multi input functional encryption for inner products
play

Multi-Input Functional Encryption for Inner Products: Function-Hiding - PowerPoint PPT Presentation

Feb 08, 2024 •233 likes •552 views

Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings Michel Abdalla Dario Catalano Dario Fiore Romain Gay Bogdan Ursu August 21, 2018 August 21, 2018 1 / 30 Motivation - Spam

  1. Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings Michel Abdalla Dario Catalano Dario Fiore Romain Gay Bogdan Ursu August 21, 2018 August 21, 2018 1 / 30

  2. Motivation - Spam Server C Spam(M) Dec Encrypted sk Spam C email Server Spam(M)=True? Spam folder Functional Encryption Motivation August 21, 2018 2 / 30

  3. Beyond Public Key Encryption Public key encryption [Diffie, Hellman 76] Functional encryption [Boneh, Sahai, Waters 11] Enc(pk , M ) Enc(mpk , M ) sk f sk Dec M Dec f ( M ) Functional Encryption Beyond Public Key Encryption August 21, 2018 3 / 30

  4. Functional Encryption Setup: Generates mpk , msk Functional encryption [Boneh, Sahai, Waters 11] Enc(mpk , M ) mpk KeyGen(msk , · ) Master Authority sk f f sk f Dec f ( M ) C ( M ) f ( M ) sk f Alice Bob Functional Encryption Setting August 21, 2018 4 / 30

  5. Multi-Input Functional Encryption Functional encryption Enc(mpk , M ) sk f f ( M ) Multi-input functional encryption Dec [Goldwasser, Gordon, Goyal, Jain, Katz, Liu, Sahai, Shi, Zhou 14] Enc(mpk , M 1 ) Enc(mpk , M n ) . . . n inputs sk f f ( M 1 . . . M n ) Dec Independent ciphertexts Multi-Input Multi-Input Setting August 21, 2018 5 / 30

  6. Inner-Product Functional Encryption f y ( · ) = �· , y � f y 1 � ... � y n ( · , . . . , · ) = � x 1 � . . . � x n , y 1 � . . . � y n � Inner-Product Multi-input Inner-Product Functional encryption Enc(mpk , x 1 ) Enc(mpk , x n ) Enc(mpk , x ) . . . n inputs sk y 1 ... y n � x 1 � . . . � x n , y 1 � . . . � y n � Dec sk y � x , y � Dec Independent ciphertexts Multi-Input Multi-Input Setting August 21, 2018 6 / 30

  7. Previous Work Multi-input scheme Classes of functions Assumptions [GGG + 14, BLR + 15, BGJS15] General functions IO, Multilinear maps, ... [AJ15, BKS16] FH [AGRW17] Inner products, poly inputs SXDH in Pairing Groups Inner products [DOT18] FH SXDH in Pairing Groups unbounded poly inputs FH - function hiding Multi-Input Previous work August 21, 2018 7 / 30

  8. Previous Work + Our Contribution Multi-input scheme Classes of functions Assumptions [GGG + 14, BLR + 15, BGJS15] General functions IO, Multilinear maps, ... [AJ15, BKS16] FH [AGRW17] Inner products, poly inputs SXDH in Pairing Groups Inner products [DOT18] FH SXDH in Pairing Groups unbounded poly inputs This work Inner products, poly inputs DDH, DCR or LWE This work FH Inner products, poly inputs SXDH in Pairing Groups FH - function hiding Multi-Input Our contribution August 21, 2018 8 / 30

  9. Previous Work + Our Contribution Multi-input scheme Classes of functions Assumptions [GGG + 14, BLR + 15, BGJS15] General functions IO, Multilinear maps, ... [AJ15, BKS16] FH [AGRW17] Inner products, poly inputs SXDH in Pairing Groups Inner products [DOT18] FH SXDH in Pairing Groups unbounded poly inputs This work Inner products, poly inputs DDH, DCR or LWE This work FH Inner products, poly inputs SXDH in Pairing Groups FH - function hiding Multi-Input Our contribution August 21, 2018 9 / 30

  10. Security Goal Security goal Enc(mpk , x ) sk y Leaks only � x , y � , y , | x | Multi-Input Security August 21, 2018 10 / 30

  11. Security of Multi-Input Functional Encryption Security goal Enc(mpk , x 1 ) . . . Enc(mpk , x n ) sk y 1 � ... � y n Leaks only � x 1 � . . . � x n , y 1 � . . . � y n � , y 1 � . . . � y n , {| x i |} Multi-Input Security Goal August 21, 2018 11 / 30

  12. Security of Multi-Input Functional Encryption Security goal Enc(mpk , x 1 ) . . . Enc(mpk , x n ) sk y 1 � ... � y n Leaks only � x 1 � . . . � x n , y 1 � . . . � y n � , y 1 � . . . � y n , {| x i |} Leakage is more complex! Multi-Input Security Goal August 21, 2018 12 / 30

  13. Multi-Input Inner-Product Encryption sk y 1 � ... � y n Can compute � x 1 � . . . � x n , y 1 � . . . � y n � Enc(msk , x 1 ) Enc(msk , x n ) Independent ciphertexts - fresh randomness . . . Multi-Input Model August 21, 2018 13 / 30

  14. Multi-Input Inner-Product Encryption sk y 1 � ... � y n Can compute � x 1 � . . . � x n , y 1 � . . . � y n � Enc(msk , x 1 ) Enc(msk , x n ) But nothing more about � x i , y i � . . . Multi-Input Model August 21, 2018 14 / 30

  15. Public Key - Symmetric Key sk y 1 � ... � y n Can compute � x 1 � . . . � x n , y 1 � . . . � y n � But nothing more about � x i , y i � Public key, encrypt 0 Enc(msk , x 1 ) Enc(msk , x n ) . . . � 0 . . . 0 � x i � 0 . . . 0 , y 1 � . . . � y n � = � x i , y i � Multi-Input Public Key Setting August 21, 2018 15 / 30

  16. Mixing Ciphertexts Can compute: � x 1 � x 2 , y 1 � y 2 � sk y 1 � y 2 � x ′ 1 � x 2 , y 1 � y 2 � � x 1 � x ′ 2 , y 1 � y 2 � � x ′ 1 � x ′ 2 , y 1 � y 2 � Enc(msk , x 1 ) Enc(msk , x 2 ) Example for n = 2 Enc(msk , x ′ Enc(msk , x ′ 1 ) 2 ) Difficulty: Allow ciphertext mixing but not key mixing!!!. Multi-Input Mixing Ciphertexts August 21, 2018 16 / 30

  17. Multi-Input Inner-Product - Security Adversary Challenger y 1 � . . . � y n KeyGen sk y 1 � ... � y n x i , i Enc Enc(msk , i , x i ) Adversary only learns � x 1 � . . . � x n , y 1 � . . . � y n � for all queried ( x i , i ) and all queried y 1 � . . . � y n . Multi-Input Security August 21, 2018 17 / 30

  18. Construction without Pairings Roadmap 1 One ciphertext, one input 2 One ciphertext, many inputs 3 Many ciphertexts, one input 4 Many ciphertexts, many inputs Symmetric setting one ciphertext ✘✘ = ⇒ many ciphertexts ❳❳ ✘ ❳ Multi-Input Pairing-Free Construction August 21, 2018 18 / 30

  19. 1 One ciphertext, one input 1 One ciphertext, one input msk = u ∈ Z m q Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y Multi-Input Pairing-Free Construction August 21, 2018 19 / 30

  20. 1 One ciphertext, one input 1 One ciphertext, one input Decrypt with sk y : ✟ ✟ � x + u , y � − � u , y � = � x , y � + ✟✟ � u , y � − ✟✟ � u , y � msk = u ∈ Z m q Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y Multi-Input Pairing-Free Construction August 21, 2018 20 / 30

  21. 1 One ciphertext, one input 1 One ciphertext, one input Decrypt with sk y : ✟ ✟ � x + u , y � − � u , y � = � x , y � + ✟✟ � u , y � − ✟✟ � u , y � Security: msk = u ∈ Z m q ( x + u , � u , y � , y ) ≡ ( w , � w , y � − � x , y � , y ) Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y Goal: only leakage on x is � x , y � . � Multi-Input Pairing-Free Construction August 21, 2018 21 / 30

  22. 2 One ciphertext, many inputs 1 One ciphertext, one input 2 One ciphertext, many inputs msk = u 1 . . . u n ∈ Z n × m msk = u ∈ Z m q q Enc 1 (msk , x ) = x + u ∈ Z m Enc 2 (msk , i , x i ) = x i + u i ∈ Z m q q KeyGen 2 (msk , y 1 . . . y n ) = � n KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y i =1 � u i , y i � ∈ Z q , y 1 . . . y n Multi-Input Pairing-Free Construction August 21, 2018 22 / 30

  23. 2 One ciphertext, many inputs 1 One ciphertext, one input 2 One ciphertext, many inputs msk = u ∈ Z m msk = u 1 . . . u n ∈ Z n × m q q Enc 1 (msk , x ) = x + u ∈ Z m Enc 2 (msk , i , x i ) = x i + u i ∈ Z m q q KeyGen 2 (msk , y 1 . . . y n ) = � n KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y i =1 � u i , y i � ∈ Z q , y 1 . . . y n Dec: � n i =1 � x i + u i , y i � − � n i =1 � u i , y i � = � x 1 . . . x n , y 1 , . . . y n � Multi-Input Pairing-Free Construction August 21, 2018 23 / 30

  24. 3 Many ciphertexts, one input 1 One ciphertext, one input 3 Many ciphertexts, one input [ABDP15] msk = u ∈ Z m msk = v ∈ Z m q q Enc 3 (msk , x ) = g r , g x + r v ∈ G m +1 Enc 1 (msk , x ) = x + u ∈ Z m q KeyGen 1 (msk , y ) = � u , y � ∈ Z q , y KeyGen 3 (msk , y ) = � v , y � ∈ Z q , y G prime group of order q Using [ALS16], this step can also be based on LWE or DCR. Multi-Input Pairing-Free Construction August 21, 2018 24 / 30

  25. Construction without Pairings 1 One ciphertext, one input msk = u Enc 1 (msk , x ) = x + u KeyGen 1 (msk , y ) = � u , y � , y 2 One ciphertext, many inputs 3 Many ciphertexts, one input msk = u 1 . . . u n msk = v Enc 2 (msk , i , x i ) = x i + u i Enc 3 (msk , x ) = g r , g x + r v ∈ G m +1 KeyGen 2 (msk , y 1 . . . y n ) = KeyGen 3 (msk , y ) = � v , y � , y � n i =1 � u i , y i � , y 1 . . . y n 4 Many ciphertexts, many inputs msk = u i , v i Enc 4 (msk , i , x ) = Enc 3 (Enc 2 (msk , i , x i )) KeyGen 4 (msk , y 1 . . . y n ) = � n i =1 � u i , y i � , KeyGen 3 ( y i ) Multi-Input Pairing-Free Construction August 21, 2018 25 / 30

  26. Our Construction Without Pairings Pairing-free construction removed bilinear groups adaptive security support larger messages efficient schemes (linearly-sized ciphertexts and decryption keys) instantiations from DDH, LWE or DCR. polynomial number of slots Multi-Input Pairing-Free Construction August 21, 2018 26 / 30

  27. Function-Hiding Scheme Security goal sk y Enc(mpk , x ) New multi-input function-hiding scheme for the inner product � Adaptively secure Leaks only poly-many inputs � x , y � , | x | , y Multi-Input Function-Hiding August 21, 2018 27 / 30

Recommend

Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Multi-input Inner-Product Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana Raykova, Yale University Hoeteck Wee, CNRS and ENS Functional Encryption [Boneh, Sahai, Waters 11] m Alice Functional

585 views • 40 slides
Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de

Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de

Two-Client and Multi-client Functional Encryption for Set Intersection and Variants Tim van de Kamp David Stritzl Willem Jonker Andreas Peter ACISP 2019 Functional Encryption for Set Operations n evaluate i = 1 S i S 1 S 2 S n

707 views • 32 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional

Functional Encryption Lecture 23 ABE from LWE Functional Encryption f g h KeyGen PK SK SK f PK f(x) Dec SK g x g(x) Enc Dec Ciphertext SK h h(x) Dec Index-Payload Functions Message x=(

168 views • 13 slides
Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents

Inner Product Functional Encryption Edouard Dufour Sans January 25, 2018 Table of Contents Introduction Functional Encryption Security definitions Notations The Power of Inner Products Descriptive statistics Machine Learning Practical

930 views • 65 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse,

Simple Functional Encryption Schemes for Inner Products Michel Abdalla ( B ) , Florian Bourse, Angelo De Caro, and David Pointcheval ENS, CNRS, INRIA, and PSL, 45 Rue dUlm, 75230 Paris Cedex 05, France {

535 views • 19 slides
Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption

Functional Encryption for Regular Languages Brent Waters Public Key Encryption [DH76,M78,RSA78,GM84] Avoid Prior Secret Exchange PubK SK 2 Functional Encryption [SW05] Functionality: f( , ) MSK Authority Key: y 2 {0,1}* y SK CT: x

945 views • 16 slides
Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De

Overview of the results The Framework Work in progress Simple Functional Encryption Schemes for Inner Products Michel Abdalla, Florian Bourse, Angelo De Caro, and David Pointcheval Ecole normale sup erieure, CNRS, INRIA, PSL, Paris,

866 views • 71 slides
Robust Transforming Combiners from iO to Functional Encryption Prabhanjan Ananth Aayush Jain

Robust Transforming Combiners from iO to Functional Encryption Prabhanjan Ananth Aayush Jain

Robust Transforming Combiners from iO to Functional Encryption Prabhanjan Ananth Aayush Jain Amit Sahai Since 2013 Two-Round (Adaptive) Multi-Party Computation Instantiating Random Oracles Non-Interactive Multi-party Key

1.33k views • 111 slides
Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David

Unbounded Inner Product Functional Encryption, with Succinct Keys Edouard Dufour Sans and David Pointcheval Ecole Normale Sup erieure INRIA June 6, 2019 Table of Contents Background Functional Encryption ABDP Applications of Inner

970 views • 51 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research Weizmann Institute Silicon Valley Probabilistic Encryption Enc Semantic Security [GM82]: No

341 views • 14 slides
Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov

Limits on the Power of Indistinguishability Obfuscation and Functional Encryption Gilad Asharov Gil Segev Hebrew University This Talk A framework for proving impossibility results for commonly-used non-black-box techniques Limits on

596 views • 22 slides
The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State

The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State

The Multi-User Security of Double Encryption Viet Tung Hoang Stefano Tessaro Florida State University UC Santa Barbara EUROCRYPT 2017 May 3, 2017 1 Double Encryption Single Encryption: trivial E J key-recovery in O(2 k ) time. Double

1.25k views • 51 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
Functional Encryption for Inner Product with Full Function Privacy by Sourav Mukhopadhyay joint

Functional Encryption for Inner Product with Full Function Privacy by Sourav Mukhopadhyay joint

Functional Encryption for Inner Product with Full Function Privacy by Sourav Mukhopadhyay joint work with Pratish Datta and Ratna Dutta Department of Mathematics Indian Institute of Technology Kharagpur Kharagpur-721302 India PKC 2016

340 views • 23 slides
Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans

Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans

Partially Encrypted Machine Learning using Functional Encryption eo Ryffel 1,2 Edouard Dufour-Sans 1 Romain Gay 1,3 Th Francis Bach 2,1 David Pointcheval 1,2 1 Ecole Normale Sup erieure 2 INRIA 3 UC Berkeley August 18, 2019 Table of

418 views • 38 slides
On ELFs, Deterministic Encryption, and Correlated Input Security

On ELFs, Deterministic Encryption, and Correlated Input Security

On ELFs, Deterministic Encryption, and Correlated Input Security Mark Zhandry Princeton University mommy > daddy In reality = = pk c = Enc(pk,mommy > daddy) sk Random

568 views • 27 slides
Dynamic Decentralized Functional Encryption Jrmy Chotard, Edouard Dufour Sans , Romain Gay,

Dynamic Decentralized Functional Encryption Jrmy Chotard, Edouard Dufour Sans , Romain Gay,

Dynamic Decentralized Functional Encryption Jrmy Chotard, Edouard Dufour Sans , Romain Gay, Duong Hieu Phan, and David Pointcheval CRYPTO 2020, Monday August 17th 2020 The technological landscape of the early 21st century Lots of data. +

667 views • 48 slides
Input Products for Weighted Extended Top-down Tree Transducers Andreas Maletti Universitat

Input Products for Weighted Extended Top-down Tree Transducers Andreas Maletti Universitat

Input Products for Weighted Extended Top-down Tree Transducers Andreas Maletti Universitat Rovira i Virgili Tarragona, Spain andreas.maletti@urv.cat London, ON August 17, 2010 Input Products for WXTT A. Maletti 1 Machine

828 views • 44 slides
GD350 Series High Performance & Multi-functional Inverter Presentation Brief introduction

GD350 Series High Performance & Multi-functional Inverter Presentation Brief introduction

GD350 Series High Performance & Multi-functional Inverter Presentation Brief introduction Power range380VAC 1.5~500kw u GD350 is a high performance multi- functional inverter, relying on the latest special processor for motor control

141 views • 10 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Obfustopia Built on Secret-Key Functional Encryption Fuyuki Kitagawa (Tokyo Institute of

Obfustopia Built on Secret-Key Functional Encryption Fuyuki Kitagawa (Tokyo Institute of

Obfustopia Built on Secret-Key Functional Encryption Fuyuki Kitagawa (Tokyo Institute of Technology) Ryo Nishimaki (NTT Secure Platform Laboratories) Keisuke Tanaka(Tokyo Institute of Technology) Our results Focus Constructing

962 views • 55 slides

More recommend