a classification of computational assumptions in the
play

A Classification of Computational Assumptions in the Algebraic Group - PowerPoint PPT Presentation

Mar 12, 2024 •295 likes •1.22k views

A Classification of Computational Assumptions in the Algebraic Group Model Balthazar Bauer, Georg Fuchsbauer, Julian Loss August 11, 2020 1 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 2 1. The Algebraic Group

  1. A Classification of Computational Assumptions in the Algebraic Group Model Balthazar Bauer, Georg Fuchsbauer, Julian Loss August 11, 2020 1

  2. 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 2

  3. 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 3

  4. From GGM to AGM ◮ Let G be a cyclic group of prime order p . 4

  5. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Standard Model ( � , ♥ ) b ( Z 1 , Z 2 , Z 3 ) � + ♥ C ( ♠ , ( a 1 , a 2 , a 3 )) such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 4

  6. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Standard Model ( � , ♥ ) b ( Z 1 , Z 2 , Z 3 ) � + ♥ C ( ♠ , ( a 1 , a 2 , a 3 )) Y such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 4

  7. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ , ⋆ ) C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  8. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ ) ( � , ♥ , ⋆ ) C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  9. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ ) ( � , ♥ , ⋆ ) ♣ = � + ♥ C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  10. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model ( � , ♥ ) ( � , ♥ , ⋆ ) ♣ = � + ♥ C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) ♠ such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 5

  11. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Generic Group Model (modified) ( � , ♥ ) ( � , ♥ , ⋆ ) ♣ = � + ♥ C ♠ = a 1 � + a 2 ♥ + a 3 ⋆ ( ♠ , ( a 1 , a 2 , a 3 )) such that ♠ = a 1 � + a 2 ♥ + a 3 ⋆ 6

  12. From GGM to AGM ◮ Let G be a cyclic group of prime order p . Algebraic Group Model ( � , ♥ ) b ( Z 1 , Z 2 , Z 3 ) � + ♥ C Y = a 1 Z 1 + a 2 Z 2 + a 3 Z 3 ( Y , ( a 1 , a 2 , a 3 )) such that Y = a 1 Z 1 + a 2 Z 2 + a 3 Z 3 7

  13. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. 8

  14. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. 8

  15. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : 8

  16. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p 8

  17. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) 8

  18. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) 8

  19. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) ◮ { x ∗ 1 , x ∗ 2 } ← Solve ( ℓ 1 + ℓ 2 X + ℓ 3 ( X + v )) ≡ X ( X + v ) (mod p ) 8

  20. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) ◮ { x ∗ 1 , x ∗ 2 } ← Solve ( ℓ 1 + ℓ 2 X + ℓ 3 ( X + v )) ≡ X ( X + v ) (mod p ) ◮ Output x ∗ i such that X = x ∗ i G 8

  21. Standard vs Algebraic ◮ No reduction from DLog to CDH in the standard model. ◮ Let A be an algebraic algorithm which solves CDH. ◮ B ( G , X ) : $ ◮ v ← − Z ∗ p ◮ ( Y , ℓ 1 , ℓ 2 , ℓ 3 ) ← A ( G , X , X + v G ) ( ℓ 1 G + ℓ 2 X + ℓ 3 ( X + v G ) = Y ) ◮ { x ∗ 1 , x ∗ 2 } ← Solve ( ℓ 1 + ℓ 2 X + ℓ 3 ( X + v )) ≡ X ( X + v ) (mod p ) ◮ Output x ∗ i such that X = x ∗ i G ◮ Conclusion: AGM enables new security reductions 8

  22. q -Diffie-Hellman Exponent ◮ Let G be a cyclic group of prime order p . 9

  23. q -Diffie-Hellman Exponent ◮ Let G be a cyclic group of prime order p .   G x G     x 2 G $   → x q + 1 G ← − Z p ; → x   ·     ·   x q G 9

  24. q -Diffie-Hellman Exponent ◮ Let G be a cyclic group of prime order p .   G x G     x 2 G $   → x q + 1 G ← − Z p ; → x   ·     ·   x q G Can we reduce DLog to q -DHE? 9

  25. q -Strong Diffie-Hellman (Boneh Boyen 2004 ) ◮ Let ( G 1 , G 2 , e ) be a bilinear cyclic group of prime order p . 10

  26. q -Strong Diffie-Hellman (Boneh Boyen 2004 ) ◮ Let ( G 1 , G 2 , e ) be a bilinear cyclic group of prime order p .   G 1 G 2     x G 2   � � $ 1   ← − Z p ; → → c , x 2 G 2 ( x + c ) G 1 x     ·     ·   x q G 2 10

  27. q -Strong Diffie-Hellman (Boneh Boyen 2004 ) ◮ Let ( G 1 , G 2 , e ) be a bilinear cyclic group of prime order p .   G 1 G 2     x G 2   � � $ 1   ← − Z p ; → → c , x 2 G 2 ( x + c ) G 1 x     ·     ·   x q G 2 Can we reduce DLog to q -SDH? 10

  28. DLog CDH DHI one-more DLog q ′ -DLog q -SDH SRDH Gap-DH q ′′ -DHE LRSW 11

  29. DLog CDH DHI one-more DLog q ′ -DLog q -SDH SRDH Gap-DH q ′′ -DHE LRSW 12

  30. DLog ? CDH DHI ? one-more DLog q ′ -DLog ? ? q -SDH SRDH Gap-DH q ′′ -DHE LRSW 13

  31. 1. The Algebraic Group Model (FKL 2018) 2. Classification 3. Separation 14

  32. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions 15

  33. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] 15

  34. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G  R 2 = R 2 ( � x ) G   $   � → P ( � ← − Z m p ; · → x ) G x     ·   R n = R n ( � x ) G R ) : P = � a i R i Easy if P ∈ Span ( � x ) = � a i R i ( � P ( � x ) ; x ) G = � a i R i P ( � ; Hard in the GGM if P �∈ Span ( � R ) (non-triviality condition) 15

  35. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions (like CDH) ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ]  R 1 = R 1 ( �  x ) G ( = 1 G ) $  → R 2 = R 2 ( � → P ( � ( x , y ) ← − Z 2 p ; x ) G ( = x G ) x ) G ( = xy G )  R 3 = R 3 ( � x ) G ( = y G ) Easy if P ∈ Span ( � R ) : R ) : P = � a i R i Easy if P ∈ Span ( � x ) = � a i R i ( � P ( � x ) ; x ) G = � a i R i P ( � ; Hard in the GGM if P �∈ Span ( � R ) (non-triviality condition) 16

  36. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions (like q -DHE) ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G ( = 1 G )  R 2 = R 2 ( � x ) G ( = x G )     R 3 = R 3 ( � x ) G ( = x 2 G ) $   x ) G ( = x q + 1 G ) → P ( � ← − Z p ; → x   ·     ·   R n = R n ( � x ) G ( = x q G ) R ) : P = � a i R i Easy if P ∈ Span ( � x ) = � a i R i ( � P ( � x ) ; x ) G = � a i R i P ( � ; 17

  37. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G  R 2 = R 2 ( � x ) G   $   � → P ( � ← − Z m p ; · → x ) G x     ·   R n = R n ( � x ) G ◮ Easy if P ∈ Span ( � R ) : 18

  38. ( � R , P ) -uber assumption (Boneh Boyen Goh 2005 ) ◮ General idea: Describe many assumptions ◮ � R ∈ Z p [ X 1 , . . . , X m ] n , P ∈ Z p [ X 1 , . . . , X m ] R 1 = R 1 ( �  x ) G  R 2 = R 2 ( � x ) G   $   � → P ( � ← − Z m p ; · → x ) G x     ·   R n = R n ( � x ) G R ) : P = � a i R i ◮ Easy if P ∈ Span ( � 18

Recommend

Computational Complexity of NL1 with Assumptions Maria Buli nska University of Warmia and

Computational Complexity of NL1 with Assumptions Maria Buli nska University of Warmia and

Computational Complexity of NL1 with Assumptions Maria Buli nska University of Warmia and Mazury, Olsztyn, Poland Logic Colloquium, Wroc law, July 14-19, 2007 Maria Buli nska Computational Complexity of NL1 with Assumptions Table of

1.19k views • 79 slides
Deep Learning for Classification CS293S, Yang, 2017 Computational graph for classification w 1 f

Deep Learning for Classification CS293S, Yang, 2017 Computational graph for classification w 1 f

Deep Learning for Classification CS293S, Yang, 2017 Computational graph for classification w 1 f 1 w 2 S f 2 >0? w 3 f 3 Objective: Classification Accuracy m l acc ( w ) = 1 sign( w > f ( x ( i ) )) == y ( i ) X m i =1

509 views • 49 slides
Classification Classification TNM classification Survival time Survival time Tumour size,

Classification Classification TNM classification Survival time Survival time Tumour size,

2003 I. Jurisica November 13, 2003 Classification Classification TNM classification Survival time Survival time Tumour size, location Lymph Node involvement Metastasis 1A -> T1, N0, M0 Integrated Computational Analysis Integrated

80 views • 7 slides
Latent Classification Models Classification in continuous domains Helge Langseth and Thomas D.

Latent Classification Models Classification in continuous domains Helge Langseth and Thomas D.

Latent Classification Models Classification in continuous domains Helge Langseth and Thomas D. Nielsen LCM p.1/ ?? Outline Probabilistic classifiers Nave Bayes classifiers Relaxing the assumptions Latent classification

654 views • 29 slides
A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and

A Survey of Computational Assumptions on Bilinear and Multilinear Maps Allison Bishop IEX and Columbia University Group Basics There are two kinds of people in this world. Those who like additive group notation, and those who like

657 views • 31 slides
The computational and decisional Diffie-Hellman assumptions in CryptoVerif Bruno Blanchet and

The computational and decisional Diffie-Hellman assumptions in CryptoVerif Bruno Blanchet and

Basic DDH Basic CDH Need for extension Extended CDH Extended DDH Conclusion The computational and decisional Diffie-Hellman assumptions in CryptoVerif Bruno Blanchet and David Pointcheval CNRS, Ecole Normale Sup erieure, INRIA, Paris

226 views • 22 slides
Classification of finite semigroups and categories using computational methods Najwa Ghannoum W.

Classification of finite semigroups and categories using computational methods Najwa Ghannoum W.

Classification of finite semigroups and categories using computational methods Najwa Ghannoum W. Fussner, T. Jakl, and C. Simpson Universit Cte dAzur LJAD AITP 2020 September 16, 2020 1 / 31 Content 1 Background Motivations

687 views • 40 slides
Computational single-cell classification using deep learning on bright-field and phase images Nan

Computational single-cell classification using deep learning on bright-field and phase images Nan

Computational single-cell classification using deep learning on bright-field and phase images Nan Meng, Hayden K.-H. So, Edmund Y. Lam Imaging Systems Laboratory, Department of Electrical and Electronic Engineering, University of Hong Kong

572 views • 23 slides
Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Class Website CX4242: Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer, Computational Science and Engineering, Georgia Tech Visualizing Classification Performance Confusion matrix

147 views • 13 slides
Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using

Graph Classification Classification Outline Introduction, Overview Classification using Graphs Graph classification Direct Product Kernel Predictive Toxicology example dataset Vertex classification Laplacian Kernel

605 views • 33 slides
A Semi-supervised Type-based Classification of Adjectives: Distinguishing Properties and Relations

A Semi-supervised Type-based Classification of Adjectives: Distinguishing Properties and Relations

Background & Motivation Annotation Experiment Automatic Classification Conclusions A Semi-supervised Type-based Classification of Adjectives: Distinguishing Properties and Relations Matthias Hartung Anette Frank Computational Linguistics

681 views • 21 slides
1 Classification by Control Structure Classification by Memory Organization e.g.

1 Classification by Control Structure Classification by Memory Organization e.g.

Traditional Use of Parallel Computing: 732A54 Big Data Analytics Large-Scale HPC Applications High Performance Computing (HPC) Much computational work (in FLOPs, floatingpoint operations) Introduction to Often, large data sets

448 views • 11 slides
Computational Models for Attribute Meaning in Adjectives and Nouns Matthias Hartung

Computational Models for Attribute Meaning in Adjectives and Nouns Matthias Hartung

Computational Models for Attribute Meaning in Adjectives and Nouns Matthias Hartung Computational Linguistics Department Heidelberg University September 30, 2011 Arlington, VA Outline Introduction Word Level: Adjective Classification

837 views • 38 slides
Outline 1. What are philosophical assumptions and Philosophical Paradigms in why should we give

Outline 1. What are philosophical assumptions and Philosophical Paradigms in why should we give

19/04/2018 Outline 1. What are philosophical assumptions and Philosophical Paradigms in why should we give them attention? Social Research 2. Praxiological assumptions 3. Ontological assumptions 4. Epistemological assumptions Martyn

346 views • 8 slides
A Deeper Look into Web-based Classification of Music Artists Peter Knees, Markus Schedl, Tim

A Deeper Look into Web-based Classification of Music Artists Peter Knees, Markus Schedl, Tim

A Deeper Look into Web-based Classification of Music Artists Peter Knees, Markus Schedl, Tim Pohle Department of Computational Perception Johannes Kepler University Linz, Austria Overview Artist Classification with Web-based Data

721 views • 18 slides
Classification James H. Steiger Department of Psychology and Human Development Vanderbilt

Classification James H. Steiger Department of Psychology and Human Development Vanderbilt

Introduction The Linear Classification Function Quadratic Classification Functions Estimating Misclassification Rates Bias in Error Rate Estimation Error Rates in Variable Selection Classification via the k Nearest Neighbor Rule Classification

417 views • 31 slides
Abstract: Computational Complexity theory deals with the classification of problems into classes

Abstract: Computational Complexity theory deals with the classification of problems into classes

Hierarchies of complexity classes 1 Abstract: Computational Complexity theory deals with the classification of problems into classes of hardness called complexity classes. In Abstract Complexity (in contrast to Concrete Complexity) we define

247 views • 12 slides
(a) Quantitative classification (b) Qualitative classification (c) Area classification (d) Simple

(a) Quantitative classification (b) Qualitative classification (c) Area classification (d) Simple

MCQS OF PRESENTATION OF DATA MCQ No 2.1: When data are classified according to a single characteristic, it is called: (a) Quantitative classification (b) Qualitative classification (c) Area classification (d) Simple classification MCQ No 2.2:

536 views • 9 slides
Air Force Institute of Technology Wright-Patterson AFB, Ohio Overall Classification:

Air Force Institute of Technology Wright-Patterson AFB, Ohio Overall Classification:

Jason Crosby, Capt, USAF Air Force Institute of Technology Wright-Patterson AFB, Ohio Overall Classification: UNCLASSIFIED Motivation Goals Assumptions INS Model TDOA Model OFDM Signal Structure Receiver Model

486 views • 21 slides
Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which problems have algorithmic solutions Machine Learning Feasibility what assumptions must we make to trust that we can learn an unknown target

246 views • 22 slides
Web Information Retrieval Lecture 14 Text classification Sec. 13.1 Text Classification

Web Information Retrieval Lecture 14 Text classification Sec. 13.1 Text Classification

Web Information Retrieval Lecture 14 Text classification Sec. 13.1 Text Classification Nave Bayes Classification Vector space methods for Text Classification K Nearest Neighbors Decision boundaries Linear Classifiers

744 views • 47 slides
Classification 1 Classification: Basic Concepts and Methods Classification: Basic Concepts

Classification 1 Classification: Basic Concepts and Methods Classification: Basic Concepts

Classification 1 Classification: Basic Concepts and Methods Classification: Basic Concepts Decision Tree Bayes Classification Methods Model Evaluation and Selection Ensemble Methods 2 Motivating Example Fruit

853 views • 66 slides
OVERVIEW U.S. National Vegetation Classification A Classification Partnership Don Faber-

OVERVIEW U.S. National Vegetation Classification A Classification Partnership Don Faber-

OVERVIEW U.S. National Vegetation Classification A Classification Partnership Don Faber- Langendoen ALASKA GEOSPA TIAL COUNCIL February 23, 2018 USNVC: An Ecological Vegetation Classification Vegetation classification is the process of

516 views • 27 slides
Estimating the inter-arrival time density of semi-Markov processes under structural assumptions on

Estimating the inter-arrival time density of semi-Markov processes under structural assumptions on

Estimating the inter-arrival time density of semi-Markov processes under structural assumptions on the transition distribution Priscilla (Cindy) Greenwood School of Mathematics and Statistics and Mathematical and Computational Sciences Modeling

228 views • 9 slides

More recommend