Private Puncturable PRFs from Standard Lattice Assumptions
Size: px
Start display at page:

Download "Private Puncturable PRFs from Standard Lattice Assumptions"

Transcription

1 Private Puncturable PRFs from Standard Lattice Assumptions Sam Kim Stanford University Joint work with Dan Boneh and Hart Montgomery

2 Pseudorandom Functions (PRFs) [GGM84]

3 Constrained PRFs [BW13, BGI13, KPTZ13] PRF with additional constrain functionality Constrained key k f can be used to evaluate at all points x X where f (x) = 1.

4 Constrained PRFs [BW13, BGI13, KPTZ13] Correctness: constrained evaluation at x X where f (x) = 1 yields PRF value at x

5 Constrained PRFs [BW13, BGI13, KPTZ13] Correctness: constrained evaluation at x X where f (x) = 1 yields PRF value at x Security: PRF value at points x X where f (x) = 0 are indistinguishable from random given the constrained key

6 Constrained PRFs [BW13, BGI13, KPTZ13] Many applications: Identity-Based Key Exchange, Optimal Broadcast Encryption [BW13],... Punctured Programming Paradigm [SW14]

7 Puncturable PRF Puncturing: f c (x) = { 1 c x 0 c = x Punctured key can evaluate the PRF at all but a single point

8 Puncturable PRF Puncturing: f c (x) = { 1 c x 0 c = x Punctured key can evaluate the PRF at all but a single point Can be constructed from standard GGM

9 Puncturable PRF Puncturing: f c (x) = { 1 c x 0 c = x Punctured key can evaluate the PRF at all but a single point Can be constructed from standard GGM (but punctured key leaks c)

10 Privately Constrained PRFs [BLW17] Can we build a constrained PRF where the constrained key for a function f hides f?

11 Privately Constrained PRFs [BLW17]

12 Privately Puncturing Correctness: constrained evaluation at x c yields F (k, x) Pseudorandomness: F (k, c) is indistinguishable from random Privacy: constrained key hides c

13 Distributed Point Functions [GI14, BGI15]

14 Distributed Point Functions [GI14, BGI15]

15 Distributed Point Functions [GI14, BGI15]

16 Distributed Point Functions [GI14, BGI15]

17 Distributed Point Functions [GI14, BGI15]

18 Distributed Point Functions [GI14, BGI15]

19 Distributed Point Functions [GI14, BGI15]

20 Distributed Point Functions [GI14, BGI15]

21 Distributed Point Functions [GI14, BGI15]

22 Distributed Point Functions [GI14, BGI15]

23 Construction

24 Construction

25 Construction

26 Learning with Errors (LWE) Assumption For A r Z n m q, s χ n, e χ m, u r Z m q (some low-norm distribution χ), distinguish between the two distributions A = a 1 a m, b T = s T A + e T c A = a 1 a m, u T

27 Matrix Circuit Encodings [BGGHNSVV14] Encode elements in x 1,... x l Z n q (A 1,..., A l ) f A f

28 Matrix Circuit Encodings [BGGHNSVV14] Encode elements in c 1,... c l {0, 1} n (A 1,..., A l ) eq(x, ) A x

29 Matrix Circuit Encodings [BGGHNSVV14] Encode elements in c 1,... c l {0, 1} n (A 1,..., A l ) eq(x, ) A x

30 Matrix Circuit Encodings [BGGHNSVV14] Encode elements in c 1,... c l {0, 1} n F (k, x) = s T A x + e

31 Matrix Circuit Encodings [BGGHNSVV14] Encode elements in c 1,... c l {0, 1} n F (k, x) = s T A x p

32 Matrix Circuit Encodings [BGGHNSVV14] Encode elements in c 1,... c l {0, 1} n F (k, x) = s T A x p (Public) Puncturable PRF [BV15]

33 Matrix Circuit Encodings [GVW15] Encode elements in c 1,... c l {0, 1} n F (k, x) = s T A x p

34 Matrix Circuit Encodings [GVW15] Encode elements in c 1,... c l {0, 1} n F (k, x) = s T A x p Include the encodings of FHE decryption key

35 Matrix Circuit Encodings [GVW15] Encode elements in c 1,... c l {0, 1} n F (k, x) = s T A x p Include the encodings of FHE decryption key Use asymmetric multiplication property!

36 To conclude... Concurrent Work [CC17]: Private Constrained PRF for NC 1 circuits Use instances of GGH15 multilinear maps reducible to LWE

37 To conclude... Concurrent Work [CC17]: Private Constrained PRF for NC 1 circuits Use instances of GGH15 multilinear maps reducible to LWE Extensions: Watermarkable PRFs from LWE Previously only known from obfuscation

38 Open Problems Private puncturable PRFs from other assumptions? (DDH, Pairings,...)

39 Open Problems Private puncturable PRFs from other assumptions? (DDH, Pairings,...) Other applications of privacy in constrained PRFs?

40 Open Problems Private puncturable PRFs from other assumptions? (DDH, Pairings,...) Other applications of privacy in constrained PRFs? Apply the techniques to predicate encryption?

41 Open Problems Private puncturable PRFs from other assumptions? (DDH, Pairings,...) Other applications of privacy in constrained PRFs? Apply the techniques to predicate encryption? Thanks!

Similar documents

Watermarking Cryptographic Functionalities from Standard Lattice Assumptions

Watermarking Cryptographic Functionalities from Standard Lattice Assumptions Watermarking Cryptographic Functionalities from Standard Lattice Assumptions Sam Kim Stanford University Joint work with David J. Wu Digital Watermarking 1 Digital Watermarking Content is (mostly) viewable

More information

from Standard Lattice Assumptions

from Standard Lattice Assumptions Watermarking Cryptographic Functionalities from Standard Lattice Assumptions Sam Kim and David J. Wu Stanford University Digital Watermarking CRYPTO CRYPTO CRYPTO Often used to identify owner of content

More information

Private Puncturable PRFs From Standard Lattice Assumptions

Private Puncturable PRFs From Standard Lattice Assumptions Private Puncturable PRFs From Standard Lattice Assumptions Dan Boneh Stanford University dabo@cs.stanford.edu Sam Kim Stanford University skim13@cs.stanford.edu Hart Montgomery Fujitsu Laboratories of

More information

FUNCTIONAL SIGNATURES AND PSEUDORANDOM FUNCTIONS. Elette Boyle Shafi Goldwasser Ioana Ivan

FUNCTIONAL SIGNATURES AND PSEUDORANDOM FUNCTIONS. Elette Boyle Shafi Goldwasser Ioana Ivan FUNCTIONAL SIGNATURES AND PSEUDORANDOM FUNCTIONS Elette Boyle Shafi Goldwasser Ioana Ivan Traditional Paradigm: All or Nothing Encryption [DH76] Given SK, can decrypt. Otherwise, can t distinguish encryptions

More information

Constrained PRFs for NC 1 in Traditional Groups

Constrained PRFs for NC 1 in Traditional Groups Constrained PFs for NC 1 in Traditional Groups Nuttapong Attrapadung 1, Takahiro Matsuda 1, yo Nishimaki 2, Shota Yamada 1, Takashi Yamakawa 2 1 National Institute of Advanced Industrial Science and Technology

More information

Constrained Keys for Invertible Pseudorandom Functions

Constrained Keys for Invertible Pseudorandom Functions Constrained Keys or Invertible Pseudorandom Functions Dan Boneh, Sam Kim, and David J. Wu Stanord University {dabo,skim13,dwu4}@cs.stanord.edu Abstract A constrained pseudorandom unction (PRF) is a secure

More information

Constraining Pseudorandom Functions Privately

Constraining Pseudorandom Functions Privately Constraining Pseudorandom Functions Privately Dan Boneh, Kevin Lewi, and David J. Wu Stanford University {dabo,klewi,dwu4}@cs.stanford.edu Abstract In a constrained pseudorandom function (PRF), the master

More information

Delegating RAM Computations with Adaptive Soundness and Privacy

Delegating RAM Computations with Adaptive Soundness and Privacy Delegating RAM Computations with Adaptive Soundness and Privacy Prabhanjan Ananth Yu-Chi Chen Kai-Min Chung Huijia Lin Wei-Kai Lin October 18, 2016 Abstract We consider the problem of delegating RAM computations

More information

New and Improved Key-Homomorphic Pseudorandom Functions

New and Improved Key-Homomorphic Pseudorandom Functions New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1 Georgia Institute of Technology CRYPTO 14 19 August 2014 Outline 1 Introduction 2 Construction, Parameters

More information

Verifiable Random Functions from Non-Interactive Witness-Indistinguishable Proofs

Verifiable Random Functions from Non-Interactive Witness-Indistinguishable Proofs Verifiable Random Functions from Non-Interactive Witness-Indistinguishable Proofs Nir Bitansky September 14, 2017 Abstract Verifiable random functions (VRFs) are pseudorandom functions where the owner

More information

Reducing Depth in Constrained PRFs: From Bit-Fixing to NC 1

Reducing Depth in Constrained PRFs: From Bit-Fixing to NC 1 Reducing Depth in Constrained PRFs: From Bit-Fixing to NC 1 Nishanth Chandran Srinivasan Raghuraman Dhinakaran Vinayagamurthy Abstract The candidate construction of multilinear maps by Garg, Gentry, and

More information

Packing Messages and Optimizing Bootstrapping in GSW-FHE

Packing Messages and Optimizing Bootstrapping in GSW-FHE Packing Messages and Optimizing Bootstrapping in GSW-FHE Ryo Hiromasa Masayuki Abe Tatsuaki Okamoto Kyoto University NTT PKC 15 April 1, 2015 1 / 13 Fully Homomorphic Encryption (FHE) c Enc(m) f, c ĉ Eval(

More information

Constrained Pseudorandom Functions for Unconstrained Inputs

Constrained Pseudorandom Functions for Unconstrained Inputs Constrained Pseudorandom Functions for Unconstrained Inputs Apoorvaa Deshpande acdeshpa@cs.brown.edu Venkata Koppula kvenkata@cs.utexas.edu Brent Waters bwaters@cs.utexas.edu Abstract A constrained pseudo

More information

Hierarchical Functional Encryption

Hierarchical Functional Encryption Hierarchical Functional Encryption Zvika Brakerski Gil Segev Abstract Functional encryption provides fine-grained access control for encrypted data, allowing each user to learn only specific functions

More information

Adaptively Secure Constrained Pseudorandom Functions

Adaptively Secure Constrained Pseudorandom Functions Adaptively Secure Constrained Pseudorandom Functions Dennis Hofheinz dennis.hofheinz@kit.edu Venkata Koppula University of Texas at Austin kvenkata@cs.utexas.edu Akshay Kamath University of Texas at Austin

More information

CLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD

CLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD CLASSICAL CRYPTOSYSTEMS IN A QUANTUM WORLD Mark Zhandry Stanford University * Joint work with Dan Boneh But First: My Current Work Indistinguishability Obfuscation (and variants) Multiparty NIKE without

More information

From FE Combiners to Secure MPC and Back

From FE Combiners to Secure MPC and Back From FE Combiners to Secure MPC and Back Prabhanjan Ananth Saikrishna Badrinarayanan Aayush Jain Nathan Manohar Amit Sahai Abstract Functional encryption (FE) has incredible applications towards computing

More information

Constructing Witness PRF and Offline Witness Encryption Without Multilinear Maps

Constructing Witness PRF and Offline Witness Encryption Without Multilinear Maps Constructing Witness PRF and Offline Witness Encryption Without Multilinear Maps Tapas Pal, Ratna Dutta Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur-721302, India tapas.pal@iitkgp.ac.in,ratna@maths.iitkgp.ernet.in

More information

Fully Key-Homomorphic Encryption and its Applications

Fully Key-Homomorphic Encryption and its Applications Fully Key-Homomorphic Encryption and its Applications D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, Valeria Nikolaenko, G. Segev, V. Vaikuntanathan, D. Vinayagamurthy Outline Background on PKE and IBE Functionality

More information

New Methods for Indistinguishability Obfuscation: Bootstrapping and Instantiation

New Methods for Indistinguishability Obfuscation: Bootstrapping and Instantiation New Methods for Indistinguishability Obfuscation: Bootstrapping and Instantiation Shweta Agrawal Abstract Constructing indistinguishability obfuscation io [BGI + 01] is a central open question in cryptography.

More information

From Minicrypt to Obfustopia via Private-Key Functional Encryption

From Minicrypt to Obfustopia via Private-Key Functional Encryption From Minicrypt to Obfustopia via Private-Key Functional Encryption Ilan Komargodski Weizmann Institute of Science Joint work with Gil Segev (Hebrew University) Functional Encryption [Sahai-Waters 05] Enc

More information

Reusable Garbled Circuits and Succinct Functional Encryption

Reusable Garbled Circuits and Succinct Functional Encryption Reusable Garbled Circuits and Succinct Functional Encryption Shafi Goldwasser Yael Kalai Raluca Ada Popa Vinod Vaikuntanathan Nickolai Zeldovich MIT CSAIL Microsoft Research University of Toronto March

More information

Bootstrapping Obfuscators via Fast Pseudorandom Functions

Bootstrapping Obfuscators via Fast Pseudorandom Functions Bootstrapping Obfuscators via Fast Pseudorandom Functions Benny Applebaum October 26, 2013 Abstract We show that it is possible to upgrade an obfuscator for a weak complexity class WEAK into an obfuscator

More information

Limits of Extractability Assumptions with Distributional Auxiliary Input

Limits of Extractability Assumptions with Distributional Auxiliary Input Limits of Extractability Assumptions with Distributional Auxiliary Input Elette Boyle Cornell University ecb227@cornell.edu Rafael Pass Cornell University rafael@cs.cornell.edu November 20, 2013 Abstract

More information

Output-Compressing Randomized Encodings and Applications

Output-Compressing Randomized Encodings and Applications Output-Compressing Randomized Encodings and Applications Huijia Lin Rafael Pass Karn Seth Sidharth Telang December 18, 2015 Abstract We consider randomized encodings (RE) that enable encoding a Turing

More information

A Comment on Gu Map-1

A Comment on Gu Map-1 A Comment on Gu Map-1 Yupu Hu and Huiwen Jia ISN Laboratory, Xidian University, 710071 Xi an, China yphu@mail.xidian.edu.cn Abstract. Gu map-1 is a modified version of GGH map. It uses same ideal lattices

More information

Lattice-Based Non-Interactive Arugment Systems

Lattice-Based Non-Interactive Arugment Systems Lattice-Based Non-Interactive Arugment Systems David Wu Stanford University Based on joint works with Dan Boneh, Yuval Ishai, Sam Kim, and Amit Sahai Soundness: x L, P Pr P, V (x) = accept = 0 No prover

More information

Delegating RAM Computations with Adaptive Soundness and Privacy

Delegating RAM Computations with Adaptive Soundness and Privacy Delegating RAM Computations with Adaptive Soundness and Privacy Prabhanjan Ananth Yu-Chi Chen Kai-Min Chung Huijia Lin Wei-Kai Lin November 7, 2015 Abstract We consider the problem of delegating RAM computations

More information

COS 597C: Recent Developments in Program Obfuscation Lecture 7 (10/06/16) Notes for Lecture 7

COS 597C: Recent Developments in Program Obfuscation Lecture 7 (10/06/16) Notes for Lecture 7 COS 597C: Recent Developments in Program Obfuscation Lecture 7 10/06/16 Lecturer: Mark Zhandry Princeton University Scribe: Jordan Tran Notes for Lecture 7 1 Introduction In this lecture, we show how to

More information

Projective Arithmetic Functional Encryption. and. Indistinguishability Obfuscation (io) from Degree-5 Multilinear maps

Projective Arithmetic Functional Encryption. and. Indistinguishability Obfuscation (io) from Degree-5 Multilinear maps Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (io) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of io All current constructions of io are

More information

ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation

ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation Nir Bitansky Omer Paneth February 12, 2015 Abstract We present new constructions of two-message and one-message

More information

Candidate Differing-Inputs Obfuscation from Indistinguishability Obfuscation and Auxiliary-Input Point Obfuscation

Candidate Differing-Inputs Obfuscation from Indistinguishability Obfuscation and Auxiliary-Input Point Obfuscation Candidate Differing-Inputs Obfuscation from Indistinguishability Obfuscation and Auxiliary-Input Point Obfuscation Dongxue Pan 1,2, Hongda Li 1,2, Peifang Ni 1,2 1 The Data Assurance and Communication

More information

Cryptographic Multilinear Maps. Craig Gentry and Shai Halevi

Cryptographic Multilinear Maps. Craig Gentry and Shai Halevi Cryptographic Multilinear Maps Craig Gentry and Shai Halevi China Summer School on Lattices and Cryptography, June 2014 Multilinear Maps (MMAPs) A Technical Tool A primitive for building applications,

More information

Huijia (Rachel) Lin UCSB Partial Joint work with Stefano Tessaro

Huijia (Rachel) Lin UCSB Partial Joint work with Stefano Tessaro Indistinguishability Obfuscation from Low-Degree Multilinear Maps and (Blockwise) Local PRGs [Lin16b, LT17, To appear, Crypto 17] Huijia (Rachel) Lin UCSB Partial Joint work with Stefano Tessaro Circuit

More information

Constrained Pseudorandom Functions and Their Applications

Constrained Pseudorandom Functions and Their Applications Constrained Pseudorandom Functions and Their Applications Dan Boneh dabo@cs.stanford.edu Brent Waters bwaters@cs.utexas.edu September 9, 2013 Abstract We put forward a new notion of pseudorandom functions

More information

Constrained PRFs for Unbounded Inputs with Short Keys

Constrained PRFs for Unbounded Inputs with Short Keys Constrained PRFs for Unbounded Inputs with Short Keys Hamza busalah 1, Georg Fuchsbauer 2 1 IST ustria habusalah@ist.ac.at 2 ENS, CNRS, INRI and PSL Research University, Paris, France georg.fuchsbauer@ens.fr

More information

Increased efficiency and functionality through lattice-based cryptography

Increased efficiency and functionality through lattice-based cryptography Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, INRIA, PSL Research University RESEARCH UNIVERSITY PARIS ECRYPT-NET Cloud Summer School Leuven, Belgium

More information

Fully Secure and Fast Signing from Obfuscation

Fully Secure and Fast Signing from Obfuscation Fully Secure and Fast Signing from Obfuscation Kim Ramchen University of Texas at ustin kramchen@cs.utexas.edu Brent Waters University of Texas at ustin bwaters@cs.utexas.edu bstract In this work we explore

More information

Riding on Asymmetry: Efficient ABE for Branching Programs

Riding on Asymmetry: Efficient ABE for Branching Programs Riding on Asymmetry: Efficient ABE for Branching Programs Sergey Gorbunov and Dhinakaran Vinayagamurthy Abstract. In an Attribute-Based Encryption ABE scheme the ciphertext encrypting a message µ, is associated

More information

Obfuscating Compute-and-Compare Programs under LWE

Obfuscating Compute-and-Compare Programs under LWE Obfuscating Compute-and-Compare Programs under LWE Daniel Wichs Giorgos Zirdelis August 15, 2017 Abstract We show how to obfuscate a large and expressive class of programs, which we call compute-andcompare

More information

Data-Mining on GBytes of

Data-Mining on GBytes of Data-Mining on GBytes of Encrypted Data In collaboration with Dan Boneh (Stanford); Udi Weinsberg, Stratis Ioannidis, Marc Joye, Nina Taft (Technicolor). Outline Motivation Background on cryptographic

More information

THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY

THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY Mark Zhandry - Stanford University Joint work with Dan Boneh Classical Cryptography Post-Quantum Cryptography All communication stays classical

More information

Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model

Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model Susan Hohenberger 1, Venkata Koppula 2, and Brent Waters 2 1 Johns Hopkins University, Baltimore, USA susan@cs.jhu.edu 2 University

More information

QUANTUM HOMOMORPHIC ENCRYPTION FOR POLYNOMIAL-SIZED CIRCUITS

QUANTUM HOMOMORPHIC ENCRYPTION FOR POLYNOMIAL-SIZED CIRCUITS QUANTUM HOMOMORPHIC ENCRYPTION FOR POLYNOMIAL-SIZED CIRCUITS Florian Speelman (joint work with Yfke Dulek and Christian Schaffner) http://arxiv.org/abs/1603.09717 QIP 2017, Seattle, Washington, Monday

More information

Output Compression, MPC, and io for Turing Machines

Output Compression, MPC, and io for Turing Machines Output Compression, MPC, and io for Turing Machines Saikrishna Badrinarayanan Rex Fernando Venkata Koppula Amit Sahai Brent Waters Abstract In this work, we study the fascinating notion of output-compressing

More information

How to Generate and use Universal Samplers

How to Generate and use Universal Samplers How to Generate and use Universal Samplers Dennis Hofheinz Karlsruher Institut für Technologie Dennis.Hofheinz@kit.edu Dakshita Khurana UCLA Center for Encrypted Functionalities dakshita@cs.ucla.edu Brent

More information

A Lattice-Based Universal Thresholdizer for Cryptographic Systems

A Lattice-Based Universal Thresholdizer for Cryptographic Systems A Lattice-Based Universal Thresholdizer for Cryptographic Systems Dan Boneh Rosario Gennaro Steven Goldfeder Sam Kim Abstract We develop a general approach to thresholdizing a large class of (non-threshold)

More information

Succinct Functional Encryption and Applications: Reusable Garbled Circuits and Beyond

Succinct Functional Encryption and Applications: Reusable Garbled Circuits and Beyond Succinct Functional Encryption and Applications: Reusable Garbled Circuits and Beyond Shafi Goldwasser Yael Kalai Raluca Ada Popa Vinod Vaikuntanathan Nickolai Zeldovich MIT CSAIL Microsoft Research University

More information

Stronger Security for Reusable Garbled Circuits, General Definitions and Attacks

Stronger Security for Reusable Garbled Circuits, General Definitions and Attacks Stronger Security for Reusable Garbled Circuits, General Definitions and Attacks Shweta Agrawal Abstract We construct a functional encryption scheme for circuits which simultaneously achieves and improves

More information

Threshold Cryptosystems From Threshold Fully Homomorphic Encryption

Threshold Cryptosystems From Threshold Fully Homomorphic Encryption Threshold Cryptosystems From Threshold Fully Homomorphic Encryption Dan Boneh Rosario Gennaro Steven Goldfeder Aayush Jain Sam Kim Peter M. R. Rasmussen Amit Sahai Abstract We develop a general approach

More information

Differing-Inputs Obfuscation and Applications

Differing-Inputs Obfuscation and Applications Differing-Inputs Obfuscation and Applications Prabhanjan Ananth Dan Boneh Sanjam Garg Amit Sahai Mark Zhandry Abstract In this paper, we study of the notion of differing-input obfuscation, introduced by

More information

Indistinguishability Obfuscation: from Approximate to Exact

Indistinguishability Obfuscation: from Approximate to Exact Indistinguishability Obfuscation: from Approximate to Exact Nir Bitansky Vinod Vaikuntanathan Abstract We show general transformations from subexponentially-secure approximate indistinguishability obfuscation

More information

Lecture 28: Public-key Cryptography. Public-key Cryptography

Lecture 28: Public-key Cryptography. Public-key Cryptography Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access

More information

Adaptive Security of Constrained PRFs

Adaptive Security of Constrained PRFs Adaptive Security of Constrained PRFs Georg Fuchsbauer 1, Momchil Konstantinov 2, Krzysztof Pietrzak 1, and Vanishree Rao 3 1 Institute of Science and Technology Austria 2 London School of Geometry and

More information

Low Overhead Broadcast Encryption from Multilinear Maps

Low Overhead Broadcast Encryption from Multilinear Maps Low Overhead Broadcast Encryption from Multilinear Maps Dan Boneh Stanford University dabo@cs.stanford.edu Mark Zhandry Stanford University zhandry@cs.stanford.edu Brent Waters University of Texas at Austin

More information

Cutting-Edge Cryptography Through the Lens of Secret Sharing

Cutting-Edge Cryptography Through the Lens of Secret Sharing Cutting-Edge Cryptography Through the Lens of Secret Sharing Ilan Komargodski Mark Zhandry Abstract Secret sharing is a mechanism by which a trusted dealer holding a secret splits the secret into many

More information

Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model

Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model Susan Hohenberger Johns Hopkins University susan@cs.hu.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu November

More information

1 Public-key encryption

1 Public-key encryption CSCI 5440: Cryptography Lecture 4 The Chinese University of Hong Kong, Spring 2018 29 and 30 January 2018 1 Public-key encryption Public-key encryption is a type of protocol by which Alice can send Bob

More information

Succinct Adaptive Garbled RAM

Succinct Adaptive Garbled RAM Succinct Adaptive Garbled RAM Ran Canetti Yilei Chen Justin Holmgren Mariana Raykova November 4, 2015 Abstract We show how to garble a large persistent database and then garble, one by one, a sequence

More information

Fully Homomorphic Encryption. Zvika Brakerski Weizmann Institute of Science

Fully Homomorphic Encryption. Zvika Brakerski Weizmann Institute of Science Fully Homomorphic Encryption Zvika Brakerski Weizmann Institute of Science AWSCS, March 2015 Outsourcing Computation x x f f(x) Email, web-search, navigation, social networking What if x is private? Search

More information

BEYOND POST QUANTUM CRYPTOGRAPHY

BEYOND POST QUANTUM CRYPTOGRAPHY BEYOND POST QUANTUM CRYPTOGRAPHY Mark Zhandry Stanford University Joint work with Dan Boneh Classical Cryptography Post-Quantum Cryptography All communication stays classical Beyond Post-Quantum Cryptography

More information

Lockable Obfuscation

Lockable Obfuscation Rishab Goyal UT Austin rgoyal@cs.utexas.edu Lockable Obfuscation Venkata Koppula UT Austin kvenkata@cs.utexas.edu Brent Waters UT Austin bwaters@cs.utexas.edu Abstract In this paper we introduce the notion

More information

Adaptive Security of Constrained PRFs

Adaptive Security of Constrained PRFs Adaptive Security of Constrained PRFs Georg Fuchsbauer 1, Momchil Konstantinov 2, Krzysztof Pietrzak 1, and Vanishree Rao 3 1 IST Austria, {gfuchsbauer,pietrzak}ist.ac.at 2 London School of Geometry and

More information

Random Oracles in a Quantum World

Random Oracles in a Quantum World Dan Boneh 1 Özgür Dagdelen 2 Marc Fischlin 2 Anja Lehmann 3 Christian Schaffner 4 Mark Zhandry 1 1 Stanford University, USA 2 CASED & Darmstadt University of Technology, Germany 3 IBM Research Zurich,

More information

Publicly Verifiable Software Watermarking

Publicly Verifiable Software Watermarking Publicly Verifiable Software Watermarking Aloni Cohen Justin Holmgren Vinod Vaikuntanathan April 22, 2015 Abstract Software Watermarking is the process of transforming a program into a functionally equivalent

More information

Predicate Encryption for Multi-Dimensional Range Queries from Lattices

Predicate Encryption for Multi-Dimensional Range Queries from Lattices Predicate Encryption for Multi-Dimensional Range Queries from Lattices Romain Gay and Pierrick Méaux and Hoeteck Wee ENS, Paris, France Abstract. We construct a lattice-based predicate encryption scheme

More information

Limits of Extractability Assumptions with Distributional Auxiliary Input

Limits of Extractability Assumptions with Distributional Auxiliary Input Limits of Extractability Assumptions with Distributional Auxiliary Input Elette Boyle Technion Israel eboyle@alum.mit.edu Rafael Pass Cornell University rafael@cs.cornell.edu August 24, 2015 Abstract Extractability,

More information

Adaptive Garbled RAM from Laconic Oblivious Transfer

Adaptive Garbled RAM from Laconic Oblivious Transfer Adaptive Garbled RAM from Laconic Oblivious Transfer Sanjam Garg University of California, Berkeley sanjamg@berkeley.edu Akshayaram Srinivasan University of California, Berkeley akshayaram@berkeley.edu

More information

Computing with Encrypted Data Lecture 26

Computing with Encrypted Data Lecture 26 Computing with Encrypted Data 6.857 Lecture 26 Encryption for Secure Communication M Message M All-or-nothing Have Private Key, Can Decrypt No Private Key, No Go cf. Non-malleable Encryption Encryption

More information

Bounded-Communication Leakage Resilience via Parity-Resilient Circuits

Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Bounded-Communication Leakage Resilience via Parity-Resilient Circuits Vipul Goyal Yuval Ishai Hemanta K. Maji Amit Sahai Alexander A. Sherstov September 6, 2016 Abstract We consider the problem of distributing

More information

Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE, and Compact Garbled Circuits

Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE, and Compact Garbled Circuits Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE, and Compact Garbled Circuits Dan Boneh Craig Gentry Sergey Gorbunov Shai Halevi Valeria Nikolaenko Gil Segev Vinod Vaikuntanathan Dhinakaran Vinayagamurthy

More information

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies

More information

Lossy Trapdoor Functions and Their Applications

Lossy Trapdoor Functions and Their Applications 1 / 15 Lossy Trapdoor Functions and Their Applications Chris Peikert Brent Waters SRI International On Losing Information 2 / 15 On Losing Information 2 / 15 On Losing Information 2 / 15 On Losing Information

More information

On the power of non-adaptive quantum chosen-ciphertext attacks

On the power of non-adaptive quantum chosen-ciphertext attacks On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic (UMD, NIST), Stacey Jeffery (QuSoft, CWI), and Maris Ozols (QuSoft, UvA) Alexander Poremba August 29, 2018 Heidelberg

More information

Fully Homomorphic Encryption from LWE

Fully Homomorphic Encryption from LWE Fully Homomorphic Encryption from LWE Based on joint works with: Zvika Brakerski (Stanford) Vinod Vaikuntanathan (University of Toronto) Craig Gentry (IBM) Post-Quantum Webinar, November 2011 Outsourcing

More information

Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes

Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes Huijia Lin University of California, Santa Barbara Abstract. We construct an indistinguishability obfuscation (IO) scheme for

More information

Publicly Evaluable Pseudorandom Functions and Their Applications

Publicly Evaluable Pseudorandom Functions and Their Applications Publicly Evaluable Pseudorandom Functions and Their Applications Yu Chen yuchen.prc@gmail.com Zongyang Zhang zongyang.zhang@gmail.com Abstract We put forth the notion of publicly evaluable pseudorandom

More information

Targeted Homomorphic Attribute Based Encryption

Targeted Homomorphic Attribute Based Encryption Targeted Homomorphic Attribute Based Encryption Zvika Brakerski David Cash Rotem Tsabary Hoeteck Wee Abstract In (key-policy) attribute based encryption (ABE), messages are encrypted respective to attributes

More information

1 Secure two-party computation

1 Secure two-party computation CSCI 5440: Cryptography Lecture 7 The Chinese University of Hong Kong, Spring 2018 26 and 27 February 2018 In the first half of the course we covered the basic cryptographic primitives that enable secure

More information

Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups

Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups David Mandell Freeman Stanford University, USA Eurocrypt 2010 Monaco, Monaco 31 May 2010 David Mandell Freeman (Stanford)

More information

Keyword Search and Oblivious Pseudo-Random Functions

Keyword Search and Oblivious Pseudo-Random Functions Keyword Search and Oblivious Pseudo-Random Functions Mike Freedman NYU Yuval Ishai, Benny Pinkas, Omer Reingold 1 Background: Oblivious Transfer Oblivious Transfer (OT) [R], 1-out-of-N [EGL]: Input: Server:

More information

Graded Encoding Schemes from Obfuscation

Graded Encoding Schemes from Obfuscation Graded Encoding Schemes from Obfuscation Pooya Farshim,1,2, Julia Hesse 1,2,3, Dennis Hofheinz,3, and Enrique Larraia 1 DIENS, École normale supérieure, CNRS, PSL Research University, Paris, France 2 INRIA

More information

Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply

Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply CIS 2018 Efficient MPC Oblivious Transfer and Oblivious Linear Evaluation aka How to Multiply Claudio Orlandi, Aarhus University Circuit Evaluation 3) Multiplication? How to compute [z]=[xy]? Alice, Bob

More information

Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols

Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols CS 294 Secure Computation January 19, 2016 Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols Instructor: Sanjam Garg Scribe: Pratyush Mishra 1 Introduction Secure multiparty computation

More information

k-round MPC from k-round OT via Garbled Interactive Circuits

k-round MPC from k-round OT via Garbled Interactive Circuits k-round MPC from k-round OT via Garbled Interactive Circuits Fabrice Benhamouda Huijia Lin Abstract We present new constructions of round-efficient, or even round-optimal, Multi- Party Computation (MPC)

More information

Lecture 11: Key Agreement

Lecture 11: Key Agreement Introduction to Cryptography 02/22/2018 Lecture 11: Key Agreement Instructor: Vipul Goyal Scribe: Francisco Maturana 1 Hardness Assumptions In order to prove the security of cryptographic primitives, we

More information

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh Yuval Ishai Amit Sahai David J. Wu Abstract Succinct non-interactive arguments (SNARGs) enable verifying NP computations

More information

CRYPTANALYSIS OF COMPACT-LWE

CRYPTANALYSIS OF COMPACT-LWE SESSION ID: CRYP-T10 CRYPTANALYSIS OF COMPACT-LWE Jonathan Bootle, Mehdi Tibouchi, Keita Xagawa Background Information Lattice-based cryptographic assumption Based on the learning-with-errors (LWE) assumption

More information

Indistinguishability Obfuscation for All Circuits from Secret-Key Functional Encryption

Indistinguishability Obfuscation for All Circuits from Secret-Key Functional Encryption Indistinguishability Obfuscation for All Circuits from Secret-Key Functional Encryption Fuyuki Kitagawa 1 Ryo Nishimaki 2 Keisuke Tanaka 1 1 Tokyo Institute of Technology, Japan {kitagaw1,keisuke}@is.titech.ac.jp

More information

ADVERTISING AGGREGATIONARCHITECTURE

ADVERTISING AGGREGATIONARCHITECTURE SOMAR LAPS PRIVACY-PRESERVING LATTICE-BASED PRIVATE-STREAM SOCIAL MEDIA ADVERTISING AGGREGATIONARCHITECTURE OR: HOW NOT TO LEAVE YOUR PERSONAL DATA AROUND REVISITING PRIVATE-STREAM AGGREGATION: LATTICE-BASED

More information

The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator

The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator Nir Bitansky 1,, Ran Canetti 1,2,,HenryCohn 3, Shafi Goldwasser 4,5, Yael Tauman Kalai 3,OmerPaneth 2,,andAlonRosen 6, 1 Tel

More information

Attribute-based Encryption & Delegation of Computation

Attribute-based Encryption & Delegation of Computation Lattices and Homomorphic Encryption, Spring 2013 Instructors: Shai Halevi, Tal Malkin Attribute-based Encryption & Delegation of Computation April 9, 2013 Scribe: Steven Goldfeder We will cover the ABE

More information

CS 355: TOPICS IN CRYPTOGRAPHY

CS 355: TOPICS IN CRYPTOGRAPHY CS 355: TOPICS IN CRYPTOGRAPHY DAVID WU Abstract. Preliminary notes based on course material from Professor Boneh s Topics in Cryptography course (CS 355) in Spring, 2014. There are probably typos. Last

More information

Shai Halevi IBM August 2013

Shai Halevi IBM August 2013 Shai Halevi IBM August 2013 I want to delegate processing of my data, without giving away access to it. I want to delegate the computation to the cloud, I want but the to delegate cloud the shouldn t computation

More information

cryptography Think pairings lattices WhatthiscourseisaHabout?_ cryptography line. cryptography based and cryptography much of the re - Thinking

cryptography Think pairings lattices WhatthiscourseisaHabout?_ cryptography line. cryptography based and cryptography much of the re - Thinking Foundations Zero What Logistics LWE Hellman CS355leeturetCL# Gibbs Instructors Henry Corrigan Sam Kim all PhD students working with David Wu Dan Boneh TA Florian Trainer this course is all about? 2 administrivia

More information

An Equivalence Between Attribute-Based Signatures and Homomorphic Signatures, and New Constructions for Both

An Equivalence Between Attribute-Based Signatures and Homomorphic Signatures, and New Constructions for Both An Equivalence Between Attribute-Based Signatures and Homomorphic Signatures, and New Constructions for Both Rotem Tsabary January 24, 2018 Abstract In Attribute-Based Signatures (ABS; first defined by

More information

Practical Order-Revealing Encryption with Limited Leakage

Practical Order-Revealing Encryption with Limited Leakage Practical Order-Revealing Encryption with Limited Leakage Nathan Chenette 1, Kevin Lewi 2, Stephen A. Weis 3, and David J. Wu 2 1 Rose-Hulman Institute of Technology 2 Stanford University 3 Facebook, Inc.

More information

GGHLite: More Efficient Multilinear Maps from Ideal Lattices

GGHLite: More Efficient Multilinear Maps from Ideal Lattices GGHLite: More Efficient Multilinear Maps from Ideal Lattices Adeline Langlois, Damien Stehlé and Ron Steinfeld Aric Team, LIP, ENS de Lyon May, 4 Adeline Langlois GGHLite May, 4 / 9 Our main result Decrease

More information

Indistinguishability Obfuscation vs. Auxiliary-Input Extractable Functions: One Must Fall

Indistinguishability Obfuscation vs. Auxiliary-Input Extractable Functions: One Must Fall Indistinguishability Obfuscation vs. Auxiliary-Input Extractable Functions: One Must Fall Nir Bitansky Ran Canetti Omer Paneth Alon Rosen June 3, 2014 This is an out of date draft. The paper was merged

More information

Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption

Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption Dan Boneh Ananth Raghunathan Gil Segev Abstract We put forward a new notion, function privacy, in identity-based

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback