherst) Michael Mitzenmacher (Harvard)

857 views • 19 slides
Physical Zero-Knowledge Proofs for Akari, Takuzu, Kakuro and KenKen X. Bultel 1 J. Dreier 2 J-G.

Physical Zero-Knowledge Proofs for Akari, Takuzu, Kakuro and KenKen X. Bultel 1 J. Dreier 2 J-G.

Physical Zero-Knowledge Proofs for Akari, Takuzu, Kakuro and KenKen X. Bultel 1 J. Dreier 2 J-G. Dumas 3 P. Lafourcade 1 1 LIMOS, University Clermont Auvergne, France 2 Universit e de Lorraine, LORIA, Nancy, France 3 LJK, Universit e Grenoble

1.01k views • 47 slides

More recommend