Graded Encoding Schemes from Obfuscation. Interactively Secure Groups from Obfuscation
|
|
- Darlene Gaines
- 5 years ago
- Views:
Transcription
1 Graded Encoding Schemes from Obfuscation Interactively Secure Groups from Obfuscation P. Farshim 1,2 J. Hesse 1 D. Hofheinz 3 E. Larraia 4 T. Agrikola 1 D. Hofheinz 1 1 École normale supérieure (ENS), Paris, France 2 INRIA 1 Karlsruhe Institute of Technology (KIT), Germany 3 Karlsruhe Institute of Technology (KIT), Germany 4 Royal Holloway, University of London, United Kingdom March 28, 218
2 Introduction Indistinguishability obfuscation (IO) is a method to transform a program into an unintelligible one maintaining the original functionality. P 1 P 2 io io io(p 1 ) io(p 2 ) Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 1/14
3 Overview Implications of IO [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 2/14
4 Overview Implications of IO [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF io + GROUP Groups w/ strong assumptions Graded encoding schemes [AH18] [FHHL18] Fully homomorphic encryption Multilinear maps [AFHLP16] [CLTV15] OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 2/14
5 Overview Implications of IO [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF io + GROUP Groups w/ strong assumptions Graded encoding schemes [AH18] [FHHL18] Fully homomorphic encryption Multilinear maps [AFHLP16] [CLTV15] OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 2/14
6 Overview Implications of IO [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF io + GROUP Groups w/ strong assumptions Graded encoding schemes [AH18] [FHHL18] Fully homomorphic encryption Multilinear maps [AFHLP16] [CLTV15] OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 2/14
7 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
8 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M G := M/ Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
9 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M Interface: G := M/ Equality test Group operation n-mmap : G G {, 1} +: G G G e : G G G t n times Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
10 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M Interface: G := M/ Equality test Group operation n-mmap : G G {, 1} +: G G G e : G G G t Encodings: bitstrings of the form ( ) [a] := g a, Enc(a), π n times Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
11 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M Interface: G := M/ Equality test Group operation n-mmap : G G {, 1} +: G G G e : G G G t Encodings: bitstrings of the form ( ) [a] := g a, Enc(a), π n times group element in G t Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
12 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M Interface: G := M/ Equality test Group operation n-mmap : G G {, 1} +: G G G e : G G G t Encodings: bitstrings of the form ( ) [a] := g a, Enc(a), π n times encryption of exponent Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
13 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M Interface: G := M/ Equality test Group operation n-mmap : G G {, 1} +: G G G e : G G G t Encodings: bitstrings of the form ( ) [a] := g a, Enc(a), π consistency proof n times Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
14 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M Interface: G := M/ Equality test Group operation n-mmap : G G {, 1} + +: G G G ee : G G G t Encodings: bitstrings of the form ( ) [a] := g a, Enc(a), π n times Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
15 Recap: Approach of [AFHLP16] I Group: Set of encodings M equipped with equivalence relation M G := M/ Interface: Equality test Group operation n-mmap : G G {, 1} + +: G G G ee : G G G t n times Encodings: bitstrings of the form ( ) [a] := g a, Enc(a), π n-mmap: input: n encodings decrypt exponents a 1,..., a n output: g a1a2 an Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 3/14
16 Recap: Approach of [AFHLP16] II Goal: n-mddh assumption Given [a 1 ],..., [a n+1 ] G, the group element g (a1 anan+1) G t looks like an independently sampled group element. Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 4/14
17 Recap: Approach of [AFHLP16] II Goal: n-mddh assumption Given [a 1 ],..., [a n+1 ] G, the group element g (a1 anan+1) G t looks like an independently sampled group element. Proof technique: Switching Instead of encrypting exponents a i directly... a i ( ) g a i, Enc(a i ), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 4/14
18 Recap: Approach of [AFHLP16] II Goal: n-mddh assumption Given [a 1 ],..., [a n+1 ] G, the group element g (a1 anan+1) G t looks like an independently sampled group element. Proof technique: Switching Instead of encrypting exponents a i directly... encrypt linear polynomial that equals a i f i evaluated at ω a i Switching a i ω ( ) ( ) g a i, Enc(a i ), π g a i, Enc(f i ), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 4/14
19 Recap: Approach of [AFHLP16] II Goal: n-mddh assumption Given [a 1 ],..., [a n+1 ] G, the group element g (a1 anan+1) G t looks like an independently sampled group element. Proof technique: Switching Instead of encrypting exponents a i directly... encrypt linear polynomial that equals a i evaluated at ω a i Switching ω ( ) ( ) g a i, Enc(a i ), π g a i, Enc(f i ), π a i f i change n-mmap: don t use ω explicitly (only g ω,..., g (ωn) ) Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 4/14
20 Recap: Approach of [AFHLP16] II Goal: n-mddh assumption Given [a 1 ],..., [a n+1 ] G, the group element g (a1 anan+1) G t looks like an independently sampled group element. Proof technique: Switching Instead of encrypting exponents a i directly... encrypt linear polynomial that equals a i evaluated at ω a i Switching ω ( ) ( ) g a i, Enc(a i ), π g a i, Enc(f i ), π a i f i change n-mmap: don t use ω explicitly (only g ω,..., g (ωn) ) enables to reduce to problem in G t (to (n + 1)-SDDH) Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 4/14
21 Overview [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF io + GROUP Groups w/ strong assumptions Graded encoding schemes [AH18] [FHHL18] Fully homomorphic encryption Multilinear maps [AFHLP16] [CLTV15] OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 5/14
22 Overview [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF io + GROUP Groups w/ strong assumptions Graded encoding schemes [AH18] [FHHL18] Fully homomorphic encryption Multilinear maps [CLTV15] [AFHLP16] OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 5/14
23 Graded Encoding Schemes [FHHL18] I Central question: Can we further generalize the MMap? Multilinear map: G [a 1 ], [a 2 ],..., [a n] e G T [a 1 a 2 a n] T Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 6/14
24 Graded Encoding Schemes [FHHL18] I Central question: Can we further generalize the MMap? [FHHL18]: MMap allows for graded (i.e., partial) evaluation Multilinear map: Graded encoding scheme: levels: G [a 1 ], [a 2 ],..., [a n] G 1 [a 1 ] 1, [a 2 ] 1, [a 3 ] 1,..., [a n] 1 e G 2 [a 1 a 2 ] 2 e e G 3 [a 1 a 2 a 3 ] 3 e G T [a 1 a 2 a n] T G n [a 1 a 2 a 3 a n] n Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 6/14
25 Graded Encoding Schemes [FHHL18] II How to implement the partially evaluable map e? Problem: e needs to extract exponents (also on intermediate levels) Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 7/14
26 Graded Encoding Schemes [FHHL18] II How to implement the partially evaluable map e? Problem: e needs to extract exponents (also on intermediate levels) [a] i := ( ) g a, Enc(a), π ) [a ] j := (g a, Enc(a ), π e : G i G j G i+j decrypt exponents a, a output encoding for a a ) [aa ] i+j := (g aa, Enc(aa ), π e : G i+j... Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 7/14
27 Graded Encoding Schemes [FHHL18] III Recap: n-mddh assumption Given [a 1 ] 1,..., [a n+1 ] 1, the group element [a 1 a n a n+1 ] n looks like an independently sampled group element. Main result: n-mddh assumption holds even in the presence of graded MMap Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 8/14
28 Graded Encoding Schemes [FHHL18] III Recap: n-mddh assumption Given [a 1 ] 1,..., [a n+1 ] 1, the group element [a 1 a n a n+1 ] n looks like an independently sampled group element. Main result: n-mddh assumption holds even in the presence of graded MMap Proof idea: Switching as in [AFHLP16] f i a i Switching a i ω ( ) ( ) g a i, Enc(a i ), π g a i, Enc(f i ), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 8/14
29 Graded Encoding Schemes [FHHL18] III Recap: n-mddh assumption Given [a 1 ] 1,..., [a n+1 ] 1, the group element [a 1 a n a n+1 ] n looks like an independently sampled group element. Main result: n-mddh assumption holds even in the presence of graded MMap Proof idea: Switching as in [AFHLP16] f i a i Switching ω ( ) ( ) g a i, Enc(a i ), π g a i, Enc(f i ), π a i change graded MMap: don t use ω explicitly Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 8/14
30 Graded Encoding Schemes [FHHL18] III Recap: n-mddh assumption Given [a 1 ] 1,..., [a n+1 ] 1, the group element [a 1 a n a n+1 ] n looks like an independently sampled group element. Main result: n-mddh assumption holds even in the presence of graded MMap Proof idea: Switching as in [AFHLP16] f i a i Switching ω ( ) ( ) g a i, Enc(a i ), π g a i, Enc(f i ), π a i change graded MMap: don t use ω explicitly Difficulty: e produces encodings Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 8/14
31 Overview [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF io + GROUP Groups w/ strong assumptions Graded encoding schemes [AH18] [FHHL18] Fully homomorphic encryption Multilinear maps [CLTV15] [AFHLP16] OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 9/14
32 Overview [SW14] [GGHR14] Tworound MPC Deniable encryption [GGHOSW16] Functional encryption io + OWF Fully homomorphic encryption io + GROUP Multilinear maps Groups w/ strong assumptions Graded encoding schemes [AH18] [FHHL18] [CLTV15] [AFHLP16] OWF : assumptions w/o inherent structure GROUP: assumptions w/ inherent structure Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 9/14
33 Interactively Secure Groups [AH18] I Central question: How close can we get to implementing the generic group model? More precisely: Can we prove stronger assumptions? Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 1/14
34 Interactively Secure Groups [AH18] I Central question: How close can we get to implementing the generic group model? More precisely: Can we prove stronger assumptions? Goal: (univariate) Interactive Uber assumption ω Z p adversary challenger Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 1/14
35 Interactively Secure Groups [AH18] I Central question: How close can we get to implementing the generic group model? More precisely: Can we prove stronger assumptions? Goal: (univariate) Interactive Uber assumption ω Z p f [f (ω)] adversary challenger Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 1/14
36 Interactively Secure Groups [AH18] I Central question: How close can we get to implementing the generic group model? More precisely: Can we prove stronger assumptions? Goal: (univariate) Interactive Uber assumption ω Z p f [f (ω)] adversary challenger f [f (ω)] Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 1/14
37 Interactively Secure Groups [AH18] I Central question: How close can we get to implementing the generic group model? More precisely: Can we prove stronger assumptions? Goal: (univariate) Interactive Uber assumption ω Z p f [f (ω)] adversary f [f (ω)] or random challenger f [f (ω)] guess Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 1/14
38 Interactively Secure Groups [AH18] II Generic group model: (Z p, +) Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 11/14
39 Interactively Secure Groups [AH18] II Generic group model: (Z p, +) (Z p[x ], +) answers from Uber challenger: non-constant polynomials Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 11/14
40 Interactively Secure Groups [AH18] II Generic group model: (Z p, +) (Z p[x ], +) answers from Uber challenger: non-constant polynomials Goal: implement this proof strategy ( ) Change encodings: [a] := g a, Enc(a), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 11/14
41 Interactively Secure Groups [AH18] II Generic group model: (Z p, +) (Z p[x ], +) answers from Uber challenger: non-constant polynomials Goal: implement this proof strategy ( ) Change encodings: [a] := g a, Enc(a), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 11/14
42 Interactively Secure Groups [AH18] II Generic group model: (Z p, +) (Z p[x ], +) answers from Uber challenger: non-constant polynomials Goal: implement this proof strategy ( ) Change encodings: [a] := Enc(a), π Interface: Equality test Group operation : G G {, 1} + +: G G G Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 11/14
43 Interactively Secure Groups [AH18] III Proof idea: a ( ) Enc(a = f (ω)), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 12/14
44 Interactively Secure Groups [AH18] III Proof idea: Switching approach with high-degree polynomials a a f ω ( ) ( ) Enc(a = f (ω)), π Enc(f ), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 12/14
45 Interactively Secure Groups [AH18] III Proof idea: remove ω a a f a f ω ω ( ) ( ) ( ) Enc(a = f (ω)), π Enc(f ), π Enc(f ), π Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 12/14
46 Interactively Secure Groups [AH18] III Proof idea: remove ω a a f a f ω ω ( ) ( ) ( ) Enc(a = f (ω)), π Enc(f ), π Enc(f ), π Assumption holds for information theoretic reason! Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 12/14
47 Interactively Secure Groups [AH18] III Proof idea: remove ω a a f a f ω ω ( ) ( ) ( ) Enc(a = f (ω)), π Enc(f ), π Enc(f ), π Assumption holds for information theoretic reason! Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 12/14
48 How to remove ω? Testing for identity element: input: ( ) C, π stop no π valid? yes f Dec(sk, C) not_identity no f (ω) =? yes is_identity Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 13/14
49 How to remove ω? Testing for identity element: input: ( ) C, π stop no π valid? not_identity yes f Dec(sk, C) f (ω) =? no Z := zero set of f z Z : pfo ω (z) = 1 OR f point function obfuscation no z { 1, if z = ω, else yes is_identity yes Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 13/14
50 How to remove ω? Testing for identity element: input: ( ) C, π stop no π valid? not_identity yes f Dec(sk, C) f (ω) =? no Z := zero set of f z Z : pfo ω (z) = 1 OR f point function obfuscation no z { 1, if z = ω, else yes is_identity yes probabilistic io Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 13/14
51 How to remove ω? Testing for identity element: input: ( ) C, π stop no π valid? not_identity yes f Dec(sk, C) f (ω) =? no Z := zero set of f z Z : pfo ω (z) = 1 OR f point function obfuscation no z { 1, if z = ω, else yes is_identity yes probabilistic io Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 13/14
52 Summary Provided structure Security guarantees [AFHLP16] n-mmap n-mddh assumption [FHHL18] graded n-mmap n-mddh assumption [AH18] interactive Uber assumption Introduction Recap Graded Encoding Schemes Interactively Secure Groups Summary 14/14
Obfuscation and Weak Multilinear Maps
Obfuscation and Weak Multilinear Maps Mark Zhandry Princeton University Joint work with Saikrishna Badrinarayanan, Sanjam Garg, Eric Miles, Pratyay Mukherjee, Amit Sahai, Akshayaram Srinivasan Obfuscation
More informationProjective Arithmetic Functional Encryption. and. Indistinguishability Obfuscation (io) from Degree-5 Multilinear maps
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (io) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of io All current constructions of io are
More informationMultilinear Maps from Obfuscation
Multilinear Maps from Obfuscation Martin R. Albrecht (RHUL) Pooya Farshim (QUB) Shuai Han (SJTU) Dennis Hofheinz (KIT) Enrique Larraia (RHUL) Kenneth G. Paterson (RHUL) December 18, 2017 Abstract We provide
More informationGraded Encoding Schemes from Obfuscation
Graded Encoding Schemes from Obfuscation Pooya Farshim 1&2, Julia Hesse 1&2&5, Dennis Hofheinz 3, and Enrique Larraia 4 1 Département d informatique de l ENS, École normale supérieure, CNRS, PSL Research
More informationGraded Encoding Schemes from Obfuscation
Graded Encoding Schemes from Obfuscation Pooya Farshim,1,2, Julia Hesse 1,2,3, Dennis Hofheinz,3, and Enrique Larraia 1 DIENS, École normale supérieure, CNRS, PSL Research University, Paris, France 2 INRIA
More informationFUNCTIONAL SIGNATURES AND PSEUDORANDOM FUNCTIONS. Elette Boyle Shafi Goldwasser Ioana Ivan
FUNCTIONAL SIGNATURES AND PSEUDORANDOM FUNCTIONS Elette Boyle Shafi Goldwasser Ioana Ivan Traditional Paradigm: All or Nothing Encryption [DH76] Given SK, can decrypt. Otherwise, can t distinguish encryptions
More informationCOS 597C: Recent Developments in Program Obfuscation Lecture 7 (10/06/16) Notes for Lecture 7
COS 597C: Recent Developments in Program Obfuscation Lecture 7 10/06/16 Lecturer: Mark Zhandry Princeton University Scribe: Jordan Tran Notes for Lecture 7 1 Introduction In this lecture, we show how to
More informationCryptographic Multilinear Maps. Craig Gentry and Shai Halevi
Cryptographic Multilinear Maps Craig Gentry and Shai Halevi China Summer School on Lattices and Cryptography, June 2014 Multilinear Maps (MMAPs) A Technical Tool A primitive for building applications,
More informationAdaptive partitioning. Dennis Hofheinz (KIT, Karlsruhe)
Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security
More informationIndistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption
Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption Craig Gentry Allison ewko Amit Sahai Brent Waters November 4, 2014 Abstract We revisit the question of constructing
More informationMultilinear Maps over the Integers From Design to Security. The Mathematics of Modern Cryptography Workshop, July 10th 2015
Multilinear Maps over the Integers From Design to Security Tancrède Lepoint CryptoExperts The Mathematics of Modern Cryptography Workshop, July 10th 2015 2 / 30 Timeline: The Hype Cycle of Multilinear
More informationWatermarking Cryptographic Functionalities from Standard Lattice Assumptions
Watermarking Cryptographic Functionalities from Standard Lattice Assumptions Sam Kim Stanford University Joint work with David J. Wu Digital Watermarking 1 Digital Watermarking Content is (mostly) viewable
More informationLattice Based Crypto: Answering Questions You Don't Understand
Lattice Based Crypto: Answering Questions You Don't Understand Vadim Lyubashevsky INRIA / ENS, Paris Cryptography Secure communication in the presence of adversaries Symmetric-Key Cryptography Secret key
More informationPrivate Puncturable PRFs from Standard Lattice Assumptions
Private Puncturable PRFs from Standard Lattice Assumptions Sam Kim Stanford University Joint work with Dan Boneh and Hart Montgomery Pseudorandom Functions (PRFs) [GGM84] Constrained PRFs [BW13, BGI13,
More informationCandidate Differing-Inputs Obfuscation from Indistinguishability Obfuscation and Auxiliary-Input Point Obfuscation
Candidate Differing-Inputs Obfuscation from Indistinguishability Obfuscation and Auxiliary-Input Point Obfuscation Dongxue Pan 1,2, Hongda Li 1,2, Peifang Ni 1,2 1 The Data Assurance and Communication
More informationAll-But-Many Lossy Trapdoor Functions. Dennis Hofheinz (Karlsruhe Institute of Technology)
All-But-Many Lossy Trapdoor Functions Dennis Hofheinz (Karlsruhe Institute of Technology) Overview over this talk All-But-Many Lossy Trapdoor Functions (ABM-LTFs) A technical tool specifically designed
More informationCryptology. Scribe: Fabrice Mouhartem M2IF
Cryptology Scribe: Fabrice Mouhartem M2IF Chapter 1 Identity Based Encryption from Learning With Errors In the following we will use this two tools which existence is not proved here. The first tool description
More informationEfficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply
CIS 2018 Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply Claudio Orlandi, Aarhus University Circuit Evaluation 3) Multiplication? How to compute [z]=[xy]? Alice, Bob
More informationMath.3336: Discrete Mathematics. Mathematical Induction
Math.3336: Discrete Mathematics Mathematical Induction Instructor: Dr. Blerina Xhabli Department of Mathematics, University of Houston https://www.math.uh.edu/ blerina Email: blerina@math.uh.edu Fall 2018
More informationADVERTISING AGGREGATIONARCHITECTURE
SOMAR LAPS PRIVACY-PRESERVING LATTICE-BASED PRIVATE-STREAM SOCIAL MEDIA ADVERTISING AGGREGATIONARCHITECTURE OR: HOW NOT TO LEAVE YOUR PERSONAL DATA AROUND REVISITING PRIVATE-STREAM AGGREGATION: LATTICE-BASED
More informationLecture 6. 2 Adaptively-Secure Non-Interactive Zero-Knowledge
CMSC 858K Advanced Topics in Cryptography February 12, 2004 Lecturer: Jonathan Katz Lecture 6 Scribe(s): Omer Horvitz John Trafton Zhongchao Yu Akhil Gupta 1 Introduction In this lecture, we show how to
More informationZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation
ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation Nir Bitansky Omer Paneth February 12, 2015 Abstract We present new constructions of two-message and one-message
More informationSpooky Encryption and its Applications
Spooky Encryption and its Applications Yevgeniy Dodis NYU Shai Halevi IBM Research Ron D. Rothblum MIT Daniel Wichs Northeastern University March 10, 2016 Abstract Consider a setting where inputs x 1,...,
More informationFully-secure Key Policy ABE on Prime-Order Bilinear Groups
Fully-secure Key Policy ABE on Prime-Order Bilinear Groups Luke Kowalczyk, Jiahui Liu, Kailash Meiyappan Abstract We present a Key-Policy ABE scheme that is fully-secure under the Decisional Linear Assumption.
More informationAPPLICATIONS OF (INDISTINGUISHABILITY) OBFUSCATION
APPLICATIONS OF (INDISTINGUISHABILITY) OBFUSCATION Craig Gentry, IBM Research May 20, 2015 Cryptography Boot Camp, Simons Institute Definition of io [B + 01] An indistinguishability obfuscator is a PPT
More informationFrom Minicrypt to Obfustopia via Private-Key Functional Encryption
From Minicrypt to Obfustopia via Private-Key Functional Encryption Ilan Komargodski Weizmann Institute of Science Joint work with Gil Segev (Hebrew University) Functional Encryption [Sahai-Waters 05] Enc
More informationSemantic Security and Indistinguishability in the Quantum World
Semantic Security and Indistinguishability in the Quantum World Tommaso Gagliardoni 1, Andreas Hülsing 2, Christian Schaffner 3 1 IBM Research, Swiss; TU Darmstadt, Germany 2 TU Eindhoven, The Netherlands
More informationCLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD
CLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD Mark Zhandry Stanford University * Joint work with Dan Boneh But First: My Current Work Indistinguishability Obfuscation (and variants) Multiparty NIKE without
More informationComputational security & Private key encryption
Computational security & Private key encryption Emma Arfelt Stud. BSc. Software Development Frederik Madsen Stud. MSc. Software Development March 2017 Recap Perfect Secrecy Perfect indistinguishability
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationSection 4.3. Polynomial Division; The Remainder Theorem and the Factor Theorem
Section 4.3 Polynomial Division; The Remainder Theorem and the Factor Theorem Polynomial Long Division Let s compute 823 5 : Example of Long Division of Numbers Example of Long Division of Numbers Let
More information6.892 Computing on Encrypted Data September 16, Lecture 2
6.89 Computing on Encrypted Data September 16, 013 Lecture Lecturer: Vinod Vaikuntanathan Scribe: Britt Cyr In this lecture, we will define the learning with errors (LWE) problem, show an euivalence between
More informationFully Bideniable Interactive Encryption
Fully Bideniable Interactive Encryption Ran Canetti Sunoo Park Oxana Poburinnaya January 1, 19 Abstract While standard encryption guarantees secrecy of the encrypted plaintext only against an attacker
More information8 Security against Chosen Plaintext
8 Security against Chosen Plaintext Attacks We ve already seen a definition that captures security of encryption when an adversary is allowed to see just one ciphertext encrypted under the key. Clearly
More informationCTR mode of operation
CSA E0 235: Cryptography 13 March, 2015 Dr Arpita Patra CTR mode of operation Divya and Sabareesh 1 Overview In this lecture, we formally prove that the counter mode of operation is secure against chosen-plaintext
More informationCryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols
CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno Blanchet CNRS, École Normale Supérieure, INRIA, Paris March 2009 Bruno Blanchet (CNRS, ENS, INRIA) CryptoVerif March
More informationLinear Multi-Prover Interactive Proofs
Quasi-Optimal SNARGs via Linear Multi-Prover Interactive Proofs Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Interactive Arguments for NP L C = x C x, w = 1 for some w P(x, w) V(x) accept / reject
More informationProvable Security for Program Obfuscation
for Program Obfuscation Black-box Mathematics & Mechanics Faculty Saint Petersburg State University Spring 2005 SETLab Outline 1 Black-box Outline 1 2 Black-box Outline Black-box 1 2 3 Black-box Perfect
More informationPr[C = c M = m] = Pr[C = c] Pr[M = m] Pr[M = m C = c] = Pr[M = m]
Midterm Review Sheet The definition of a private-key encryption scheme. It s a tuple Π = ((K n,m n,c n ) n=1,gen,enc,dec) where - for each n N, K n,m n,c n are sets of bitstrings; [for a given value of
More informationCryptography: The Landscape, Fundamental Primitives, and Security. David Brumley Carnegie Mellon University
Cryptography: The Landscape, Fundamental Primitives, and Security David Brumley dbrumley@cmu.edu Carnegie Mellon University The Landscape Jargon in Cryptography 2 Good News: OTP has perfect secrecy Thm:
More informationIII. Pseudorandom functions & encryption
III. Pseudorandom functions & encryption Eavesdropping attacks not satisfactory security model - no security for multiple encryptions - does not cover practical attacks new and stronger security notion:
More informationRobust Password- Protected Secret Sharing
Robust Password- Protected Secret Sharing Michel Abdalla, Mario Cornejo, Anca Niţulescu, David Pointcheval École Normale Supérieure, CNRS and INRIA, Paris, France R E S E A R C H UNIVERSITY PPSS: Motivation
More informationSYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K, E, D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2
More informationProvable Security for Public-Key Schemes. Outline. I Basics. Secrecy of Communications. Outline. David Pointcheval
Provable Security for Public-Key Schemes I Basics David Pointcheval Ecole normale supérieure, CNRS & INRIA IACR-SEAMS School Cryptographie: Foundations and New Directions November 2016 Hanoi Vietnam Introduction
More information6.080 / Great Ideas in Theoretical Computer Science Spring 2008
MIT OpenCourseWare http://ocw.mit.edu 6.080 / 6.089 Great Ideas in Theoretical Computer Science Spring 2008 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
More informationModern symmetric-key Encryption
Modern symmetric-key Encryption Citation I would like to thank Claude Crepeau for allowing me to use his slide from his crypto course to mount my course. Some of these slides are taken directly from his
More informationAdaptively Secure Puncturable Pseudorandom Functions in the Standard Model
Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model Susan Hohenberger 1, Venkata Koppula 2, and Brent Waters 2 1 Johns Hopkins University, Baltimore, USA susan@cs.jhu.edu 2 University
More informationCryptographic Solutions for Data Integrity in the Cloud
Cryptographic Solutions for Stanford University, USA Stanford Computer Forum 2 April 2012 Homomorphic Encryption Homomorphic encryption allows users to delegate computation while ensuring secrecy. Homomorphic
More informationClassical hardness of the Learning with Errors problem
Classical hardness of the Learning with Errors problem Adeline Langlois Aric Team, LIP, ENS Lyon Joint work with Z. Brakerski, C. Peikert, O. Regev and D. Stehlé August 12, 2013 Adeline Langlois Hardness
More informationExploding Obfuscation: A Framework for Building Applications of Obfuscation From Polynomial Hardness
Exploding Obfuscation: A Framework for Building Applications of Obfuscation From Polynomial Hardness Qipeng Liu Mark Zhandry Princeton University {qipengl, mzhandry}@princeton.edu Abstract There is some
More informationLecture 7: CPA Security, MACs, OWFs
CS 7810 Graduate Cryptography September 27, 2017 Lecturer: Daniel Wichs Lecture 7: CPA Security, MACs, OWFs Scribe: Eysa Lee 1 Topic Covered Chosen Plaintext Attack (CPA) MACs One Way Functions (OWFs)
More informationNew Methods for Indistinguishability Obfuscation: Bootstrapping and Instantiation
New Methods for Indistinguishability Obfuscation: Bootstrapping and Instantiation Shweta Agrawal Abstract Constructing indistinguishability obfuscation io [BGI + 01] is a central open question in cryptography.
More informationLecture 17: Constructions of Public-Key Encryption
COM S 687 Introduction to Cryptography October 24, 2006 Lecture 17: Constructions of Public-Key Encryption Instructor: Rafael Pass Scribe: Muthu 1 Secure Public-Key Encryption In the previous lecture,
More informationStrong Security Models for Public-Key Encryption Schemes
Strong Security Models for Public-Key Encryption Schemes Pooya Farshim (Joint Work with Manuel Barbosa) Information Security Group, Royal Holloway, University of London, Egham TW20 0EX, United Kingdom.
More informationAdaptively Secure Puncturable Pseudorandom Functions in the Standard Model
Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model Susan Hohenberger Johns Hopkins University susan@cs.hu.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu November
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationReducing Depth in Constrained PRFs: From Bit-Fixing to NC 1
Reducing Depth in Constrained PRFs: From Bit-Fixing to NC 1 Nishanth Chandran Srinivasan Raghuraman Dhinakaran Vinayagamurthy Abstract The candidate construction of multilinear maps by Garg, Gentry, and
More informationSolutions to homework 2
ICS 180: Introduction to Cryptography 4/22/2004 Solutions to homework 2 1 Security Definitions [10+20 points] Definition of some security property often goes like this: We call some communication scheme
More informationPublic-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts
Public-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts Dennis Hofheinz 1, Tibor Jager 2, and Andy Rupp 1 1 Karlsruhe Institute of Technology, Germany {dennis.hofheinz,andy.rupp}@kit.edu
More informationAdvanced Cryptography 03/06/2007. Lecture 8
Advanced Cryptography 03/06/007 Lecture 8 Lecturer: Victor Shoup Scribe: Prashant Puniya Overview In this lecture, we will introduce the notion of Public-Key Encryption. We will define the basic notion
More informationNew Lower Bounds on Predicate Entropy for Function Private Public-Key Predicate Encryption
New Lower Bounds on Predicate Entropy for Function Private Public-Key Predicate Encryption Sikhar Patranabis and Debdeep Mukhopadhyay Department of Computer Science and Engineering Indian Institute of
More informationNon-malleability under Selective Opening Attacks: Implication and Separation
Non-malleability under Selective Opening Attacks: Implication and Separation Zhengan Huang 1, Shengli Liu 1, Xianping Mao 1, and Kefei Chen 2,3 1. Department of Computer Science and Engineering, Shanghai
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationStandard versus Selective Opening Security: Separation and Equivalence Results
Standard versus Selective Opening Security: Separation and Equivalence Results Dennis Hofheinz and Andy Rupp Karlsruhe Institute of Technology, Germany {dennis.hofheinz,andy.rupp}@kit.edu Supported by
More informationCryptanalysis of a homomorphic public-key cryptosystem over a finite group
Cryptanalysis of a homomorphic public-key cryptosystem over a finite group Su-Jeong Choi Simon R. Blackburn and Peter R. Wild Department of Mathematics Royal Holloway, University of London Egham, Surrey
More informationCryptography CS 555. Topic 22: Number Theory/Public Key-Cryptography
Cryptography CS 555 Topic 22: Number Theory/Public Key-Cryptography 1 Exam Recap 2 Exam Recap Highest Average Score on Question Question 4: (Feistel Network with round function f(x) = 0 n ) Tougher Questions
More informationVirtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding
Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding Zvika Brakerski 1 and Guy N. Rothblum 2 1 Weizmann Institute of Science 2 Microsoft Research Abstract. We present a new general-purpose
More informationDisjunctions for Hash Proof Systems: New Constructions and Applications
Disjunctions for Hash Proof Systems: New Constructions and Applications Michel Abdalla, Fabrice Benhamouda, and David Pointcheval ENS, Paris, France Abstract. Hash Proof Systems were first introduced by
More informationOverview of the Talk. Secret Sharing. Secret Sharing Made Short Hugo Krawczyk Perfect Secrecy
Overview of the Talk Secret Sharing CS395T Design and Implementation of Trusted Services Ankur Gupta Hugo Krawczyk. Secret Sharing Made Short, 1993. Josh Cohen Benaloh. Secret Sharing Homomorphisms: Keeping
More informationBenny Pinkas Bar Ilan University
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Benny Pinkas Bar Ilan University 1 Extending OT [IKNP] Is fully simulatable Depends on a non-standard security assumption
More informationMultiparty Computation (MPC) Arpita Patra
Multiparty Computation (MPC) Arpita Patra MPC offers more than Traditional Crypto! > MPC goes BEYOND traditional Crypto > Models the distributed computing applications that simultaneously demands usability
More informationQuestion 2.1. Show that. is non-negligible. 2. Since. is non-negligible so is μ n +
Homework #2 Question 2.1 Show that 1 p n + μ n is non-negligible 1. μ n + 1 p n > 1 p n 2. Since 1 p n is non-negligible so is μ n + 1 p n Question 2.1 Show that 1 p n - μ n is non-negligible 1. μ n O(
More informationSecurely Obfuscating Re-Encryption
Securely Obfuscating Re-Encryption Susan Hohenberger Guy N. Rothblum abhi shelat Vinod Vaikuntanathan June 25, 2007 Abstract We present a positive obfuscation result for a traditional cryptographic functionality.
More information6.080/6.089 GITCS Apr 15, Lecture 17
6.080/6.089 GITCS pr 15, 2008 Lecturer: Scott aronson Lecture 17 Scribe: dam Rogal 1 Recap 1.1 Pseudorandom Generators We will begin with a recap of pseudorandom generators (PRGs). s we discussed before
More informationIndistinguishability Obfuscation for All Circuits from Secret-Key Functional Encryption
Indistinguishability Obfuscation for All Circuits from Secret-Key Functional Encryption Fuyuki Kitagawa 1 Ryo Nishimaki 2 Keisuke Tanaka 1 1 Tokyo Institute of Technology, Japan {kitagaw1,keisuke}@is.titech.ac.jp
More informationGGHLite: More Efficient Multilinear Maps from Ideal Lattices
GGHLite: More Efficient Multilinear Maps from Ideal Lattices Adeline Langlois, Damien Stehlé and Ron Steinfeld Aric Team, LIP, ENS de Lyon May, 4 Adeline Langlois GGHLite May, 4 / 9 Our main result Decrease
More informationDual System Framework in Multilinear Settings and Applications to Fully Secure (Compact) ABE for Unbounded-Size Circuits
Dual System Framework in Multilinear Settings and pplications to Fully Secure Compact BE for Unbounded-Size Circuits Nuttapong ttrapadung National Institute of dvanced Industrial Science and Technology
More informationNotes on Alekhnovich s cryptosystems
Notes on Alekhnovich s cryptosystems Gilles Zémor November 2016 Decisional Decoding Hypothesis with parameter t. Let 0 < R 1 < R 2 < 1. There is no polynomial-time decoding algorithm A such that: Given
More informationEXAM IN. TDA352 (Chalmers) - DIT250 (GU) 12 January 2018, 08:
CHALMERS GÖTEBORGS UNIVERSITET EXAM IN CRYPTOGRAPHY TDA352 (Chalmers) - DIT250 (GU) 12 January 2018, 08:30 12.30 Tillåtna hjälpmedel: Typgodkänd räknare. Annan minnestömd räknare får användas efter godkännande
More informationBootstrapping Obfuscators via Fast Pseudorandom Functions
Bootstrapping Obfuscators via Fast Pseudorandom Functions Benny Applebaum October 26, 2013 Abstract We show that it is possible to upgrade an obfuscator for a weak complexity class WEAK into an obfuscator
More informationA new security notion for asymmetric encryption Draft #10
A new security notion for asymmetric encryption Draft #10 Muhammad Rezal Kamel Ariffin 1,2 1 Al-Kindi Cryptography Research Laboratory, Institute for Mathematical Research, 2 Department of Mathematics,
More informationLattice-Based Non-Interactive Arugment Systems
Lattice-Based Non-Interactive Arugment Systems David Wu Stanford University Based on joint works with Dan Boneh, Yuval Ishai, Sam Kim, and Amit Sahai Soundness: x L, P Pr P, V (x) = accept = 0 No prover
More informationGeneral Impossibility of Group Homomorphic Encryption in the Quantum World
General Impossibility of Group Homomorphic Encryption in the Quantum World Frederik Armknecht Tommaso Gagliardoni Stefan Katzenbeisser Andreas Peter PKC 2014, March 28th Buenos Aires, Argentina 1 An example
More informationCryptography CS 555. Topic 4: Computational Security
Cryptography CS 555 Topic 4: Computational Security 1 Recap Perfect Secrecy, One-time-Pads Theorem: If (Gen,Enc,Dec) is a perfectly secret encryption scheme then KK M 2 What if we want to send a longer
More informationStandard Security Does Not Imply Indistinguishability Under Selective Opening
Standard Security Does Not Imply Indistinguishability Under Selective Opening Dennis Hofheinz 1, Vanishree Rao 2, and Daniel Wichs 3 1 Karlsruhe Institute of Technology, Germany, dennis.hofheinz@kit.edu
More informationHunting and Gathering Verifiable Random Functions from Standard Assumptions with Short Proofs
Hunting and Gathering Verifiable Random Functions from Standard Assumptions with Short Proofs Lisa Kohl Karlsruhe Institute of Technology, Karlsruhe, Germany Lisa.Kohl@kit.edu Abstract. A verifiable random
More informationLattice Cryptography
CSE 06A: Lattice Algorithms and Applications Winter 01 Instructor: Daniele Micciancio Lattice Cryptography UCSD CSE Many problems on point lattices are computationally hard. One of the most important hard
More informationFlexible Group Key Exchange with On Demand Computation of Subgroup Keys
Flexible Group Key Exchange with On Demand Computation of Subgroup Keys Michel Abdalla 1, Celine Chevalier 2, Mark Manulis 3, David Pointcheval 1 1 École Normale Supérieure CNRS INRIA, Paris, France 2
More informationOn the CCA1-Security of Elgamal and Damgård s Elgamal
On the CCA1-Security of Elgamal and Damgård s Elgamal Cybernetica AS, Estonia Tallinn University, Estonia October 21, 2010 Outline I Motivation 1 Motivation 2 3 Motivation Three well-known security requirements
More informationLecture 11: Non-Interactive Zero-Knowledge II. 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian problem
CS 276 Cryptography Oct 8, 2014 Lecture 11: Non-Interactive Zero-Knowledge II Instructor: Sanjam Garg Scribe: Rafael Dutra 1 Non-Interactive Zero-Knowledge in the Hidden-Bits Model for the Graph Hamiltonian
More informationA new security notion for asymmetric encryption Draft #12
A new security notion for asymmetric encryption Draft #12 Muhammad Rezal Kamel Ariffin 1,2 1 Al-Kindi Cryptography Research Laboratory, Institute for Mathematical Research, 2 Department of Mathematics,
More informationHuijia (Rachel) Lin UCSB Partial Joint work with Stefano Tessaro
Indistinguishability Obfuscation from Low-Degree Multilinear Maps and (Blockwise) Local PRGs [Lin16b, LT17, To appear, Crypto 17] Huijia (Rachel) Lin UCSB Partial Joint work with Stefano Tessaro Circuit
More informationOn Tightly Secure Non-Interactive Key Exchange
On Tightly Secure Non-Interactive Key Exchange Julia Hesse (Technische Universität Darmstadt) Dennis Hofheinz (Karlsruhe Institute of Technology) Lisa Kohl (Karlsruhe Institute of Technology) 1 Non-Interactive
More informationLecture 2: Perfect Secrecy and its Limitations
CS 4501-6501 Topics in Cryptography 26 Jan 2018 Lecture 2: Perfect Secrecy and its Limitations Lecturer: Mohammad Mahmoody Scribe: Mohammad Mahmoody 1 Introduction Last time, we informally defined encryption
More informationEXAM IN. TDA352 (Chalmers) - DIT250 (GU) 18 January 2019, 08:
CHALMERS GÖTEBORGS UNIVERSITET EXAM IN CRYPTOGRAPHY TDA352 (Chalmers) - DIT250 (GU) 18 January 2019, 08:30 12.30 Tillåtna hjälpmedel: Typgodkänd räknare. Annan minnestömd räknare får användas efter godkännande
More informationCS 290G (Fall 2014) Introduction to Cryptography Oct 23rdd, Lecture 5: RSA OWFs. f N,e (x) = x e modn
CS 290G (Fall 2014) Introduction to Cryptography Oct 23rdd, 2014 Instructor: Rachel Lin 1 Recap Lecture 5: RSA OWFs Scribe: Tiawna Cayton Last class we discussed a collection of one-way functions (OWFs),
More informationAutomatic, computational proof of EKE using CryptoVerif
Automatic, computational proof of EKE using CryptoVerif (Work in progress) Bruno Blanchet blanchet@di.ens.fr Joint work with David Pointcheval CNRS, École Normale Supérieure, INRIA, Paris April 2010 Bruno
More informationPrivate Comparison. Chloé Hébant 1, Cedric Lefebvre 2, Étienne Louboutin3, Elie Noumon Allini 4, Ida Tucker 5
Private Comparison Chloé Hébant 1, Cedric Lefebvre 2, Étienne Louboutin3, Elie Noumon Allini 4, Ida Tucker 5 1 École Normale Supérieure, CNRS, PSL University 2 IRIT 3 Chair of Naval Cyber Defense, IMT
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2018 Secret Sharing Vault should only open if both Alice and Bob are present Vault should only open if Alice, Bob, and Charlie are
More informationLecture 2: Program Obfuscation - II April 1, 2009
Advanced Topics in Cryptography Lecture 2: Program Obfuscation - II April 1, 2009 Lecturer: S. Goldwasser, M. Naor Scribe by: R. Marianer, R. Rothblum Updated: May 3, 2009 1 Introduction Barak et-al[1]
More information