adaptive partitioning
play

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key - PowerPoint PPT Presentation

Aug 09, 2023 •324 likes •1.16k views

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security notion: chosen-ciphertext security

  1. Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe)

  2. Public-Key Encryption

  3. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA)

  4. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger

  5. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible

  6. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario

  7. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario Hybrid argument → multi-user, multi-ciphertext security –

  8. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario Hybrid argument → multi-user, multi-ciphertext security – But: security guarantees may degrade in scenario size –

  9. Public-Key Encryption ● Accepted security notion: chosen-ciphertext security (IND-CCA) Dec(sk,·) pk m 0 ,m 1 Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Observation: covers only 1-user, 1-ciphertext scenario Hybrid argument → multi-user, multi-ciphertext security – But: security guarantees may degrade in scenario size – So: scenario size may influence keylength recommendations –

  10. This talk

  11. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible

  12. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH)

  13. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH) Tight: reduction loss independent of # ciphertexts/queries –

  14. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH) Tight: reduction loss independent of # ciphertexts/queries – Enables security guarantees for arbitrary/unknown scenarios –

  15. This talk ● Tightly secure PKE: multi-challenge IND-CCA Dec(sk,·) pk m 0 ,m 1 repeat Enc(pk,m b ) b' Adversary A Challenger Adv(A) = Pr [ b = b' ] – 1/2, should be negligible ● Goal: tight reduction to standard assumption (e.g., DDH) Tight: reduction loss independent of # ciphertexts/queries – Enables security guarantees for arbitrary/unknown scenarios – ● Difficulty: standard techniques yield non-tight reductions

  16. Tight CCA security

  17. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples:

  18. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples: IBE: reduction knows "punctured" sk, randomize one C (i) –

  19. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples: IBE: reduction knows "punctured" sk, randomize one C (i) – HPS: reduction knows full sk, entropy in sk randomizes one C (i) –

  20. Tight CCA security ● Tightly secure PKE: multi-challenge IND-CCA m 0 (1) ,m 1 (1) C (1) =Enc(pk,m b (1) ) … m 0 (Q) ,m 1 (Q) Adversary A Challenger C (Q) =Enc(pk,m b (Q) ) ● Standard techniques yield non-tight reductions, examples: IBE: reduction knows "punctured" sk, randomize one C (i) – HPS: reduction knows full sk, entropy in sk randomizes one C (i) – NY (double encryption with consistency proof): make one C (i) "special" (with – simulated proof), requires simulation-soundness Difficulty: simulation-soundness in face of many simulated proofs ●

  21. Previous work / contribution

  22. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR

  23. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress

  24. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress Generic new techniques to randomize challenge ciphertexts –

  25. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme –

  26. Previous work / contribution Scheme |pk| |C| (KEM) Loss Assumption CS98/BBM00 3 3 O(Q) DDH KD04/BBM00 2 2 O(Q) DDH CS03 3 2 O(Q) DCR HJ12 O(1) O(λ) O(1) DLIN (PFG) LPJY15 O(λ) 47 O(λ) DLIN (PFG) H16 2 60 O(λ) DLIN (PFG) GHKW16 2λ 3 O(λ) DDH This work 24 6 O(λ) DLIN (PFG) This work 20 30 O(λ) DCR ● This work: not yet practical, but conceptual progress Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme – ● Remaining talk: overview over new techniques

  27. Basic strategy

  28. Basic strategy ● This work: not yet practical, but conceptual progress – Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme ● Remaining talk: overview over new techniques ● Starting point: Naor-Yung double encryption: C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π )

  29. Basic strategy ● This work: not yet practical, but conceptual progress – Generic new techniques to randomize challenge ciphertexts – Yields first DCR-based tightly secure PKE scheme ● Remaining talk: overview over new techniques ● Starting point: Naor-Yung double encryption: C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) Consistency proof: proves that M 0 =M 1

  30. Naor-Yung encryption

  31. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure:

  32. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure: 0) IND-CCA experiment (many challenges), use sk 0 to decrypt

  33. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure: 0) IND-CCA experiment (many challenges), use sk 0 to decrypt NIZK ind. 1) simulate all proofs π (using NIZK simulator) in challenges

  34. Naor-Yung encryption C = ( C 0 =Enc(pk 0 ,M 0 ), C 1 =Enc(pk 1 ,M 1 ), π ) ● One (known) way to prove Naor-Yung secure: 0) IND-CCA experiment (many challenges), use sk 0 to decrypt NIZK ind. 1) simulate all proofs π (using NIZK simulator) in challenges CPA 2) randomize all M 1 in challenges

Recommend

NETWORKONCHIPASSISTED ADAPTIVE PARTITIONING AND ISOLATION FOR DYNAMIC HOMOGENEOUS

NETWORKONCHIPASSISTED ADAPTIVE PARTITIONING AND ISOLATION FOR DYNAMIC HOMOGENEOUS

NETWORKONCHIPASSISTED ADAPTIVE PARTITIONING AND ISOLATION FOR DYNAMIC HOMOGENEOUS MANYCORES Davide Bertozzi MPSoC Research Group University of Ferrara Italy email : davide.bertozzi@unife.it A collaboration with Jos

617 views • 35 slides
An Adaptive Bloom Filter Cache Partitioning Scheme for Multicore Architectures Konstantinos

An Adaptive Bloom Filter Cache Partitioning Scheme for Multicore Architectures Konstantinos

An Adaptive Bloom Filter Cache Partitioning Scheme for Multicore Architectures Konstantinos Nikas Computing Systems Laboratory NTU Athens, Greece Matthew Horsnell, Jim Garside Advanced Processor Technologies Group University of Manchester

692 views • 32 slides
RUNTIME SUPPORT FOR ADAPTIVE SPATIAL PARTITIONING AND INTER-KERNEL COMMUNICATION ON GPUS Yash

RUNTIME SUPPORT FOR ADAPTIVE SPATIAL PARTITIONING AND INTER-KERNEL COMMUNICATION ON GPUS Yash

RUNTIME SUPPORT FOR ADAPTIVE SPATIAL PARTITIONING AND INTER-KERNEL COMMUNICATION ON GPUS Yash Ukidave , Perhaad Mistry , Charu Kalra , Dana Schaa and David Kaeli Department of Electrical and Computer Engineering Northeastern

502 views • 23 slides
Planar: Parallel Lightweight Architecture-Aware Adaptive Graph Repartitioning Angen Zheng ,

Planar: Parallel Lightweight Architecture-Aware Adaptive Graph Repartitioning Angen Zheng ,

Planar: Parallel Lightweight Architecture-Aware Adaptive Graph Repartitioning Angen Zheng , Alexandros Labrinidis, and Panos K. Chrysanthis University of Pittsburgh 1 Graph Partitioning Applications of Graph Partitioning Scientific

642 views • 46 slides
1 1 Slide 5 Slide 6 Partitioning and Load Balancing Partitioning Goals Assignment of

1 1 Slide 5 Slide 6 Partitioning and Load Balancing Partitioning Goals Assignment of

Slide 2 Outline Tutorial: Partitioning, Load Balancing Part 1: and the Zoltan Toolkit Partitioning and load balancing Owner computes approach Static vs. dynamic partitioning Models and algorithms Geometric (RCB, SFC)

589 views • 25 slides
Partitioning Introduction to Partitioning Mahapatra-Texas A&M-Spring02 1 System

Partitioning Introduction to Partitioning Mahapatra-Texas A&M-Spring02 1 System

Partitioning Introduction to Partitioning Mahapatra-Texas A&M-Spring02 1 System partitioning System level partitioning problem Assignment of operations to hardware or software Assignment of an operation to HW or SW determines

445 views • 18 slides
Territory partitioning is ... art Territory Partitioning for Minimalist Gossiping Robots

Territory partitioning is ... art Territory Partitioning for Minimalist Gossiping Robots

Territory partitioning is ... art Territory Partitioning for Minimalist Gossiping Robots Francesco Bullo Center for Control, Dynamical Systems & Computation University of California at Santa Barbara http:/ /motion.mee.ucsb.edu Johns

100 views • 6 slides
Partitioning and Divide-and- Conquer Strategies Partitioning Strategies Partitioning simply

Partitioning and Divide-and- Conquer Strategies Partitioning Strategies Partitioning simply

Partitioning and Divide-and- Conquer Strategies Partitioning Strategies Partitioning simply divides the problem into parts Example - Adding a sequence of numbers We might consider dividing the sequence into m parts of n / m numbers each, ( x 0

514 views • 33 slides
Partitioning Decompose computation into tasks to equi-distribute the data and work, minimize

Partitioning Decompose computation into tasks to equi-distribute the data and work, minimize

Lecture 12: Partitioning and Load Balancing G63.2011.002/G22.2945.001 November 16, 2010 thanks to Schloegel,Karypis and Kumar survey paper and Zoltan website for many of todays slides and pictures Partitioning Decompose

837 views • 52 slides
Investigating hypergraph-partitioning-based sparse matrix partitioning methods Bora U car

Investigating hypergraph-partitioning-based sparse matrix partitioning methods Bora U car

Outline Investigating hypergraph-partitioning-based sparse matrix partitioning methods Bora U car ro:ma, Lyon, France 22 October 2009 Jointly with Umit V. C ataly urek (VMWIP) 1/37 Hypergraph partitioning Outline Outline

490 views • 37 slides
Partitioning under the hood in MySQL 5.5 Mattias Jonsson, Partitioning developer Mikael

Partitioning under the hood in MySQL 5.5 Mattias Jonsson, Partitioning developer Mikael

<Insert Picture Here> Partitioning under the hood in MySQL 5.5 Mattias Jonsson, Partitioning developer Mikael Ronstrm, Partitioning author Who are we? Mikael is a founder of the technology behind NDB Cluster (MySQL Cluster)

379 views • 35 slides
Sparse matrix partitioning, ordering, and visualisation by Mondriaan 3.0 Outline Partitioning

Sparse matrix partitioning, ordering, and visualisation by Mondriaan 3.0 Outline Partitioning

Sparse matrix partitioning, ordering, and visualisation by Mondriaan 3.0 Outline Partitioning Matrix-vector Rob H. Bisseling, Albert-Jan Yzelman, Bas Fagginger Auer Movies Hypergraphs Ordering Mathematical Institute, Utrecht University SBD

468 views • 26 slides
Power grid partitioning Data-Driven Partitioning of Power Networks Via Koopman Mode

Power grid partitioning Data-Driven Partitioning of Power Networks Via Koopman Mode

Power grid partitioning Data-Driven Partitioning of Power Networks Via Koopman Mode Analysis by Raak, Susuki and Hikihara Presented by Andr and Pontus http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/BlackoutFinal-Web.pdf 2

411 views • 27 slides
Background MapReduce Model SCOPE Language and Cosmos system Advanced partitioning

Background MapReduce Model SCOPE Language and Cosmos system Advanced partitioning

Nian Ke David R . Cheriton School of Computer Science University of Waterloo Background MapReduce Model SCOPE Language and Cosmos system Advanced partitioning techniques Partial Partitioning Hash-Based Partitioning

543 views • 26 slides
Some Results on the Online Partitioning of Permutations Benjamin Leroy-Beaulieu 1 Marc Demange 2 1

Some Results on the Online Partitioning of Permutations Benjamin Leroy-Beaulieu 1 Marc Demange 2 1

Preliminaries Isotone Partitioning Monotone Partitioning Conclusion Some Results on the Online Partitioning of Permutations Benjamin Leroy-Beaulieu 1 Marc Demange 2 1 IMA-ROSO Ecole Polytechnique Fdrale de Lausanne 2 Dpartment SID

929 views • 75 slides
Partitioning Problem and Usage Lecture 8 CSCI 4974/6971 26 Sep 2016 1 / 14 Todays Biz 1.

Partitioning Problem and Usage Lecture 8 CSCI 4974/6971 26 Sep 2016 1 / 14 Todays Biz 1.

Partitioning Problem and Usage Lecture 8 CSCI 4974/6971 26 Sep 2016 1 / 14 Todays Biz 1. Reminders 2. Review 3. Graph Partitioning overview 4. Graph Partitioning Small-world Graphs 5. Partitioning Usage example 2 / 14 Todays Biz 1.

1.47k views • 102 slides
Data Life Cycle Management for Oracle @ CERN with partitioning Oracle @ CERN with partitioning,

Data Life Cycle Management for Oracle @ CERN with partitioning Oracle @ CERN with partitioning,

Data Life Cycle Management for Oracle @ CERN with partitioning Oracle @ CERN with partitioning, compression, and archive. Luca Canali, CERN Orcan Conference, Stockholm, May 2010 y Outline Physics DB Services at CERN y Motivations for

657 views • 54 slides
Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution Cha rle

Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution Cha rle

Program Partitioning Program Partitioning for Secure E xecution for Secure E xecution Cha rle s W. O Do nne ll G. E dwa rd Suh Srini De va da s Se pte mb e r 24, 2004 4 th MI T CSAI L Co mpute r Arc hite c ture Wo rksho p

189 views • 15 slides
CS 5220: Graph Partitioning David Bindel 2017-11-07 1 Reminder: Sparsity and partitioning 1 2

CS 5220: Graph Partitioning David Bindel 2017-11-07 1 Reminder: Sparsity and partitioning 1 2

CS 5220: Graph Partitioning David Bindel 2017-11-07 1 Reminder: Sparsity and partitioning 1 2 3 4 5 Matrix Graph Want to partition sparse graphs so that Subgraphs are same size (load balance) Cut size is minimal (minimize

503 views • 31 slides
BACKEND DESIGN Circuit Partitioning Partitioning System Design Decomposition of a complex

BACKEND DESIGN Circuit Partitioning Partitioning System Design Decomposition of a complex

BACKEND DESIGN Circuit Partitioning Partitioning System Design Decomposition of a complex system into smaller subsystems. Each subsystem can be designed independently. Decomposition scheme has to minimize the interconnections

643 views • 10 slides
Recent Activities on R&D of Innovative Extractants and Adsorbents for Partitioning of Minor

Recent Activities on R&D of Innovative Extractants and Adsorbents for Partitioning of Minor

The Tenth OECD/NEA Information Exchange Meeting on Actinide and Fission Product Partitioning & Transmutation Mito, Japan, October 8, 2008 Recent Activities on R&D of Innovative Extractants and Adsorbents for Partitioning of Minor

447 views • 12 slides
Optimal Partitioning of Multicast Receivers Min Sik Kim minskim@cs.utexas.edu Co-authors: Simon

Optimal Partitioning of Multicast Receivers Min Sik Kim minskim@cs.utexas.edu Co-authors: Simon

Optimal Partitioning of Multicast Receivers Min Sik Kim minskim@cs.utexas.edu Co-authors: Simon Lam and Yang Yang Outline of Presentation Motivation Optimal Receiver Partitioning Max-min Fair Rate Optimal Partitioning

762 views • 16 slides
@andy_pavlo Part #1 Background Part # 2 Engineering Part # 3 Oracle Rant 3 AUTONOMOUS DBMSs

@andy_pavlo Part #1 Background Part # 2 Engineering Part # 3 Oracle Rant 3 AUTONOMOUS DBMSs

@andy_pavlo Part #1 Background Part # 2 Engineering Part # 3 Oracle Rant 3 AUTONOMOUS DBMSs SELF-ADAPTIVE DATABASES 1970-1990s Index Selection Self-Adaptive Partitioning / Sharding Databases Data Placement 3 AUTONOMOUS

960 views • 76 slides
KPart: A Hybrid Cache Sharing-Partitioning Technique for Commodity Multicores Nosayba EI-Sayed

KPart: A Hybrid Cache Sharing-Partitioning Technique for Commodity Multicores Nosayba EI-Sayed

KPart: A Hybrid Cache Sharing-Partitioning Technique for Commodity Multicores Nosayba EI-Sayed Anurag Mukkara Po-An Tsai Harshad Kasture Xiaosong Ma Daniel Sanchez Cache partitioning in commodity multicores 2 Partitioning

682 views • 28 slides

More recommend