the usefulness of sparsifiable inputs how to avoid
play

The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential - PowerPoint PPT Presentation

Jun 09, 2023 •425 likes •909 views

The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential iO Thomas Agrikola 1 Geoffroy Couteau 2 Dennis Hofheinz 3 1 Karlsruhe Institute of Technology (KIT), Germany 2 IRIF, Paris-Diderot University, CNRS, France 3 ETH Zurich, Switzerland

  1. The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential iO Thomas Agrikola 1 Geoffroy Couteau 2 Dennis Hofheinz 3 1 Karlsruhe Institute of Technology (KIT), Germany 2 IRIF, Paris-Diderot University, CNRS, France 3 ETH Zurich, Switzerland May 12, 2020

  2. Introduction Indistinguishability obfuscation (IO) is a method to transform a program into an unintelligible one maintaining the original functionality. P 1 ≡ P 2 iO iO iO ( P 1 ) iO ( P 2 ) ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 1 / 15

  3. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] iO [CLTV15] [FHHL18] Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO Introduction Recap Doubly probabilistic IO Applications Conclusion 2 / 15

  4. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] ◮ But what can we do iO [CLTV15] [FHHL18] from polynomial iO ? Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO Introduction Recap Doubly probabilistic IO Applications Conclusion 2 / 15

  5. Related work on removing subexp. IO ◮ Previous approaches to avoid subexponential reductions to iO: replace iO with functional encryption, [GS16; GPSZ17; LZ17; KLMR18] ◮ short signatures ◮ universal samplers ◮ non-interactive multiparty key exchange ◮ trapdoor one-way permutations ◮ multi-key functional encryption ◮ . . . Introduction Recap Doubly probabilistic IO Applications Conclusion 3 / 15

  6. Related work on removing subexp. IO ◮ Previous approaches to avoid subexponential reductions to iO: replace iO with functional encryption, [GS16; GPSZ17; LZ17; KLMR18] ◮ short signatures ◮ universal samplers ◮ non-interactive multiparty key exchange ◮ trapdoor one-way permutations ◮ multi-key functional encryption ◮ . . . ◮ But the supported operations are relatively restricted Introduction Recap Doubly probabilistic IO Applications Conclusion 3 / 15

  7. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] ◮ But what can we do iO [CLTV15] [FHHL18] from polynomial iO ? Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO piO abstraction Introduction Recap Doubly probabilistic IO Applications Conclusion 4 / 15

  8. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] ◮ But what can we do iO [CLTV15] [FHHL18] from polynomial iO ? Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO piO abstraction Introduction Recap Doubly probabilistic IO Applications Conclusion 4 / 15

  9. Probabilistic IO iO compiles programs into unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  10. Probabilistic IO iO compiles programs into unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  11. Probabilistic IO iO compiles programs into piO compiles randomized unintelligible ones, while programs into deterministic preserving their functionality . unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  12. Probabilistic IO iO compiles programs into piO compiles randomized unintelligible ones, while programs into deterministic preserving their functionality . unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  13. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  14. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” ◮ Captures a vast class of programs, e.g. P 1 ( x ; r ) P 2 ( x ; r ) ≈ return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  15. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” ◮ Captures a vast class of programs, e.g. P 1 ( x ; r ) P 2 ( x ; r ) ≈ return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) ◮ Strategy due to Canetti et al., [CLTV15]: ◮ derive random coins from input x via PRF( K , x ) r := PRF( x ) piO ( P ) iO return P ( x ; r ) Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  16. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” ◮ Captures a vast class of programs, e.g. P 1 ( x ; r ) P 2 ( x ; r ) ≈ return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) ◮ Strategy due to Canetti et al., [CLTV15]: ◮ derive random coins from input x via PRF( K , x ) r := PRF( x ) piO ( P ) iO return P ( x ; r ) ◮ use iO to obfuscate this deterministic program Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  17. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  18. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently � direct (polynomial) reduction to iO won’t work Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  19. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently � direct (polynomial) reduction to iO won’t work ◮ Use a “one-input-at-a-time” hybrid argument for all possible inputs ◮ this includes the randomness Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  20. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently � direct (polynomial) reduction to iO won’t work ◮ Use a “one-input-at-a-time” hybrid argument for all possible inputs ◮ this includes the randomness � Our goal: reduce number of hybrids to a polynomial amount Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  21. Main tool – Extremely lossy functions ◮ Extremely lossy functions (ELFs) due to Zhandry, [Zha16] offer two indistinguishable modes: injective mode extremely lossy mode image size exponential image size polynomial Introduction Recap Doubly probabilistic IO Applications Conclusion 8 / 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evaluating Usefulness of Software Metrics An Industrial Experience Report @EricBouwers

Evaluating Usefulness of Software Metrics An Industrial Experience Report @EricBouwers

Evaluating Usefulness of Software Metrics An Industrial Experience Report @EricBouwers @avandeursen @jstvssr Identify Define Validate attributes metrics metrics Validity versus Usefulness Does it measure What can we do what we want to

339 views • 23 slides
C++ Basics Announcements Lab 1 this week! Homework posted Friday (will be on gradescope) Avoid

C++ Basics Announcements Lab 1 this week! Homework posted Friday (will be on gradescope) Avoid

C++ Basics Announcements Lab 1 this week! Homework posted Friday (will be on gradescope) Avoid errors To remove your program of bugs, you should try to test your program on a wide range of inputs Typically it is useful to start with a small

800 views • 48 slides
Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs

Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs

1 2 3 4 5 6 A Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs Other Symbols B B digital.sch other.sch Objects with Mixed Inputs C C mixed.sch Snaiks Kicad Library Presentation

234 views • 6 slides
Machine Learning Regression Where we are Inputs Prob- Density ability Estimator Inputs

Machine Learning Regression Where we are Inputs Prob- Density ability Estimator Inputs

10-701 Machine Learning Regression Where we are Inputs Prob- Density ability Estimator Inputs Predict Classifier category Inputs Predict Regressor Today real no. Choosing a restaurant In everyday life we need to make

630 views • 31 slides
INPUT THE INPUTS ON THE ARDUINO READ VOLTAGE. ALL INPUTS NEED TO BE THOUGHT OF IN TERMS OF

INPUT THE INPUTS ON THE ARDUINO READ VOLTAGE. ALL INPUTS NEED TO BE THOUGHT OF IN TERMS OF

INPUT THE INPUTS ON THE ARDUINO READ VOLTAGE. ALL INPUTS NEED TO BE THOUGHT OF IN TERMS OF VOLTAGE DIFFERENTIALS. THE ANALOG INPUTS CONVERT VOLTAGE LEVELS TO A NUMERICAL VALUE. PULL-UP (OR DOWN) RESISTOR Often it is useful to steer an

539 views • 31 slides
Software size measures and their usefulness for software project estimation Software Size

Software size measures and their usefulness for software project estimation Software Size

Software size measures and their usefulness for software project estimation Software Size Measures and their usefulness for software project estimation Harold van Heeringen Sogeti Nederland B.V., Senior Software Cost Engineer San Diego (CA,

779 views • 32 slides
Draft EE 8235: Lecture 15 1 Lecture 15: Systems with inputs Input types Additive inputs

Draft EE 8235: Lecture 15 1 Lecture 15: Systems with inputs Input types Additive inputs

Draft EE 8235: Lecture 15 1 Lecture 15: Systems with inputs Input types Additive inputs Boundary inputs Input-output mappings Transfer function Frequency response Impulse response Abstract evolution equation for

218 views • 10 slides
Session Presentation: The Usefulness and Limitations of Using Evaluation to Improve the

Session Presentation: The Usefulness and Limitations of Using Evaluation to Improve the

Session Presentation: The Usefulness and Limitations of Using Evaluation to Improve the Management of Conservation Programs: Experiences from Evaluations of the Fish and Wildlife Service's National Wildlife Refuge and Endangered Species

543 views • 21 slides
12. Principles of Parameter Estimation The purpose of this lecture is to illustrate the usefulness

12. Principles of Parameter Estimation The purpose of this lecture is to illustrate the usefulness

12. Principles of Parameter Estimation The purpose of this lecture is to illustrate the usefulness of the various concepts introduced and studied in earlier lectures to practical problems of interest. In this context, consider the problem of

354 views • 19 slides
OrbiVib Std Profibus DP interface 2 Digital inputs with

OrbiVib Std Profibus DP interface 2 Digital inputs with

OrbiVib Std Profibus DP interface 2 Digital inputs with encoder function 2 Relay outputs 8 PT100 temperature inputs External Dual axis accelerometer

76 views • 6 slides
Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch ,

Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch ,

Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch , D. Ramos Castro , J. Gonz guez , alez Rodr Christian Rathgeb , Christoph Busch Hochschule Darmstadt, CRISP, CASED, da/sec

1.24k views • 57 slides
Forensic IT Chartered Institute of Management Accountants (CIMA) Enhancing the usefulness of

Forensic IT Chartered Institute of Management Accountants (CIMA) Enhancing the usefulness of

Forensic IT Chartered Institute of Management Accountants (CIMA) Enhancing the usefulness of Investigations with Computer Forensics April 2014 Michael Khoury Clear Wealth Pty Ltd v Kwong (No 2) [2012] NSWSC 1233 Whilst I accept that Mr

414 views • 16 slides
Understanding usefulness of IT in business Aim Determine learning objectives for use of the

Understanding usefulness of IT in business Aim Determine learning objectives for use of the

INF 3280, 4 Feb 2016 Understanding usefulness of IT in business Aim Determine learning objectives for use of the application Assignment 1 Make Business oriented models Core literature: Chapter 3 Learning business fit

340 views • 8 slides
Automated Metadata, Provenance Cataloging and Navigable Interfaces: Ensuring the Usefulness of

Automated Metadata, Provenance Cataloging and Navigable Interfaces: Ensuring the Usefulness of

Automated Metadata, Provenance Cataloging and Navigable Interfaces: Ensuring the Usefulness of Extreme-Scale Data David Schissel, Gheni Abla, Bobby Chanthavong, Sean Flanagan, Xia Lee General Atomics Alex Romosan, Arie Shoshani - LBNL

360 views • 19 slides
The usefulness of Ion Mobility-Mass Spectrometry for Small Molecules Analysis J. Far a ,

The usefulness of Ion Mobility-Mass Spectrometry for Small Molecules Analysis J. Far a ,

The usefulness of Ion Mobility-Mass Spectrometry for Small Molecules Analysis J. Far a , S. Goscinny b , L. Joly a,b , R. Touilloux a , J. Echterbille a , L. Quinton a , G. Eppe a and E.

571 views • 21 slides
In this video Why do we avoid inversions? Why do we avoid inversions? Three main reasons:

In this video Why do we avoid inversions? Why do we avoid inversions? Three main reasons:

In this video Why do we avoid inversions? Why do we avoid inversions? Three main reasons: 1) lack of understanding how to do them safely 2) fear of falling 3) fear of injury Headstand magic People who love headstand really

240 views • 7 slides
Linking Eric McCreath Introduction One of the key resources that an operating system is called

Linking Eric McCreath Introduction One of the key resources that an operating system is called

Linking Eric McCreath Introduction One of the key resources that an operating system is called upon to manage is main (primary) memory. Generally a programer does not have to worry about which particular addresses are used for their programs.

735 views • 7 slides
Arm cross development tools the GNU C compiler, binutils and glibc can be configured to target the

Arm cross development tools the GNU C compiler, binutils and glibc can be configured to target the

slide 1 gaius Arm cross development tools the GNU C compiler, binutils and glibc can be configured to target the arm series of microprocessors Raspberry Pi uses an arm11 processor processor runs at 700Mhz cross development tools are much

193 views • 17 slides
& Process Address Space Nima Honarmand Spring 2017 :: CSE 506 Virtual Memory (VM) Recap

& Process Address Space Nima Honarmand Spring 2017 :: CSE 506 Virtual Memory (VM) Recap

Spring 2017 :: CSE 506 Virtual Memory & Process Address Space Nima Honarmand Spring 2017 :: CSE 506 Virtual Memory (VM) Recap Primary purpose? Isolate each process to its own address space Components Address translation

716 views • 36 slides
Binary compatibility on NetBSD Emmanuel Dreyfus, july 2014 About me Emmanuel Dreyfus

Binary compatibility on NetBSD Emmanuel Dreyfus, july 2014 About me Emmanuel Dreyfus

Binary compatibility on NetBSD Emmanuel Dreyfus, july 2014 About me Emmanuel Dreyfus <manu@netbsd.org> IT manager at ESPCI ParisTech as daylight job NetBSD contributor since 2001 Milter-greylist since 2006 OpenLDAP,

589 views • 22 slides
Embedded Systems Programming ES Development Environment (Module 3) Yann-Hang Lee Arizona State

Embedded Systems Programming ES Development Environment (Module 3) Yann-Hang Lee Arizona State

Embedded Systems Programming ES Development Environment (Module 3) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Real-time Systems Lab, Computer Science and Engineering, ASU Embedded System Development

403 views • 11 slides
Santa Claus with Mobile with Mobile Santa Claus with Mobile Santa Claus Reindeer

Santa Claus with Mobile with Mobile Santa Claus with Mobile Santa Claus Reindeer

Santa Claus with Mobile with Mobile Santa Claus with Mobile Santa Claus Reindeer and Elves Reindeer and Elves Reindeer and Elves Peter Welch ( phw@kent.ac.uk ) Matt Pedersen ( matt@faculty.egr.unlv.edu ) CPA 2008 (09/07/2008)

1.27k views • 60 slides
Makefiles CS 2XA3 Term I, 2020/21 Outline Example Calling make Syntax How it works Macros

Makefiles CS 2XA3 Term I, 2020/21 Outline Example Calling make Syntax How it works Macros

Makefiles CS 2XA3 Term I, 2020/21 Outline Example Calling make Syntax How it works Macros Suffix rules Command line options Example Assume we have files main.c , test.c , and lo.asm Consider the makefile program: main.o test.o lo.o gcc

417 views • 19 slides
WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx

WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx SHAPIRO DARTMOUTH COLLEGE TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY

566 views • 13 slides

More recommend