homomorphic smooth projective hashing
play

Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . - PowerPoint PPT Presentation

Sep 27, 2023 •506 likes •955 views

KDM-Security via Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . . key-dependent message security. [ Black Rogaway Shrimpton 02 ] this work. unifying framework with a simple proof of security enc pk ( sk )

  1. KDM-Security via Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . .

  2. key-dependent message security. [ Black Rogaway Shrimpton 02 ] this work. unifying framework with a simple proof of security “ enc pk ( sk ) ” . . . . . . . .

  3. this work. unifying framework with a simple proof of security “ enc pk ( sk ) ” key-dependent message security. [ Black Rogaway Shrimpton 02 ] ▶ applications: formal methods [ Adão Bana Herzog Scedrov 05 ] , credentials [ Camenisch Lysyanskaya 01 ] , fully homomorphic encryption [ Gentry 09 ] . . . . . . . .

  4. this work. unifying framework with a simple proof of security “ enc pk ( sk ) ” key-dependent message security. [ Black Rogaway Shrimpton 02 ] ▶ many constructions [ Boneh Halevi Hamburg Ostrovsky 08, Applebaum Cash Peikert Sahai 09, Brakerski Goldwasser 10, Brakerski Vaikuntanathan 11, Barak Haitner Hofheinz Ishai 10, Brakerski Goldwasser Kalai 11, Malkin Teranishi Yung 11, Applebaum 11, ... ] . . . . . . . .

  5. “ enc pk ( sk ) ” key-dependent message security. [ Black Rogaway Shrimpton 02 ] ▶ many constructions [ Boneh Halevi Hamburg Ostrovsky 08, Applebaum Cash Peikert Sahai 09, Brakerski Goldwasser 10, Brakerski Vaikuntanathan 11, Barak Haitner Hofheinz Ishai 10, Brakerski Goldwasser Kalai 11, Malkin Teranishi Yung 11, Applebaum 11, ... ] this work. unifying framework with a simple proof of security . . . . . . . .

  6. + map Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk . . . . . . . .

  7. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) determined given µ ( sk ) where µ is lossy . . . . . . . .

  8. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) witness r . . . . . . . .

  9. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) − ( smoothness ) Λ sk ( C / ∈ G y ) random given µ ( sk ) . . . . . . . .

  10. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C . . . . . . . .

  11. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C subgroup assumption. uniform ( G y ) ≈ c uniform ( G ) . . . . . . . .

  12. x y g r g ar g x ay r i.e. c x c y x y c c G g x ay x y x y g r g ar g xr ayr random given x ay and r r Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C DDH instantiation. [ Cramer Shoup 98 ] − pp = ( g , g a ) , G y = ( g r , g ar ) ⊂ G = G 2 − DDH assumption ⇔ uniform ( G y ) ≈ c uniform ( G ) . . . . . . . .

  13. x y g r g ar g x ay r i.e. g x ay x y x y g r g ar g xr ayr random given x ay and r r Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C DDH instantiation. [ Cramer Shoup 98 ] − pp = ( g , g a ) , G y = ( g r , g ar ) ⊂ G = G 2 0 c y − Λ ( x , y ) ( c 0 , c 1 ) = c x 1 . . . . . . . .

  14. g x ay x y x y g r g ar g xr ayr random given x ay and r r Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C DDH instantiation. [ Cramer Shoup 98 ] − pp = ( g , g a ) , G y = ( g r , g ar ) ⊂ G = G 2 0 c y − Λ ( x , y ) ( c 0 , c 1 ) = c x 1 i.e. Λ ( x , y ) ( g r , g ar ) = ( g x + ay ) r . . . . . . . .

  15. x y g r g ar g xr ayr random given x ay and r r Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C DDH instantiation. [ Cramer Shoup 98 ] − pp = ( g , g a ) , G y = ( g r , g ar ) ⊂ G = G 2 0 c y − Λ ( x , y ) ( c 0 , c 1 ) = c x 1 i.e. Λ ( x , y ) ( g r , g ar ) = ( g x + ay ) r − µ ( x , y ) = g x + ay . . . . . . . .

  16. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C DDH instantiation. [ Cramer Shoup 98 ] − pp = ( g , g a ) , G y = ( g r , g ar ) ⊂ G = G 2 0 c y − Λ ( x , y ) ( c 0 , c 1 ) = c x 1 i.e. Λ ( x , y ) ( g r , g ar ) = ( g x + ay ) r − µ ( x , y ) = g x + ay − Λ ( x , y ) ( g r , g ar ′ ) = g ( xr + ayr ′ ) random given x + ay and r ̸ = r ′ . . . . . . . .

  17. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C cpa-secure encryption. Λ sk ( · ) as one-time pad − gen ( pp ) : ( pk , sk ) , pk = µ ( sk ) r − enc pk ( m ) : ( C , Λ sk ( C ) · m ) , C ← G y � �� � pub ( pk , C , r ) . . . . . . . .

  18. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C cpa-secure encryption. Λ sk ( · ) as one-time pad − gen ( pp ) : ( pk , sk ) , pk = µ ( sk ) r − enc pk ( m ) : ( C , Λ sk ( C ) · m ) , C ← G y − dec sk ( C , ψ ) : Λ sk ( C ) − 1 · ψ . . . . . . . .

  19. C sk C c C sk C s C random C r r r C C y Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C cpa-secure encryption. Λ sk ( · ) as one-time pad − gen ( pp ) : ( pk , sk ) , pk = µ ( sk ) r − enc pk ( m ) : ( C , Λ sk ( C ) · m ) , C ← G y subgroup + smoothness ⇒ cpa-security . . . . . . . .

  20. s C random C r Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C cpa-secure encryption. Λ sk ( · ) as one-time pad − gen ( pp ) : ( pk , sk ) , pk = µ ( sk ) r − enc pk ( m ) : ( C , Λ sk ( C ) · m ) , C ← G y subgroup + smoothness ⇒ cpa-security ( C , Λ sk ( C )) C ←G y ≈ c ( C , Λ sk ( C )) C r r ←G . . . . . . . .

  21. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C cpa-secure encryption. Λ sk ( · ) as one-time pad − gen ( pp ) : ( pk , sk ) , pk = µ ( sk ) r − enc pk ( m ) : ( C , Λ sk ( C ) · m ) , C ← G y subgroup + smoothness ⇒ cpa-security ( C , Λ sk ( C )) C ←G y ≈ c ( C , Λ sk ( C )) C ←G ≈ s ( C , random ) C r r r ←G . . . . . . . .

  22. Projective Hashing definition. projective hash function for G ⊇ G y [ Cramer Shoup 02 ] − family Λ sk ( C ∈ G ) indexed by sk + map µ − ( projective ) Λ sk ( C ∈ G y ) = pub ( µ ( sk ) , C , r ) r − ( smoothness ) Λ sk ( C ← G ) random given µ ( sk ) , C cpa-secure encryption. Λ sk ( · ) as one-time pad − gen ( pp ) : ( pk , sk ) , pk = µ ( sk ) r − enc pk ( m ) : ( C , Λ sk ( C ) · m ) , C ← G y subgroup + smoothness ⇒ cpa-security ( C , Λ sk ( C )) C ←G y ≈ c ( C , Λ sk ( C )) C ←G ≈ s ( C , random ) C r r r ←G . . . . . . . .

  23. i.e. sk C C sk C sk C , if is homomorphic sk theorem. CPA scheme is KDM secure e , subgroup C C C e C 1. r c r y y 2. note. only use smoothness for CPA security. KDM security definition. ( gen , enc , dec ) is KDM secure w.r.t. F if sim ( pk , f ) ≈ c enc pk ( f ( sk )) for all f ∈ F . . . . . . . .

Recommend

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim)

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim)

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim) (SP)2H 1 / 25 Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25 Global

940 views • 46 slides
Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective

Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective

Irrationality of quotient varieties Urban Jezernik University of the Basque Country Funded by EU Horizon 2020 under MScgrant 748129 Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective variety X rk

756 views • 28 slides
The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties

The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties

The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties Yongqiang (Ted) Liu (Joint work with Nero Budur and Botong Wang) KU Leuven Geometry, Algebra and Combinatorics of Moduli Spaces and Configurations

551 views • 40 slides
Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing? Distribute key/value pairs across bins with a hash function , Hashing Performance Hashing (Application of Probability) which maps elements from

497 views • 3 slides
Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi Outline n Background n Cryptographic Reverse Firewall n Part

639 views • 52 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.25k views • 98 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.5k views • 58 slides
Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic Encryption Group Homomorphism: Two groups G and G are homomorphic if there exists a function (homomorphism) f:G G such that for all x,y G,

1.79k views • 165 slides
Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with

Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with

Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with Tim STEGER University of Sassari Luminy, 25 February - 1 March 2018. 1 A fake projective plane is a smooth compact complex surface, not

716 views • 47 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion & UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview Intro to Hashing Hashing with Chaining Hashing Performance Hash Families Balls and Bins Load Balancing Universal Hashing

726 views • 18 slides
Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting Design a hashtable Identify the applications that require the hashtable data structure Understand the terminology of hashtables Distinguish between

319 views • 14 slides
Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia

Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia

Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia Iliashenko Frederik Vercauteren Homomorphic encryption cryp 175.2 {#*| Homomorphic encoding real-world data plaintext ciphertext

512 views • 40 slides
Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point:

Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point:

Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point: For the fundamental matrix: Ambiguity Projective ambiguity 2D projective plane Ideal points: Conics FIVE POINTS DEFIN E A CONIC Dual conics

519 views • 31 slides
Homomorphic Secret Sharing & Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing & Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing & Applications from Lattice-Based Assumptions Elette Boyle Many slides taken/adapted from Geoffroy Couteau, Lisa Kohl, & Peter Scholl Fully Homomorphic Encryption (FHE) Supports homomorphic

791 views • 40 slides
Database Systems Index: Hashing Based on slides by Feifei Li, University of Utah Hashing n

Database Systems Index: Hashing Based on slides by Feifei Li, University of Utah Hashing n

Database Systems Index: Hashing Based on slides by Feifei Li, University of Utah Hashing n Hash-based indexes are best for equality selections . Cannot support range searches. n Static and dynamic hashing techniques exist. 2 Static Hashing n #

454 views • 41 slides
Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California, Berkeley and Microsoft Research September 3, 2015 Homomorphic Encryption Homomorphic Encryption Consider a public key cryptosystem, and operations

777 views • 35 slides
Last time 6.891 Computer Vision and Applications Projective SFM Projective spaces Prof.

Last time 6.891 Computer Vision and Applications Projective SFM Projective spaces Prof.

Last time 6.891 Computer Vision and Applications Projective SFM Projective spaces Prof. Trevor. Darrell Cross ratio Factorization algorithm Lecture 11: Model-based vision Hypothesize and test Euclidean upgrade

481 views • 11 slides
Projective superspace Ariunzul Davgadorj Masaryk University, Czech Republic New Frontiers in

Projective superspace Ariunzul Davgadorj Masaryk University, Czech Republic New Frontiers in

Motivation for using Projective superspace Review of Projective superspace Super Yang-Mills theory in Projective superspace framework Summary Projective superspace Ariunzul Davgadorj Masaryk University, Czech Republic New Frontiers in String

519 views • 24 slides
Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Algorithm : Design & Analysis Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed Address Hashing Open Address Hashing Hash Functions Array Doubling and Amortized Analysis Union-Find

618 views • 33 slides
Hashing () Hashing () K08

Hashing () Hashing () K08

Hashing () Hashing () K08 / 1 Ecient implementation

828 views • 56 slides
Lecture 8: Hashing I Lecture Overview Dictionaries and Python Motivation Prehashing

Lecture 8: Hashing I Lecture Overview Dictionaries and Python Motivation Prehashing

Lecture 8 Hashing I 6.006 Fall 2011 Lecture 8: Hashing I Lecture Overview Dictionaries and Python Motivation Prehashing Hashing Chaining Simple uniform hashing Good hash functions Dictionary Problem Abstract

452 views • 21 slides
Hashing Hashing What is it? A form of narcotic intake? A side order for your eggs? A

Hashing Hashing What is it? A form of narcotic intake? A side order for your eggs? A

Hashing Hashing What is it? A form of narcotic intake? A side order for your eggs? A combination of the two? Hashing 1 Problem RT&T is a large phone company, and they want to provide caller ID capability: - given a phone number,

267 views • 14 slides

More recommend