new and improved key homomorphic pseudorandom functions
play

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek - PowerPoint PPT Presentation

Aug 14, 2022 •400 likes •886 views

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1 Georgia Institute of Technology CRYPTO 14 19 August 2014 Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security

  1. New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1 Georgia Institute of Technology CRYPTO ’14 19 August 2014

  2. Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security (Idea) 3 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 1 / 11

  3. Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security (Idea) 3 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 1 / 11

  4. Pseudorandom Functions [GGM’84] A family of functions F = { F s : { 0 , 1 } k → B } such that, given adaptive query access, c F s ← F Random U ≈ ✻ ✻ ❄ ❄ x i x i F s ( x i ) U ( x i ) ?? Lots of applications in symmetric key cryptography: encryption, message authentication, friend or foe identification, . . . (Thanks to Seth MacFarlane for the adversary) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 2 / 11

  5. Cooking a (Provably Secure) PRF 1 Goldreich-Goldwasser-Micali [GGM’84] Based on any (doubling) PRG: F s ( x 1 , . . . , x k ) = G x k ( · · · ( G x 1 ( s )) · · · ) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 3 / 11

  6. Cooking a (Provably Secure) PRF 1 Goldreich-Goldwasser-Micali [GGM’84] Based on any (doubling) PRG: F s ( x 1 , . . . , x k ) = G x k ( · · · ( G x 1 ( s )) · · · ) 2 Number-theoretic direct constructions [NR’97, NRR’00] Framework: exponentiate to a product of (secret) exponents Security from number-theoretic assumptions (DDH, factoring, . . . ) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 3 / 11

  7. Cooking a (Provably Secure) PRF 1 Goldreich-Goldwasser-Micali [GGM’84] Based on any (doubling) PRG: F s ( x 1 , . . . , x k ) = G x k ( · · · ( G x 1 ( s )) · · · ) 2 Number-theoretic direct constructions [NR’97, NRR’00] Framework: exponentiate to a product of (secret) exponents Security from number-theoretic assumptions (DDH, factoring, . . . ) 3 Lattice-based direct constructions [BPR’12] Framework: round a product of (secret) matrices/ring elements Security from lattice assumptions (LWE, worst-case lattice problems) Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 3 / 11

  8. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  9. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, 1 DDH-based construction [NPR’99] Security in the random oracle model Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  10. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  11. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Main drawback: has huge parameters, keys, and runtimes Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  12. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Main drawback: has huge parameters, keys, and runtimes [BPR’12] also gives (non-KH) PRFs having much better parameters, with slightly worse (still polylog) depth Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  13. Key-Homomorphic Pseudorandom Functions Key Homomorphism Can efficiently compute F s + t ( x ) from F s ( x ) and F t ( x ) Applications: distribute the operation of a Key Distribution Center, symmetric-key proxy re-encryption, updatable encryption, and PRFs secure against related-key attacks [BC’10,LMR’14] 1 DDH-based construction [NPR’99] Security in the random oracle model 2 Lattice-based construction [BLMR’13] Security in the standard model; construction and proof similar to [BPR’12] rounded-subset-product construction Main drawback: has huge parameters, keys, and runtimes [BPR’12] also gives (non-KH) PRFs having much better parameters, with slightly worse (still polylog) depth Can we obtain similar tradeoffs for KH-PRFs? Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 4 / 11

  14. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  15. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Reference Key Pub Params Time/Bit λ 3 [ λ 3 ] λ 6 [ λ 4 ] λ 5 [ λ 3 ] [BLMR’13] λ 2 [ λ ] λ ω [ λ ] This work λ [ λ ] Figure : For input length λ with 2 λ security under standard assumptions. Log factors omitted. Ring-based constructions appear in [brackets]. Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  16. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Reference Key Pub Params Time/Bit λ 3 [ λ 3 ] λ 6 [ λ 4 ] λ 5 [ λ 3 ] [BLMR’13] λ 2 [ λ ] λ ω [ λ ] This work λ [ λ ] Figure : For input length λ with 2 λ security under standard assumptions. Log factors omitted. Ring-based constructions appear in [brackets]. ⋆ New proof technique that may be useful elsewhere Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  17. Our Results ⋆ New KH-PRFs (from lattices): Polylog ˜ O (1) depth (still) Quasi-optimal ˜ O ( λ ) key sizes First sublinear-depth PRFs (KH or otherwise) with ˜ O ( λ ) key size! Reference Key Pub Params Time/Bit λ 3 [ λ 3 ] λ 6 [ λ 4 ] λ 5 [ λ 3 ] [BLMR’13] λ 2 [ λ ] λ ω [ λ ] This work λ [ λ ] Figure : For input length λ with 2 λ security under standard assumptions. Log factors omitted. Ring-based constructions appear in [brackets]. ⋆ New proof technique that may be useful elsewhere Full version: http://eprint.iacr.org/2014/074 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  18. Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security (Idea) 3 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 5 / 11

  19. Boneh et al. KH-PRF Construction [BLMR’13] Secret key s ∈ Z n q , pub params B 0 , B 1 ∈ { 0 , 1 } n × n , input x ∈ { 0 , 1 } k � � k � F s ( x ) = s · B x i i =1 p Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 6 / 11

  20. Boneh et al. KH-PRF Construction [BLMR’13] Secret key s ∈ Z n q , pub params B 0 , B 1 ∈ { 0 , 1 } n × n , input x ∈ { 0 , 1 } k 1 � � k � F s ( x ) = s · B x i 0 i =1 p 2 Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 6 / 11

  21. Boneh et al. KH-PRF Construction [BLMR’13] Secret key s ∈ Z n q , pub params B 0 , B 1 ∈ { 0 , 1 } n × n , input x ∈ { 0 , 1 } k 1 � � k � F s ( x ) = s · B x i 0 i =1 p 2 “Somewhat key-homomorphic:” F s ( x ) + F t ( x ) ∈ F s + t ( x ) + { 0 , ± 1 } n Banerjee and Peikert (Georgia Tech) New and Improved KH-PRFs CRYPTO ’14 6 / 11

Recommend

Pseudorandom Generators from Regular One-way Functions: New Constructions with Improved Parameters

Pseudorandom Generators from Regular One-way Functions: New Constructions with Improved Parameters

Pseudorandom Generators from Regular One-way Functions: New Constructions with Improved Parameters Yu Yu Joint work with Xiangxue Li and Jian Weng Asiacrypt 2013 One-way Functions One-way functions are an ensemble of functions ( ) n l

214 views • 20 slides
An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel Abdalla, Fabrice Benhamouda, Alain Passelgue Pseudorandom functions [GGM86] - efficiently computable function : -

1.01k views • 56 slides
Pseudorandom Functions and Lattices Abhishek Banerjee 1 Chris Peikert 1 Alon Rosen 2 1 Georgia Tech

Pseudorandom Functions and Lattices Abhishek Banerjee 1 Chris Peikert 1 Alon Rosen 2 1 Georgia Tech

Pseudorandom Functions and Lattices Abhishek Banerjee 1 Chris Peikert 1 Alon Rosen 2 1 Georgia Tech 2 IDC Herzliya Faces of Modern Cryptography 9 September 2011 1 / 14 2 / 14 Pseudorandom Functions [GGM84] A family F = { F s : { 0 , 1 }

1.03k views • 59 slides
Constrained Pseudorandom Functions for Unconstrained Inputs Apoorvaa Deshpande (Brown

Constrained Pseudorandom Functions for Unconstrained Inputs Apoorvaa Deshpande (Brown

Constrained Pseudorandom Functions for Unconstrained Inputs Apoorvaa Deshpande (Brown University) Venkata Koppula (University of Texas at Austin) Brent Waters (University of Texas at Austin) Pseudorandom Functions (Goldreich-Goldwasser-Micali

1.96k views • 97 slides
Pseudorandom fu functions in in alm lmost constant depth fr from lo low-noise LPN Yu Yu

Pseudorandom fu functions in in alm lmost constant depth fr from lo low-noise LPN Yu Yu

Pseudorandom fu functions in in alm lmost constant depth fr from lo low-noise LPN Yu Yu Cryptologic Research Center joint work with (John Steinberger) Outline Introduction to LPN Decisional and Computational LPN

416 views • 15 slides
Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier Ala lain in Passel

Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier Ala lain in Passel

Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier Ala lain in Passel elgue Ecole normale suprieure Joint work with: Mich ichel l Abdalla la (ENS), Fabric ice Be Benhamouda (ENS), Ken enneth G. . Paterson

986 views • 61 slides
On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software

On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software

On the Exact Security of Message Authentication using Pseudorandom Functions Fast Software Encryption 17, Tokyo Ashwin Jha 1 , Avradip Mandal 2 , Mridul Nandi 1 1 Indian Statistical Institute, Kolkata, India 2 Fujitsu Laboratories of America,

751 views • 28 slides
Substitution-permutation networks, pseudorandom functions, and natural proofs Eric Miles

Substitution-permutation networks, pseudorandom functions, and natural proofs Eric Miles

Substitution-permutation networks, pseudorandom functions, and natural proofs Eric Miles Northeastern University joint work with Emanuele Viola Theory vs. practice gap in cryptography Theoreticians have . . . - liberal

654 views • 21 slides
SPRING Fast Pseudorandom Functions from Rounded Ring Products G. Leurent () . . . . . . . . . .

SPRING Fast Pseudorandom Functions from Rounded Ring Products G. Leurent () . . . . . . . . . .

1 / 16 SPRING FSE 2014 Tweaks SPRING Implementation SPRING Fast Pseudorandom Functions from Rounded Ring Products G. Leurent () . . . . . . . . . . . . . . . Abhishek Banerjee 1 Hai Brenner 2 Gatan Leurent 3 Chris Peikert 1 Alon Rosen 2

568 views • 29 slides
Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Homomorphic Encryption for Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption Homomorphic encryption (HE): encryption schemes that support computation on ciphertexts Consists of three functions: m c

548 views • 26 slides
Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects:

Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects:

Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects: examples and constructions David Xiao LIAFA CNRS, Universit Paris 7 Plan Today: examples of pseudorandom objects Expander graphs

403 views • 17 slides
Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic Encryption Group Homomorphism: Two groups G and G are homomorphic if there exists a function (homomorphism) f:G G such that for all x,y G,

1.79k views • 165 slides
Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based

853 views • 52 slides
Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery Ananth Raghunathan Stanford University Pseudorandom Functions (PRFs) x { 0 , 1 } R k K x k PRF PRF( k , x ) x Rand Rand(

565 views • 23 slides
Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Function Families PRF from OWF PRP from PRF Applications Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel Aviv University November 29, 2011 Function Families PRF from OWF PRP from PRF

1.17k views • 58 slides
Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for Boolean functions Pierrick M AUX cole normale suprieure, INRIA, CNRS, PSL Boolean Functions and their Applications (BFA) Os, Norway Tuesday

1.23k views • 101 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford University, 2009. http://crypto.stanford.edu/craig/craig-thesis.pdf Fully Homomorphic Encryption Gentry, C., Computing arbitrary functions of encrypted

233 views • 7 slides
Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e

Homomorphic Secret Sharing II Homomorphic Secret Sharing for Branching Programs Under DDH Ele:e Boyle Niv Gilboa Yuval Ishai IDC BGU Technion & UCLA Secure ComputaGon Approaches Classical

342 views • 33 slides
Pseudorandom generators hard for propositional proof systems Markus Latte April 3 and 4, 2009

Pseudorandom generators hard for propositional proof systems Markus Latte April 3 and 4, 2009

Pseudorandom generators hard for propositional proof systems Markus Latte April 3 and 4, 2009 JASS09 Sankt Peterburg Pseudorandom Generators in Complexity Theory Informally, a pseudorandom generator is a (computable) function G n : { 0 , 1 }

624 views • 49 slides
Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia

Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia

Homomorphic SIM 2 D operations: Single Instruction Much More Data Wouter Castryck Ilia Iliashenko Frederik Vercauteren Homomorphic encryption cryp 175.2 {#*| Homomorphic encoding real-world data plaintext ciphertext

512 views • 40 slides
Homomorphic Secret Sharing & Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing & Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing & Applications from Lattice-Based Assumptions Elette Boyle Many slides taken/adapted from Geoffroy Couteau, Lisa Kohl, & Peter Scholl Fully Homomorphic Encryption (FHE) Supports homomorphic

791 views • 40 slides
Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California, Berkeley and Microsoft Research September 3, 2015 Homomorphic Encryption Homomorphic Encryption Consider a public key cryptosystem, and operations

777 views • 35 slides
On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien

On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien

On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien Dupin - Pierrick Maux - Mlissa Rossi - Yann Rotella ASIACRYPT 2018/12/04 1 1 Goldreich Pseudorandom Generator (Goldreich TOCT 2000)

795 views • 64 slides

More recommend