indistinguishability theory
play

Indistinguishability Theory Ueli Maurer ETH Zurich FOSAD 2009, - PowerPoint PPT Presentation

Dec 24, 2022 •196 likes •1.12k views

Indistinguishability Theory Ueli Maurer ETH Zurich FOSAD 2009, Bertinoro, Sept. 2009. Distinguishing two objects: Distinguishing two objects: left or right? Distinguishing two types of numbers Set A: Set B: 2048-bit integers with exactly

  1. Indistinguishability Theory Ueli Maurer ETH Zurich FOSAD 2009, Bertinoro, Sept. 2009.

  2. Distinguishing two objects:

  3. Distinguishing two objects: left or right?

  4. Distinguishing two types of numbers Set A: Set B: 2048-bit integers with exactly 2048-bit integers with exactly 2 prime factors, each with at 3 prime factors, each with at least 512 bits. least 512 bits.

  5. Distinguishing two types of numbers Set A: Set B: 2048-bit integers with exactly 2048-bit integers with exactly 2 prime factors, each with at 3 prime factors, each with at least 512 bits. least 512 bits. 374095762974511873398056743981753957783254673845967825364509871 365295584882333644985766091852825640501638759879538762635485678 243091425765253648526374099125231764748985576600963327393947586 123498750533495862054987746524351089758393218367443278968764534 3127364987564354675092736565475849823142537584950243685261 left or right?

  6. Random vs. pseudo-random bit generator RBG PRBG output output sequence sequence

  7. Random vs. pseudo-random bit generator RBG PRBG output output sequence sequence 101100011101111001001110100010000011101100101110010111010001101 000011011010111101010001101011010100100101011110101000001101101 111000111011000101111010010101101001010110000101011010101101001 110011001001100010110100011100101010001011010100001111000101010 left or right?

  8. Distinguisher’s advantage D’s task: Guess left/right 50% 50% View Distinguisher D left / right

  9. � ✄ Distinguisher’s advantage D’s task: Guess left/right 50% 50% � /2 Prob(correct guess) = 0.5 + D ✁ I = I I I I I ✂ I I I I I I (D’s advantage) View Distinguisher D left / right

  10. ✞ ☎ ✞ Distinguisher’s advantage D’s task: Guess left/right 50% 50% Prob(correct guess) = 0.5 + ☎ /2 D ✆ I = I I I I I ✝ I I I I I I (D’s advantage) View ✆ I best D: I I I I I ✝ I I I I I I Distinguisher D left / right

  11. Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v

  12. ✔ ✘ ✔ ✡ ✔ ✔ ✓ ✗ ✎ ✍ ✡ ✔ ✙ ✙ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v Statistical distance: ✏✒✑ d ✟ V ✠ U ✔ PV (sum of red quantities) ☛✌☞ ✟✖✕

  13. ✜ ✩ ✩ ✜ ✫ ✬ ✭ ✭ ✩ ✩ ✩ ✩ ✩ ✩ ✩ ✣ ✩ ✩ ✩ ✥ ★ ✩ ✜ ✤ Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v Statistical distance: ✦✒✧ d ✚ V ✛ U ✩ PV (sum of red quantities) ✢✌✣ ✚✖✪ ✚ V ✛ U

  14. ✰ ✸ ✺ ✼ ✼ ✸ ✸ ✸ ✸ ✸ ✸ ✸ ✲ ✰ ✲ ✰ ✲ ✻ ✺ ✰ ✻ ✸ ✴ ✸ ✰ ✸ ✸ ✳ ✸ ✷ Distinguishing a RV V from a uniform RV U P (v) V 1 (uniform) V v Statistical distance: ✵✒✶ d ✮ V ✯ U ✸ PV (sum of red quantities) ✱✌✲ ✮✖✹ ✮ V ✯ U Possible interpretation: P ✮ V U d ✮ V ✯ U

  15. Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S

  16. Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ...

  17. Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior?

  18. ✽ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant!

  19. ✾ ▼ ✾ ◆ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ✿❁❀❃❂❅❄ ❆❈❇❉❇❊❇❋❄ ❀●✿❍❆■❇❊❇❊❇❏✿❑❀●▲ pS ❆ for ❖◗P❙❘ P❯❚❱❚❱❚ Characterized by:

  20. ❨ ❲ ❨ ❡ ❡ ❡ ❵ ❴ ❲ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ❳❁❨❃❩❅❬ ❭❈❪❉❪❊❪❋❬ ❨●❳❍❭■❪❊❪❊❪❏❳❑❨●❫ pS ❭ for ❛◗❜❙❝ ❜❯❞❱❞❱❞ Characterized by: abstraction called random system [Mau02] This description is minimal! ❳❍❭■❪❊❪❊❪❢❳ ❩❅❬ ❭■❪❊❪❊❪❋❬ Redundant (better) description: pS

  21. ♦ ❣ ✈ ✐ ✐ ✉ ✉ ✉ ♣ ❣ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ❤❁✐❃❥❅❦ ❧❈♠❉♠❊♠❋❦ ✐●❤❍❧■♠❊♠❊♠❏❤❑✐●♥ pS ❧ for q◗r❙s r❯t❱t❱t Characterized by: abstraction called random system [Mau02] This description is minimal! ❤❍❧■♠❊♠❊♠❢❤ ❥❅❦ ❧■♠❊♠❊♠❋❦ Redundant (better) description: pS Equivalence of systems: S T if same behavior

  22. ➁ ⑧ ❹ ❻ ➀ ❽ ❿ ❾ ❽ ❻ ❺ ② ② ❹ ❹ ⑨ ❹ ✇ ✇ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ①❁②❃③❅④ ⑤❈⑥❉⑥❊⑥❋④ ②●①❍⑤■⑥❊⑥❊⑥❏①❑②●⑦ pS ⑤ for ⑩◗❶❙❷ ❶❯❸❱❸❱❸ Characterized by: abstraction called random system [Mau02] This description is minimal! ①❍⑤■⑥❊⑥❊⑥❢① ③❅④ ⑤■⑥❊⑥❊⑥❋④ Redundant (better) description: pS Equivalence of systems: S T if same behavior ❼ S Realization of S from a RV (range ):

  23. ➒ ➐ ➐ ➐ ➐ ➐ ↕ ➄ ➒ ➊ ➄ ↔ ➔ ➑ ➣ → ➔ ➋ ➂ ➂ Discrete systems X , X , ... Y , Y , ... 1 2 1 2 S Description of S: pseudo-code, figures, text, ... What kind of mathematical object is the behavior? Only input-output behavior is relevant! ➃❁➄❃➅❅➆ ➇❈➈❉➈❊➈❋➆ ➄●➃❍➇■➈❊➈❊➈❏➃❑➄●➉ pS ➇ for ➌◗➍❙➎ ➍❯➏❱➏❱➏ Characterized by: abstraction called random system [Mau02] This description is minimal! ➃❍➇■➈❊➈❊➈❢➃ ➅❅➆ ➇■➈❊➈❊➈❋➆ Redundant (better) description: pS Equivalence of systems: S T if same behavior ➓ S Realization of S from a RV (range ): notion of independence

  24. Distinguishers X , X , ... Y , Y , ... 1 2 1 2 S D

  25. ➩ ➟ ➙ ➜ ➭ ➭ ➜ ➥ ➙ ➭ ➤ ➞ ➞ ➭ ➛ ➙ ➙ ➺ ➜ ➡ ➛ ➥ ➙ ➙ ➛ ➥ Distinguishers X , X , ... Y , Y , ... 1 2 1 2 S D ➯ pD ➥➫➩ ➥➫➩ ➥➫➩ PDS pS ➠➢➡ ➧❢➙ ➛➝➜ ➜➦➥➨➧❢➙ ➯ pD pS ➛➵➧➸➜ ➛➲➧➳➙ ➭➼➻❱➽❯➽❱➽❱➻ ➥➚➾ notation:

  26. ➱ ➘ ➹ ❒ ❒ ➹ ➱ ➘ ➹ ➮ ➶ ➴ ➶ ❒ ➪ ➪ ➶ ❐ ❒ ➪ ➱ ➬ ❰ ➪ ➪ ➪ Distinguishers X , X , ... Y , Y , ... 1 2 1 2 S D W = 0/1 ❮ pD ➱➫❐ ➱➫❐ ➱➫❐ PDS pS ➷➢➬ ✃❢➪ ➶➝➹ ➹➦➱➨✃❢➪ ❮ pD pS ➶➵✃➸➹ ➶➲✃➳➪ ❒➼Ï❱Ð❯Ð❱Ð❱Ï ➱➚Ñ notation:

  27. Ø Ø Ú × Ù Ø Ø Ø Ø × Û Ø Ø × Ø Ø × Õ Ú Ü Ý Ø Ø Ø Ø Ù Õ Ø Ø Ø Ò Ø Ø Õ Distinguishing advantage 2 equivalent views: S Z 0 S T 1 T D D D W = 0/1 W = 0/1 W = 0/1 PDS PDT D Ó S Ó W Ó W Ô T Ö✌× Õ✒Ø PDSTZ Ó W Z

  28. á ä ä ä ä ä ä ã ã á å á æ ä ä ã ç ä ä é Þ ä ä ä ä ä è ä æ á ã ä ä ä Þ å Distinguishing advantage 2 equivalent views: S Z 0 S T 1 T D D D W = 0/1 W = 0/1 W = 0/1 PDS PDT D ß S ß W ß W à T â✌ã á✒ä PDSTZ ß W Z ß S best (adaptive) D: à T

  29. í ï ð ð ð ð ð ó ñ ð í ò ï ð ï ñ ð ð í ð ð ê í ê ð ð ð ð õ ð ô ò í ï ð ê ð ð Distinguishing advantage 2 equivalent views: S Z 0 S T 1 T D D D W = 0/1 W = 0/1 W = 0/1 PDS PDT D ë S ë W ë W ì T î✌ï í✒ð PDSTZ ë W Z ë S best (adaptive) D: ì T ë S NA best non-adapt. D: ì T

  30. Game-winning S X , X , ... Y , Y , ... 1 2 1 2

  31. Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2

  32. Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2 D

  33. û ö ù ø Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2 D ÷ D D’s prob. of winning with queries: ú S

  34. ✁ ü ÿ þ ✁ ÿ þ ý ✁ ÿ þ Game-winning monotone binary output (MBO) 1 0 i game won S X , X , ... Y , Y , ... 1 2 1 2 D ý D D’s prob. of winning with queries: � S ✂☎✄ ý D Optimal (adaptive) D: � S maxD � S

Recommend

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation Dan Boneh Mark Zhandry Stanford University {dabo, zhandry}@cs.stanford.edu Abstract In this work, we show how to use indistinguishability

780 views • 49 slides
Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien Koutsos LSV, CNRS, ENS Paris-Saclay June 29, 2019 Adrien Koutsos (LSV, ENS PS) Indistinguishability June 29, 2019 1 / 34 Introduction Motivation

1.06k views • 76 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to

Simplifying Game-Based Definitions Indistinguishability up to correctness and its application to stateful AE Phillip Rogaway Yusi (James) Zhang University of California, Davis, USA C RYPTO 2018 1. Introduction 2. IND|C 3. Examples 1

523 views • 20 slides
Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations

Deciding Indistinguishability: A Decision Result for a Set of Cryptographic Game Transformations Adrien Koutsos March 13, 2018 Adrien Koutsos Deciding Indistinguishability March 13, 2018 1 / 37 Introduction 1 The Model 2 Game

746 views • 73 slides
Geo-indistinguishability: A Principled Approach to Location Privacy Kostas Chatzikokolakis CNRS,

Geo-indistinguishability: A Principled Approach to Location Privacy Kostas Chatzikokolakis CNRS,

Geo-indistinguishability: A Principled Approach to Location Privacy Kostas Chatzikokolakis CNRS, INRIA, LIX Ecole Polytechnique joint work with Miguel Andr es, Nicol as Bordenabe, Catuscia Palamidessi, Marco Stronati PRINCESS QIF Day,

478 views • 45 slides
PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse

PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse

PhD Defense Symbolic Proofs of Computational Indistinguishability Adrien Koutsos Thse prpare au sein du LSV, ENS Paris-Saclay September 27, 2019 Introduction Motivation Security Protocols Distributed programs which aim at providing some

1.55k views • 142 slides
Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov Gil Segev Hebrew University This Talk A framework for proving impossibility results for commonly-used non-black-box techniques Limits on

596 views • 22 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Voice-Indistinguishability Protecting Voiceprint in Privacy-Preserving Speech Data Release

Voice-Indistinguishability Protecting Voiceprint in Privacy-Preserving Speech Data Release

Voice-Indistinguishability Protecting Voiceprint in Privacy-Preserving Speech Data Release Yaowei Han, Sheng Li, Yang Cao, Qiang Ma, Masatoshi Yoshikawa Department of Social Informatics, Kyoto University, Kyoto, Japan 1 National Institute of

611 views • 27 slides
Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS,

Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS,

Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS, France November 16th, 2016 VIP in a nutshell V erifiation of I ndistinguishability P roperties Projet JCJC Jeunes Chercheuses Jeunes Chercheurs

488 views • 31 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
Verification of Indistinguishability Properties Stphanie Delaune LSV, CNRS & ENS Cachan

Verification of Indistinguishability Properties Stphanie Delaune LSV, CNRS & ENS Cachan

Verification of Indistinguishability Properties Stphanie Delaune LSV, CNRS & ENS Cachan & INRIA Saclay le-de-France, France Thursday, October 11th, 2012 S. Delaune (LSV) VIP project 11th October 2012 1 / 30 VIP in a nutshell

673 views • 63 slides
Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek

Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek

Patchable (Indistinguishability) Obfuscation: iO for evolving software Prabhanjan Abhishek Amit Ananth Jain Sahai Software Evolution 1990 Software Evolution 1990 1995 Software Evolution 1997 1990 1995 Software Evolution 1997 1990

1.03k views • 78 slides
SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? ! What does a theory consist of?

SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? ! What does a theory consist of?

SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? ! What does a theory consist of? (e.g. what are the elements of a theory?) ! Answer: A theory is a proposition or a set of interrelated propositions that purports to explain a given

379 views • 12 slides
SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? What does a theory consist of?

SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? What does a theory consist of?

SOCIOLOGICAL THEORY: A SCIENTIFIC APPROACH What is a theory? What does a theory consist of? (e.g. what are the elements of a theory?) Answer: A theory is a proposition or a set of interrelated propositions that purports to explain a

322 views • 9 slides
General motivations Model theory Recursion theory Lambda calculus Set theory

General motivations Model theory Recursion theory Lambda calculus Set theory

A N INTERACTIVE SEMANTICS FOR CLASSICAL PROOFS Michele Basaldella JAIST February 19, 2013 I NTRODUCTION General motivations Model theory Recursion theory Lambda calculus Set theory Lattice theory Domain theory . . .

995 views • 57 slides
Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit. Theory alone can bring forth and develop the spirit of inventions Louis Pasteur, 1822-1895 Practice : It is a capital mistake to theorize before

548 views • 42 slides
Crystal Field Theory (Text : JD Lee; pp.204-222) This theory ( CFT ) largely replaced VB Theory

Crystal Field Theory (Text : JD Lee; pp.204-222) This theory ( CFT ) largely replaced VB Theory

Crystal Field Theory (Text : JD Lee; pp.204-222) This theory ( CFT ) largely replaced VB Theory for interpreting the chemistry of coordination compounds. It was proposed by the physicist Hans Bethe in 1929. Subsequent modifications were

372 views • 26 slides
Lectures 34: Consumer Theory Alexander Wolitzky MIT 14.121 1 Consumer Theory Consumer theory

Lectures 34: Consumer Theory Alexander Wolitzky MIT 14.121 1 Consumer Theory Consumer theory

Lectures 34: Consumer Theory Alexander Wolitzky MIT 14.121 1 Consumer Theory Consumer theory studies how rational consumer chooses what bundle of goods to consume. Special case of general theory of choice. Key new assumption: choice sets defined

1.04k views • 42 slides
CMS: Theory efforts & synergies CMS theory overview Theory groups have core strengths in

CMS: Theory efforts & synergies CMS theory overview Theory groups have core strengths in

CMS: Theory efforts & synergies CMS theory overview Theory groups have core strengths in perturbativ several areas directed towards LHC physics e QCD Strong record in marking the path for experimental studies, generating exciting

325 views • 21 slides
Rudimentary Constructive Set Theory Set Theory, Model Theory, Generalized Quantifiers and

Rudimentary Constructive Set Theory Set Theory, Model Theory, Generalized Quantifiers and

Rudimentary Constructive Set Theory Set Theory, Model Theory, Generalized Quantifiers and Foundations of Mathematics: Joukos birthday conference! Meeting in Honor of Jouko V a an anens Sixtieth Birthday 16-18 September 2010 .

460 views • 33 slides
EXCHANGE THEORY Chapter 3 Leader Member Exchange Theory 2 Initially the theory described the

EXCHANGE THEORY Chapter 3 Leader Member Exchange Theory 2 Initially the theory described the

LEADER-MEMBER EXCHANGE THEORY Chapter 3 Leader Member Exchange Theory 2 Initially the theory described the nature of in groups and out groups called the vertical dyad linkage theory Focuses on the ongoing relationship that leaders and

536 views • 19 slides

More recommend