lossy encryption from general assumptions
play

Lossy Encryption from General Assumptions Brett Hemenway and Rafail - PowerPoint PPT Presentation

Feb 09, 2024 •268 likes •1.84k views

Lossy Encryption from General Assumptions Brett Hemenway and Rafail Ostrovsky Crypto in the Clouds Workshop, MIT August 5, 2009 Brett Hemenway and Rafail Ostrovsky Outline Motivation Definitions Our Results Brett Hemenway and Rafail

  1. Selective Opening Security: Indistinguishability [BHY09] IND-SO-ENC (Real) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ b ← A ((( m i , r i )) i ∈ I , ( m 1 , . . . , m n )) IND-SO-ENC (Ideal) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ ( m ′ 1 , . . . , m ′ n ) ← M | M I ◮ b ← A ((( m i , r i )) i ∈ I , ( m ′ 1 , . . . , m ′ n )) Brett Hemenway and Rafail Ostrovsky

  2. Selective Opening Security: Indistinguishability [BHY09] IND-SO-ENC (Real) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ b ← A ((( m i , r i )) i ∈ I , ( m 1 , . . . , m n )) IND-SO-ENC (Ideal) ◮ ( m 1 , . . . , m n ) ← M ◮ r 1 , . . . , r n ← coins( E ) ◮ I ← A (( E ( m 1 , r i ) , . . . , E ( m n , r n )) ◮ ( m ′ 1 , . . . , m ′ n ) ← M | M I ◮ b ← A ((( m i , r i )) i ∈ I , ( m ′ 1 , . . . , m ′ n )) A IND − SO − ENC − REAL = 1 A IND − SO − ENC − IDEAL = 1 � � � � �� � Pr − Pr � < ν Brett Hemenway and Rafail Ostrovsky

  3. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  4. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  5. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  6. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Brett Hemenway and Rafail Ostrovsky

  7. Lossy Encryption in Detail G (1 λ , mode ) , E ( pk , m , r ) , D ( sk , c ) Correctness: Lossiness: For all m , r For all m 0 , m 1 { E ( pk L , m 0 , r ) } ≈ s { E ( pk L , m 1 , r ) } D ( E ( pk I , m , r )) = m Indistinguishability { pk I : pk I ← G (1 λ , Injective ) } ≈ c { pk L : pk L ← G (1 λ , Lossy ) } Notice: Indistinguishability + Lossiness = ⇒ IND-CPA security Brett Hemenway and Rafail Ostrovsky

  8. Lossy Encryption is IND-SO-ENC Secure (BHY09) In Lossy mode, the distributions ( E ( m 1 , r 1 ) , . . . , E ( m n , r n )) ≈ s ( E ( m ′ 1 , r 1 ) , . . . , E ( m ′ n , r n )) Since the encryptions are statistically independent of the messages, so even after conditioning on certain openings, the rest remain independent of the messages. Brett Hemenway and Rafail Ostrovsky

  9. ReRandomizable Encryption Brett Hemenway and Rafail Ostrovsky

  10. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. Brett Hemenway and Rafail Ostrovsky

  11. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. ◮ There exists a function ReRand such that for all pk , m , r , r ′ Brett Hemenway and Rafail Ostrovsky

  12. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. ◮ There exists a function ReRand such that for all pk , m , r , r ′ ◮ Correctness: D (ReRand( E ( pk , m , r ))) = m Brett Hemenway and Rafail Ostrovsky

  13. ReRandomizable Encryption ◮ ( G , E , D ) is semantically secure. ◮ There exists a function ReRand such that for all pk , m , r , r ′ ◮ Correctness: D (ReRand( E ( pk , m , r ))) = m ◮ Statistical rerandomization: { ReRand( E ( pk , m , r )) } ≈ s { ReRand( E ( pk , m , r ′ )) } Brett Hemenway and Rafail Ostrovsky

  14. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Brett Hemenway and Rafail Ostrovsky

  15. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Caution: this is not necessarily statistically re-randomizing. Brett Hemenway and Rafail Ostrovsky

  16. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Caution: this is not necessarily statistically re-randomizing. It is statistically re-randomizing for all known homomorphic cryptosystems. Brett Hemenway and Rafail Ostrovsky

  17. Homomorphic Encryption If E ( pk , m , r ) E ( pk , m ′ , r ′ ) = E ( pk , m + m ′ , r ∗ ), then we can re-randomize by doing ReRand( E ( pk , m , r )) = E ( pk , m , r ) E ( pk , 0 , r ′ ) . Caution: this is not necessarily statistically re-randomizing. It is statistically re-randomizing for all known homomorphic cryptosystems. If you can sample statistically close to uniformly from the set of encryptions of 0 then homomorphic encryption is statistically rerandomizable Brett Hemenway and Rafail Ostrovsky

  18. Outline Motivation Definitions Our Results Brett Hemenway and Rafail Ostrovsky

  19. Our Results Brett Hemenway and Rafail Ostrovsky

  20. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  21. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: Brett Hemenway and Rafail Ostrovsky

  22. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik Brett Hemenway and Rafail Ostrovsky

  23. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. Brett Hemenway and Rafail Ostrovsky

  24. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  25. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  26. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  27. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption ◮ CCA2 Selective Opening Secure definitions and constructions Brett Hemenway and Rafail Ostrovsky

  28. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption ◮ CCA2 Selective Opening Secure definitions and constructions ◮ Constructions from statistically-hiding NIZKs in the simulation-based model Brett Hemenway and Rafail Ostrovsky

  29. Our Results ◮ ReRandomizable Encryption “is” Lossy Encryption ◮ A framework for creating Lossy Encryption: ◮ Applying the results of [BHY09] gives: ◮ Goldwasser-Micali ◮ El-Gamal ◮ Paillier / Damg˚ ard-Jurik ◮ The first proof that Paillier/Damg˚ ard-Jurik is SEM-SO-ENC secure. This is the most efficient known SEM-SO-ENC cryptosystem. ◮ Statistically Hiding-OT implies Lossy Encryption ◮ PIR implies Lossy Encryption ◮ Homomorphic Encryption implies Lossy Encryption ◮ CCA2 Selective Opening Secure definitions and constructions ◮ Constructions from statistically-hiding NIZKs in the simulation-based model ◮ Constructions from Lossy-Trapdoor Functions in the indistinguishability-based model Brett Hemenway and Rafail Ostrovsky

  30. ReRandomizable Encryption “is” Lossy Encryption Brett Hemenway and Rafail Ostrovsky

  31. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. Brett Hemenway and Rafail Ostrovsky

  32. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . Brett Hemenway and Rafail Ostrovsky

  33. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . Brett Hemenway and Rafail Ostrovsky

  34. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . ◮ Decryption is the same as for the ReRandomizable scheme. Brett Hemenway and Rafail Ostrovsky

  35. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . ◮ Decryption is the same as for the ReRandomizable scheme. This is lossy if b 0 = b 1 , and injective if b 0 � = b 1 . Brett Hemenway and Rafail Ostrovsky

  36. ReRandomizable Encryption “is” Lossy Encryption ◮ Let ( G , E , D , ReRand) be a ReRandomizable Encryption. ◮ Let ( pk , sk ) ← G e 0 = E ( pk , b 0 , r 0 ), e 1 = E ( pk , b 1 , r 1 ). Define PK = ( pk , e 0 , e 1 ), SK = sk . ◮ Encryption of b will be ReRand( e b ) . ◮ Decryption is the same as for the ReRandomizable scheme. This is lossy if b 0 = b 1 , and injective if b 0 � = b 1 . The indistinguishability of modes follows immediately from the Semantic Security of ( G , E , D ). Brett Hemenway and Rafail Ostrovsky

  37. For Homomorphic Encryption Brett Hemenway and Rafail Ostrovsky

  38. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then Brett Hemenway and Rafail Ostrovsky

  39. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then ◮ We can make lossy encryption, simply by setting PK = ( pk , e ) where e = E ( pk , 0 , r ) in Lossy Mode and E ( pk , 1 , r ) in injective mode. Brett Hemenway and Rafail Ostrovsky

  40. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then ◮ We can make lossy encryption, simply by setting PK = ( pk , e ) where e = E ( pk , 0 , r ) in Lossy Mode and E ( pk , 1 , r ) in injective mode. ◮ Encryption of m is just e m · E ( pk , 0 , r ). Brett Hemenway and Rafail Ostrovsky

  41. For Homomorphic Encryption ◮ If ( G , E , D ) is homomorphic and E ( pk , 0 , r ) is statistically close to uniform on the set of encryptions of 0, then ◮ We can make lossy encryption, simply by setting PK = ( pk , e ) where e = E ( pk , 0 , r ) in Lossy Mode and E ( pk , 1 , r ) in injective mode. ◮ Encryption of m is just e m · E ( pk , 0 , r ). ◮ Decryption is the same. Brett Hemenway and Rafail Ostrovsky

  42. Oblivious Transfer Implies Lossy Encryption Sender Receiver Brett Hemenway and Rafail Ostrovsky

  43. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Sender Receiver Brett Hemenway and Rafail Ostrovsky

  44. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Brett Hemenway and Rafail Ostrovsky

  45. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Q b ( x 0 , x 1 ; r ) Brett Hemenway and Rafail Ostrovsky

  46. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Q b ( x 0 , x 1 ; r ) PK inj : PK lossy : Q 0 Q 1 E ( m , r ) ≡ Q b ( m , 0; r ) Brett Hemenway and Rafail Ostrovsky

  47. Oblivious Transfer Implies Lossy Encryption x 0 x 1 b Q b ( · , · ; · ) Sender Receiver Q b ( x 0 , x 1 ; r ) PK inj : PK lossy : Q 0 Q 1 E ( m , r ) ≡ Q b ( m , 0; r ) Computational receiver privacy implies indistinguishability of modes Statistical sender privacy implies lossiness of lossy branch Brett Hemenway and Rafail Ostrovsky

  48. Chosen Ciphertext Security Chosen Ciphertext Security in the Selective Opening Setting Brett Hemenway and Rafail Ostrovsky

  49. IND-SO-CCA2: Definitions Challenger Adversary Brett Hemenway and Rafail Ostrovsky

  50. IND-SO-CCA2: Definitions Challenger Adversary Decryption Queries Brett Hemenway and Rafail Ostrovsky

  51. IND-SO-CCA2: Definitions Challenger Adversary Decryption Queries Selective Opening Query Brett Hemenway and Rafail Ostrovsky

  52. IND-SO-CCA2: Definitions Challenger Adversary Decryption Queries Selective Opening Query Decryption Queries Output b Brett Hemenway and Rafail Ostrovsky

  53. IND-SO-CCA2: Definitions Challenger Adversary c D ( c ) . . . Selective Opening Query Decryption Queries Brett Hemenway and Rafail Ostrovsky

  54. IND-SO-CCA2: Definitions Challenger Adversary c D ( c ) . . . E ( m 1 , r 1 ) , . . . , E ( m n , r n ) I { m ′ { m i , r i } i ∈ I , j } j �∈ I Decryption Queries Brett Hemenway and Rafail Ostrovsky

  55. IND-SO-CCA2: Definitions Challenger Adversary c D ( c ) . . . E ( m 1 , r 1 ) , . . . , E ( m n , r n ) I { m ′ { m i , r i } i ∈ I , j } j �∈ I c D ( c ) . . . Output b Brett Hemenway and Rafail Ostrovsky

  56. Lossy Trapdoor Functions [PW08] F I ≈ F ℓ F − 1 F ℓ I F I Injective Mode Lossy Mode Brett Hemenway and Rafail Ostrovsky

  57. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , t ) Brett Hemenway and Rafail Ostrovsky

  58. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Brett Hemenway and Rafail Ostrovsky

  59. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Trapdoor: F − 1 ( t , F ( s , x )) = x Brett Hemenway and Rafail Ostrovsky

  60. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Trapdoor: Lossiness: F − 1 ( t , F ( s , x )) = x | imF ( s , · ) | ≤ 2 r Brett Hemenway and Rafail Ostrovsky

  61. Lossy Trapdoor Functions in Detail G LTDF (1 λ , inj ) ( s , ⊥ ) G LTDF (1 λ , lossy ) ( s , t ) Trapdoor: Lossiness: F − 1 ( t , F ( s , x )) = x | imF ( s , · ) | ≤ 2 r The first outputs of G LTDF (1 λ , inj ), and G LTDF (1 λ , lossy ) are computationally indistinguishable Brett Hemenway and Rafail Ostrovsky

  62. All-But-One Functions [PW08] G ABO (1 λ , b ∗ ) ( s , t ) Trapdoor: Lossiness: For b � = b ∗ | imF ( s , b ∗ , · ) | ≤ 2 r F − 1 ( t , b , F ( s , b , x )) = x The first outputs of G ABO (1 λ , b 0 ), and G ABO (1 λ , b 1 ) are computationally indistinguishable Brett Hemenway and Rafail Ostrovsky

Recommend

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang SKLOIS Chinese Academy of Sciences Outline Background Our Results Our Constructions Conclusions 2 Threshold Public Key Encryption

854 views • 32 slides
Efficient Lossy Trapdoor Functions based on Subgroup Membership Assumptions Haiyang Xue, Bao Li,

Efficient Lossy Trapdoor Functions based on Subgroup Membership Assumptions Haiyang Xue, Bao Li,

Efficient Lossy Trapdoor Functions based on Subgroup Membership Assumptions Haiyang Xue, Bao Li, Xianhui Lu, Dingding Jia, Yamin Liu Institute of Information Engineering , Chinese Academy of Sciences 2013.11.21 Xue, Li, Lu, Jia, Liu (IIE)

274 views • 23 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
1 I. Major Budget Assumptions General Assumptions 1. The 2019-20 General Fund Unrestricted

1 I. Major Budget Assumptions General Assumptions 1. The 2019-20 General Fund Unrestricted

1 I. Major Budget Assumptions General Assumptions 1. The 2019-20 General Fund Unrestricted Beginning Fund Balance is projected at approximately $16.9 Million representing an adequate reserve level of 11.67%. 2. The 2019-20 Tentative Budget will

581 views • 14 slides
Authenticated Encryption in TLS Same modelling Poor TLS track record &amp; verification

Authenticated Encryption in TLS Same modelling Poor TLS track record &amp; verification

Authenticated Encryption in TLS Same modelling Poor TLS track record &amp; verification approach - Many implementation flaws - Attacks on weak cryptography concrete security: each lossy step (MD5, SHA1, ) documented by a game and a

514 views • 27 slides
Lossless compression in lossy compression systems Almost every lossy compression system

Lossless compression in lossy compression systems Almost every lossy compression system

Lossless compression in lossy compression systems Almost every lossy compression system contains a lossless compression system Lossy compression system Dequantizer Transform Lossless Lossless Inverse Quantizer Encoder Decoder

771 views • 29 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan Identity-Based Encryption [Sha84, BF03, Coc01] Identity-Based Encryption [Sha84, BF03, Coc01]

1.01k views • 64 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
The Parametric Complexity of Lossy Counter Machines Sylvain Schmitz ICALP , July 12, 2019,

The Parametric Complexity of Lossy Counter Machines Sylvain Schmitz ICALP , July 12, 2019,

Lossy Counter Machines Controlled Sequences Antichain Factorisation Width Function Theorem The Parametric Complexity of Lossy Counter Machines Sylvain Schmitz ICALP , July 12, 2019, Patras 1/15 Lossy Counter Machines Controlled Sequences

1.52k views • 123 slides
RPL- Routing over Low Power and Lossy Networks Michael Richardson Ines Robles IETF 94

RPL- Routing over Low Power and Lossy Networks Michael Richardson Ines Robles IETF 94

RPL- Routing over Low Power and Lossy Networks Michael Richardson Ines Robles IETF 94 Questions to answers today 1. What is a low power/lossy network? How does that relate to IoT? 2. What is RPL and how does it work? 3. Why couldn't we do

1.33k views • 66 slides
Ackermann-Hardness for Lossy Counter Machines (and Reset Petri Nets) Philippe Schnoebelen LSV,

Ackermann-Hardness for Lossy Counter Machines (and Reset Petri Nets) Philippe Schnoebelen LSV,

Ackermann-Hardness for Lossy Counter Machines (and Reset Petri Nets) Philippe Schnoebelen LSV, CNRS &amp; ENS Cachan + Oxford 1-year visitor QM EECSTCS Seminar, London, June 20th 2012 Part I: Lossy counter machines 2/20 C OUNTER M ACHINES

559 views • 20 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and

Key-policy Attribute-based Encryption for General Boolean Circuits from Secret Sharing and Multi-linear Maps agan 1 and Ferucio Laurent iplea 2 Constantin C at alin Dr iu T 1 CNRS, LORIA, 54506 Vandoeuvre-l` es-Nancy Cedex France

623 views • 18 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2

Encryption at Rest in ZFS Tom Caputi tcaputi@datto.com Overview of Encryption Implementation 2 What is Encryption? Want to prevent someone (an attacker) from accessing private data Permissions arent good enough Root user can

788 views • 20 slides
Everything you need to know about Lossy Counter Machines Ph. Schnoebelen

Everything you need to know about Lossy Counter Machines Ph. Schnoebelen

Everything you need to know about Lossy Counter Machines Ph. Schnoebelen http://www.lsv.ens-cachan.fr/ phs Lab. Sp ecification et V erification (LSV) CNRS &amp; ENS de Cachan &amp; INRIA-Saclay Journ ee DOTS / Mar. 18th, 2010

947 views • 68 slides
Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness

Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness

Wrap Up: Cryptographic Primitives Lecture 18 Alternate Assumptions for PKE Randomness Extractors Story So Far Basic primitives for secure communication: Shared-Key Public-Key SKE PKE Encryption MAC

498 views • 17 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Lecture 7 Lossy Source Coding I-Hsiang Wang Department of Electrical Engineering National

Lecture 7 Lossy Source Coding I-Hsiang Wang Department of Electrical Engineering National

Lossy Source Coding Theorem for Memoryless Sources Proof of the Coding Theorem Lecture 7 Lossy Source Coding I-Hsiang Wang Department of Electrical Engineering National Taiwan University ihwang@ntu.edu.tw December 2, 2015 1 / 39 I-Hsiang

639 views • 39 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson

Lecture 3 Encryption Suggested readings: Chs 1 &amp; 2 in KPS Ch 1 in Stinson (recommended) 1 Encryption Principles A cryptosystem has (at least) five ingredients: 1. Plaintext 2. Secret Key 3. Ciphertext 4. Encryption algorithm 5.

657 views • 12 slides

More recommend