encryption schemes
play

Encryption Schemes Akn nal ETH Zrich, Zrich, Switzerland - PowerPoint PPT Presentation

Oct 10, 2022 •333 likes •813 views

Impossibility Results for Lattice-Based Functional Encryption Schemes Akn nal ETH Zrich, Zrich, Switzerland auenal@inf.ethz.ch (Work done while the author was at KIT Karlsruhe Institute of Technology, Karlsruhe, Germany.) | | D-INFK

  1. Impossibility Results for Lattice-Based Functional Encryption Schemes Akın Ünal ETH Zürich, Zürich, Switzerland auenal@inf.ethz.ch (Work done while the author was at KIT – Karlsruhe Institute of Technology, Karlsruhe, Germany.) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 1

  2. Uniformly Random Public Matrices Learning with Errors [Reg05] A cryptographic hardness assumption… mod 𝑟 A A e s A b × + ≈ c Secret Vector with Gaussian Distributed Sufficient Entropy Noise Vector | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 2

  3. Learning with Errors [Reg05] A cryptographic hardness assumption… mod 𝑟 A A e s A b × + ≈ c with strong homomorphic properties which enables a lot of different cryptographic primitives: ▪ Fully Homomorphic Encryption [BV11] ▪ Lockable Obfuscation [GKW17, WZ17] ▪ Attribute-Based Encryption [GVW13, BGG+14] | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 2

  4. Learning with Errors [Reg05] A cryptographic hardness assumption… mod 𝑟 A A e s A b × + ≈ c with strong homomorphic properties which enables a lot of different cryptographic primitives: ▪ Fully Homomorphic Encryption [BV11] ▪ Lockable Obfuscation [GKW17, WZ17] But what about Functional Encryption? ▪ Attribute-Based Encryption [GVW13, BGG+14] | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 2

  5. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓ Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓ [BCFG17] Compact Cubic FE (Non-Compact ✓ ✓ Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  6. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓ Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓ [BCFG17] Compact Cubic FE (Non-Compact Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  7. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓  Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓  [BCFG17] Compact Cubic FE (Non-Compact ✓ ✓ Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  8. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓  Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓  [BCFG17] Compact Cubic FE (Non-Compact ✓ ✓ Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  9. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓  Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓  [BCFG17] Compact Cubic FE   (Non-Compact Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  10. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓  Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓  [BCFG17] This (+ additional assumptions) Compact Cubic FE   would imply Indistinguishability Obfuscation. [LT17] (Non-Compact Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  11. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓  Encryption [BJK15, DDM16, Lin17, ACF+18] By Compact Quadratic FE Linearization ✓  [BCFG17] Compact Cubic FE   (Non-Compact ✓ ✓ Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  12. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓  Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓  [BCFG17] Compact Cubic FE   (Non-Compact ✓ ✓ Const.-degree FE) (We do not list IBE, ABE and Bounded-Collusion FE here.) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  13. Comparing Functional Encryption Schemes Pairing-Based Schemes Lattice-Based Schemes Inner-Product Encryption ✓ ✓ [AFV11, ALS16] Function-Hiding Inner-Product ✓  Encryption [BJK15, DDM16, Lin17, ACF+18] Compact Quadratic FE ✓  [BCFG17] Compact Cubic FE   (Non-Compact ✓ ✓ Const.-degree FE) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 3

  14. Question What hinders us from constructing function-hiding inner-product encryption schemes whose security can be proven solely from the learning with errors assumption? Maybe fundamental mathematical barriers… | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 4

  15. Secret-Key Inner-Product Encryption 𝑜 . ▪ Messages and functions are vectors 𝑦, 𝑧 ∈ ℤ 𝑞 ▪ Setup( 1 𝜇 ) generates a master secret key msk. 𝑦〉 mod 𝑞 𝑧 aaa 𝑡𝑙 𝑧 , 𝑑𝑢 𝑦 | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 5

  16. Secret-Key Inner-Product Encryption 𝑜 . ▪ Messages and functions are vectors 𝑦, 𝑧 ∈ ℤ 𝑞 ▪ Setup( 1 𝜇 ) generates a master secret key msk. 𝑦〉 mod 𝑞 𝑧 KeyGen(msk, 𝑧 ) Enc(msk, 𝑦 ) aaa 𝑡𝑙 𝑧 , 𝑑𝑢 𝑦 | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 5

  17. Secret-Key Inner-Product Encryption 𝑜 . ▪ Messages and functions are vectors 𝑦, 𝑧 ∈ ℤ 𝑞 ▪ Setup( 1 𝜇 ) generates a master secret key msk. 𝑦〉 mod 𝑞 𝑧 KeyGen(msk, 𝑧 ) Enc(msk, 𝑦 ) aaa 𝑡𝑙 𝑧 , 𝑑𝑢 𝑦 Dec( 𝑡𝑙 𝑧 , 𝑑𝑢 𝑦 ) | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 5

  18. Selective Function-Hiding IND-CPA Security Challenger C Adversary A Insert good Compute face Insert 0 , 𝑔 0 , … , 𝑔 0 , (0) , … , 𝑦 𝑢 Draw 𝑦 1 here… 𝑛 1 evil face 1 , 𝑔 1 , … , 𝑔 1 ∈ ℤ 𝑞 𝑐 ← 0,1 , (1) , … , 𝑦 𝑢 𝑜 𝑦 1 here… 𝑛 1 msk ← Enc 1 𝜇 , s.t. (𝑐) ), 𝑑𝑢 𝑗 ← Enc(msk, 𝑦 𝑗 (0) 〉 = 𝑔 (1) 〉 0 1 ∀𝑗, 𝑘: 𝑔 𝑦 𝑘 𝑦 𝑘 𝑗 𝑗 (𝑐) ) 𝑡𝑙 𝑘 ← KeyGen(msk, 𝑔 𝑘 Dark Magic happens here… Adversary wins , if 𝑐 = 𝑐′ and for all 𝑗, 𝑘: 0 (0) 〉 = 𝑔 1 (1) 〉 𝑔 𝑦 𝑘 𝑦 𝑘 𝑗 𝑗 | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 6

  19. Selective Function-Hiding IND-CPA Security ▪ The advantage of the adversary 𝐵 is: Adv 𝐵 𝑛−𝑔ℎ−𝐽𝑂𝐸−𝐷𝑄𝐵 := 2 × Pr[ 𝐵 wins] – 1. ▪ For 𝑛 = 𝑛 𝜇 secret keys, the IPE scheme is called selectively m-function-hiding IND-CPA secure , if Adv 𝐵 𝑛−𝑔ℎ−𝐽𝑂𝐸−𝐷𝑄𝐵 ∈ negl (𝜇) for each ppt 𝐵 . ▪ The IPE scheme is called (unbounded) selectively function-hiding IND-CPA secure , if it is sel. m-function-hiding IND-CPA secure for each 𝑛 ∈ poly (𝜇) . | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 7

  20. Contribution Idealized Impossibility “Theorem”. There does not exist a lattice-based Inner-Product Encryption scheme which is function-hiding secure. This really has to mean something! Idea: Replace „lattice - based“ by common design patterns of lattice-based crypto-schemes. | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 8

  21. Common Design Patterns: Linear Decryption In most cases: ▪ Ciphertexts 𝑑𝑢 𝑦 and secret keys 𝑡𝑙 𝑔 are vectors over ℤ 𝑟 . ▪ Decryption has the following formula: Dec 𝒕𝒍 𝒈 , 𝒅𝒖 𝒚 ≔ ⟨𝑡𝑙 𝑔 | 𝑑𝑢 𝑦 ⟩ mod 𝑟 ∈ ℤ 𝑞 𝑟 𝑞 | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 9

  22. Common Design Patterns: Offline/Online-Encryption [HW14,AR17] Almost always: Encryption follows an offline/online-pattern. Offline Phase: compute arbitrary complex randomness without looking at input 𝑦 . Online Phase: combine randomness with 𝑦 in a very simple way (by evaluating const-degree polynomials at 𝑦 ). Enc (𝒏𝒕𝒍, 𝒚) : • Compute 𝑡 multinomial degree- 𝑒 integer polynomials 𝑡 ← Enc 𝑝𝑔𝑔 𝑛𝑡𝑙 . 𝑠 1 , … , 𝑠 𝑡 . • Compute and output 𝑑𝑢 𝑦 ≔ 𝑠 mod 𝑟 ∈ ℤ 𝑟 1 𝑦 , … , 𝑠 𝑡 𝑦 | | D-INFK – Foundations of Cryptography Akın Ünal EuroCrypt 2020, May 11 - 14 10

Recommend

Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul

ELmD Authenticated Encryption Scheme EME based Authenticated Encryption Schemes Comparative Study of ELmD with other EME based AEs Different Features of ELmD, EME Based Authenticated Encryption Schemes Nilanjan Datta and Mridul Nandi Indian

364 views • 20 slides
CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1

CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1

CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1 2 Joint work with: C. Boura, N. Gama, D. Jetchev 1 / 30 Homomorphic encryption Given ( c 1 , c 2 , . . . , c k ) = ( E ( m 1 ) , E ( m 2 ) , . . .

497 views • 48 slides
White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile

White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile

White-Box Security Notions for Symmetric Encryption Schemes ee 1 ede Lepoint 1 , 2 C ecile Delerabl Tancr` Pascal Paillier 1 Matthieu Rivain 1 CryptoExperts 1 , erieure 2 Ecole Normale Sup SAC 2013 Outline 1 What is white-box

406 views • 38 slides
Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M.

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M.

Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes C. Dobraunig 1 , M. Eichlseder 1 , T. Korak 1 , V. Lomn e 2 , F. Mendel 1 AsiaCrypt 2016 1 Graz University of Technology, Austria 2 ANSSI, Paris, France

602 views • 27 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse, Angelo De Caro, and David Pointcheval ENS, CNRS, INRIA, and PSL, 45 Rue dUlm, 75230 Paris Cedex 05, France {

535 views • 19 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Overview of the results The Framework Work in progress Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De Caro, and David Pointcheval Ecole normale sup erieure, CNRS, INRIA, PSL, Paris,

866 views • 71 slides
Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if

Quantum Authentication and Encryption with Key Recycling Or: How to Re-use a One-Time Pad Even if P = NP Safely & Feasibly Serge Fehr Louis Salvail CWI Amsterdam University of Montral Encryption & Authentication Schemes with

829 views • 62 slides
Stronger Security Guarantees for Authenticated Encryption Schemes Alexandra Boldyreva, Jean Paul

Stronger Security Guarantees for Authenticated Encryption Schemes Alexandra Boldyreva, Jean Paul

Ciphertext Fragmentation Distinguishable Decryption Failures Stronger Security Guarantees for Authenticated Encryption Schemes Alexandra Boldyreva, Jean Paul Degabriele , Kenny Paterson, and Martijn Stam DIAC Workshop - 5th July 2012 Boldyreva,

889 views • 49 slides
Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Homomorphic Encryption for Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption Homomorphic encryption (HE): encryption schemes that support computation on ciphertexts Consists of three functions: m c

548 views • 26 slides
Stronger Public Key Encryption Schemes Withstanding RAM Scraper Like Attacks Prof. C.Pandu Rangan

Stronger Public Key Encryption Schemes Withstanding RAM Scraper Like Attacks Prof. C.Pandu Rangan

Stronger Public Key Encryption Schemes Withstanding RAM Scraper Like Attacks Prof. C.Pandu Rangan Professor, Indian Institute of Technology - Madras, Chennai, India-600036. C.Pandu Rangan (IIT Madras) PKE Withstanding RAM Scrapers 1 / 40

444 views • 40 slides
Improving Speed and Security in Updatable Encryption Schemes Dan Boneh Saba Eskandarian

Improving Speed and Security in Updatable Encryption Schemes Dan Boneh Saba Eskandarian

Improving Speed and Security in Updatable Encryption Schemes Dan Boneh Saba Eskandarian Sam Kim Maurice Shih Stanford University Stanford University Stanford University Cisco Systems Key Rotation Key Rotation Good Reasons to

1.2k views • 109 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Definitions Constructions Active Adversaries Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv University January 3 17, 2012 Definitions Constructions Active Adversaries Section 1

1.33k views • 112 slides
McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes Ewan Fleischmann

McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes Ewan Fleischmann

McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes Ewan Fleischmann Christian Forler Stefan Lucks Bauhaus-Universit at Weimar FSE 2012 Fleischmann, Forler, Lucks. FSE 2012. McOE: A Family . . . 1

473 views • 28 slides
A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky INRIA / ENS, Paris Lattice-Based Crypto & Applications 1 Bar-Ilan University, Israel 2012 Lattice-Based Encryption Schemes 1. NTRU [Hoffstein,

849 views • 47 slides
Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice Minaud RHUL ISG seminar, November 24th 2016 Plan 1. Symmetric Searchable Encryption. 2. Leakage and Forward-Privacy. 3. Sophos and Diane schemes. 4.

479 views • 45 slides
Introduction to Authenticated Encryption 1 / 27 www.iaik.tugraz.at Interface K K N , A , C ,

Introduction to Authenticated Encryption 1 / 27 www.iaik.tugraz.at Interface K K N , A , C ,

On A SCON and I SAP About Two Authenticated Encryption Schemes Christoph Dobraunig October 2018 Designed by: . Mendel, M. Schl A SCON : C. Dobraunig, M. Eichlseder, F affer I SAP : C. Dobraunig, M. Eichlseder, S. Mangard, F . Mendel, T.

987 views • 40 slides
Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security

Summary Summary Security Proofs ---- Asymmetric Encryption Introduction without Redundancy Provable Security Asymmetric Encryption Rennes January 2004 New Schemes Joint work with Duong Hieu Phan David Pointcheval David Pointcheval

638 views • 8 slides
Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology

Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology

Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology Public Key Cryptography and the Geometry of Numbers 7 May 2010 1 / 19 Talk Agenda Encryption schemes with special features: 2 / 19 Talk Agenda

876 views • 71 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides

More recommend