d j q all over again tighter and broader reductions of q
play

Dj Q All Over Again: Tighter and Broader Reductions of q -Type - PowerPoint PPT Presentation

Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Dj Q All Over Again: Tighter and Broader Reductions of q -Type Assumptions Melissa Chase - MSR Redmond Mary Maller - University College London


  1. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q All Over Again: Tighter and Broader Reductions of q -Type Assumptions Melissa Chase - MSR Redmond Mary Maller - University College London Sarah Meiklejohn - University College London 1/31

  2. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions 2/31

  3. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Subgroup Hiding ⇒ certain q-Type Assumptions 3/31

  4. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Example: Broadcast Encryption Methods of delivering encrypted content over a broadcast channel where only qualified users can decrypt the content. Example Boneh Gentry and Waters’ broadcast encryption scheme [BGW-Crypto05]. ◮ Pairing based solution ◮ Short ciphertexts and private keys ◮ Collusion resistant 4/31

  5. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions The q -BDHE Assumption The BGW broadcast encryption scheme bases its security on the q -BDHE assumption [BGW-Crypto05]. Given g , g c , g α ,..., g α q , g α q + 2 ,..., g α 2 q it is hard to distinguish e ( g , g c ) q + 1 from random. 5/31

  6. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions The q -BDHE Assumption The BGW broadcast encryption scheme bases its security on the q -BDHE assumption [BGW-Crypto05]. Given g , g c , g α ,..., g α q , ? , g α q + 2 ,..., g α 2 q it is hard to distinguish e ( g , g c ) q + 1 from random. 5/31

  7. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q: Using Dual Systems to Revisit q -Type Assumptions [CM-Eurocrypt14] Subgroup Hiding Specific classes of q -type & ⇒ assumptions in asymmetric Parameter Hiding bilinear groups of order N = p 1 p 2 1 . Pr [ break q -type assumption ] ≤ O ( q ) Pr [ break subgroup hiding ] 1 Asymmetric composite order bilinear groups do exist - see [BRS-JNT11]. 6/31

  8. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions [CM-Eurocrypt14]: Contributions Decides Computes Source Group given info in one group given info in both groups Target Group given info in one group given info in both groups q -BDHE 7/31

  9. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Contributions: Broader Decides Computes Source Group given info in one group given info in both groups Target Group given info in one group given info in both groups q -BDHE 8/31

  10. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Contributions: Tighter Subgroup Hiding Specific classes of q -type & ⇒ assumptions in asymmetric Parameter Hiding bilinear groups of order N = p 1 p 2 p 3 . Pr [ break q -type assumption ] ≤ O ( log q ) Pr [ break subgroup hiding ] 9/31

  11. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Outline of Presentation 10/31

  12. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Bilinear Groups Standard Bilinear Groups: G = ( N , G , H , G T , e , g , h ) . ◮ N = group order; prime or composite ◮ | G | = | H | = kN , | G T | = λ N ◮ G = < g > , H = < h > ◮ e : G × H → G T Properties Bilinearity: e ( g a , h b ) = e ( g , h ) ab Non-degeneracy: e ( x , y ) = 1 ∀ y ∈ H ⇒ x = 1 . 11/31

  13. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Subgroup Hiding [BGN - TCC05] 12/31

  14. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Subgroup Hiding [BGN - TCC05] 12/31

  15. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Subgroup Hiding [BGN - TCC05] 12/31

  16. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Parameter Hiding [Lewko-Eurocrypt12] 13/31

  17. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Parameter Hiding [Lewko-Eurocrypt12] 13/31

  18. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Parameter Hiding [Lewko-Eurocrypt12] 13/31

  19. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Parameter Hiding [Lewko-Eurocrypt12] 13/31

  20. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Outline of Presentation 14/31

  21. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Reductions we can Cover 15/31

  22. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Aim of Reduction Model q -type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14] 16/31

  23. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Aim of Reduction Model q -type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14] 16/31

  24. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Aim of Reduction Model q -type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14] 16/31

  25. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Aim of Reduction Model q -type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14] 16/31

  26. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Aim of Reduction Model q -type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14] 16/31

  27. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Aim of Reduction Model q -type assumption as a game. Transition to statistically impossible game. [CM-Eurocrypt14] 16/31

  28. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q: Reduction Techniques 17/31

  29. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q: Reduction Techniques 17/31

  30. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q: Reduction Techniques 17/31

  31. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q: Reduction Techniques 17/31

  32. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q: Reduction Techniques 17/31

  33. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Tight Reduction Techniques Double the randomness. 18/31

  34. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Tight Reduction Techniques Double the randomness. 18/31

  35. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Tight Reduction Techniques Double the randomness. 18/31

  36. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Tight Reduction Techniques Double the randomness. 18/31

  37. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Tight Reduction Techniques Double the randomness. 18/31

  38. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Our Tight Reduction Techniques Double the randomness. 18/31

  39. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Result Given g ρ 1 ( x ) ,..., g ρ q ( x ) , h σ 1 ( x ) ,..., h σ q ( x ) ˆ h Then h ) f ( x ) from random ] Adv [ Deciding e ( g , ˆ ≤ ( 3 + log ( q + 2 )) Pr [ Breaks Subgroup Hiding ] 19/31

  40. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Result Subgroup Hiding Specific classes of q -type & ⇒ assumptions in asymmetric Parameter Hiding bilinear groups of order N = p 1 p 2 p 3 . Pr [ break q -type assumption ] ≤ O ( log q ) Pr [ break subgroup hiding ] 20/31

  41. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Outline of Presentation 21/31

  42. Asiacrypt 2016, Hanoi Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Example: Broadcast Encryption Methods of delivering encrypted content over a broadcast channel where only qualified users can decrypt the content. Example Boneh Gentry and Waters’ broadcast encryption scheme [BGW-Crypto05]. ◮ Pairing based solution ◮ Short ciphertexts and private keys ◮ Collusion resistant 22/31

Recommend


More recommend