on elfs deterministic encryption and correlated input
play

On ELFs, Deterministic Encryption, and Correlated Input - PowerPoint PPT Presentation

Jan 31, 2023 •294 likes •568 views

On ELFs, Deterministic Encryption, and Correlated Input Security Mark Zhandry Princeton University mommy > daddy In reality = = pk c = Enc(pk,mommy > daddy) sk Random

  1. On ¡ELFs, ¡Deterministic ¡ Encryption, ¡and ¡ Correlated ¡Input ¡Security Mark ¡Zhandry Princeton ¡University

  2. “mommy > daddy”

  3. In ¡reality… = =

  4. pk c = Enc(pk,“mommy > daddy”) sk

  5. Random ¡Number ¡Cortex: r ¡= ¡0000000000…….

  6. Deterministic ¡Public ¡Key ¡Encryption ¡(DPKE) Pros: Cons: ✓ No ¡randomness ¡needed ✘ Harder ¡to ¡construct ✓ Public ¡equality ¡test ✘ Semantic ¡security ¡impossible ✘ Need ¡unpredictable ¡messages ✘ Multiple ¡messages?

  7. This ¡Work DPKE ¡secure ¡under • Arbitrary ¡computationally ¡unpredictable ¡sources • Constant number ¡of ¡arbitrarily ¡correlated ¡sources • Chosen ¡ciphertext attacks Computational ¡assumption: ¡exponential ¡DDH

  8. Computationally ¡Unpredictable ¡Sources D (x 1 , x 2 , …, x t , aux) Pr[i ≠ j ⇒ x i ≠ x j ] = 1 Pr[x i ’ = x i ] < negl (i, x i ’)

  9. DPKE ¡Experiment ¡0: D Gen (pk, sk) (x 1 , x 2 , …, x t , aux) … Enc pk Enc pk Enc pk (c 1 , c 2 , …, c t , aux, pk) Dec sk

  10. DPKE ¡Experiment ¡1: D Gen (pk, sk) (x 1 , x 2 , …, x t , aux) $ $ $ (c 1 , c 2 , …, c t , aux, pk) Dec sk

  11. Some ¡Prior ¡Work [Wichs’12] t [Brakerski-­‑Segev’11] unbounded [Bellare-­‑Boldyreva-­‑O’Neill’07] (ROM) No ¡BB ¡ reduction ¡to ¡ bounded ¡poly [Fuller-­‑O’Neill-­‑Reyzin’12] “falsifiable ¡ assumption” log This ¡Work Unbounded ¡ O(1) (exp assump, ¡non ¡BB) [Bellare-­‑Fischlin-­‑O’Neill-­‑Ristenpart’08, 1 [Brakerski-­‑Segev’11, ¡Wee’12] Boldyreva-­‑Fehr-­‑O’Neill’08] D Arbitrary ¡unpred.

  12. Step ¡1: ¡ t=1 , ¡No ¡CCA ¡queries

  13. Extremely ¡Lossy Functions ¡(ELFs) ¡[Z’16] Injective ¡Mode: Lossy Mode: ≈ c | Img | = polynomial* Thm [Z’16]: ¡ Exponential ¡DDH ¡ ⇒ ELFs *Technically ¡ |Img| depends ¡on ¡adversary

  14. PRGs ¡for ¡Comp. ¡Unpred. ¡Sources, ¡ t=1 D $ k (x , aux) Thm [Z’16]: ¡ ELFs ¡ ⇒ PRGs ¡for ¡arbitrary ¡ 1 -­‑CU ¡sources G k (y, aux, k)

  15. Upgrading ¡to ¡DPKE Encryption: Decryption: x c Dec sk G k ??? Enc pk $ c

  16. New ¡Tool: ¡Trapdoor ¡ELFs Injective ¡Mode:

  17. Constructing ¡T-­‑ELFs … x LTDF LTDF LTDF Compression ¡kills ¡trapdoor = ¡Pairwise ¡independent ¡function

  18. Constructing ¡T-­‑ELFs … x LTDF LTDF LTDF In ¡paper: ¡instantiate ¡parameters ¡ such ¡that ¡growth ¡isn’t ¡too ¡big

  19. Upgrading ¡to ¡DPKE Encryption: Decryption: x c Thm: T-­‑ELFs ¡+ ¡ Dec sk G k Pseudorandom ¡ctxts + PRG ¡for ¡CU ¡ 1 -­‑sources ¡+ DPKE ¡for ¡CU ¡ 1 -­‑sources ⇒ Enc pk $ c x

  20. Step ¡2: ¡Constant ¡ t , ¡No ¡CCA ¡queries

  21. PRGs ¡for ¡Comp. ¡Unpred. ¡Sources, ¡ t=O(1) D $ k (x 1 , x 2 , …, x t , aux) … G k G k G k (y 1 , y 2 , …, y t , aux, k)

  22. Step ¡2: ¡Constant ¡ t , ¡No ¡CCA ¡queries Thm: T-­‑ELFs ¡+ ¡ Pseudorandom ¡ctxts + PRG ¡for ¡CU ¡ O(1) -­‑sources ¡+ DPKE ¡for ¡CU ¡ O(1) -­‑sources ⇒

  23. PRG ¡for ¡CU ¡ O(1) -­‑ sources Idea ¡1: ¡each ¡ x i gets ¡it’s ¡own ¡PRG ¡for ¡CU ¡ 1 -­‑sources D (x 1 , x 2 , …, x t , aux) $ $ $ … G k G k k 1 k 2 G k k t y 1 y 2 y t

  24. PRG ¡for ¡CU ¡ O(1) -­‑ sources ? Idea ¡2: ¡Generate ¡ k as ¡function ¡of ¡ x D (x 1 , x 2 , …, x t , aux) … G k G k G k F F F y 1 y 2 y t

  25. PRG ¡for ¡CU ¡ O(1) -­‑ sources Idea ¡3: ¡Break ¡circularity ¡using ¡ t -­‑wise ¡independence ¡+ ¡ELFs D (x 1 , x 2 , …, x t , aux) … G k G k G k y 1 y 2 y t = ¡ t -­‑wise ¡independent ¡func

  26. Step ¡3: ¡CCA ¡Security See ¡paper… Difficulties ¡arise: • Need ¡“branched” ¡T-­‑ELFs • T-­‑ELFs ¡are ¡much ¡more ¡delicate ¡than ¡LTDFs ⇒ Generic ¡approaches ¡don’t ¡work • Instead, ¡modify ¡construction ¡directly

  27. Now ¡time ¡for ¡a ¡nap ¡…

Recommend

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research Weizmann Institute Silicon Valley Probabilistic Encryption Enc Semantic Security [GM82]: No

341 views • 14 slides
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank

Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal David J. Wu Public-Key Functional Encryption [BSW11, ON10] () Keys are associated with deterministic functions sk

1.47k views • 99 slides
SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic

Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: SYMMETRIC ENCRYPTION K is randomized E can be randomized or stateful D is deterministic 1 / 116 2 / 116 Correct decryption requirement Example:

430 views • 29 slides
Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w

Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w

Deterministic Finite Automata Lecture 4 1 Input Accepted by a DFA We say that M accepts w * if M , on input w , starting from the start state s , reaches a final state i.e., * ( s,w ) F L ( M ) is the set of all strings accepted by

652 views • 51 slides
The Magic of ELFs Mark Zhandry Princeton University (Work done

The Magic of ELFs Mark Zhandry Princeton University (Work done

The Magic of ELFs Mark Zhandry Princeton University (Work done while at MIT) Prove this secure: Enc(m) = ( TDP(r), H(r) m ) (CPA security, many-bit messages, arbitrary

1.1k views • 64 slides
How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben

How to Encipher Messages on a Small Domain Deterministic Encryption and the Thorp Shuffle Ben Morris Phil Rogaway Till Stegers University of California, Davis University of California, Davis Dept of Mathematics Dept of Computer

1.01k views • 25 slides
Linear System Response Linear System to Random Inputs Response to deterministic input.

Linear System Response Linear System to Random Inputs Response to deterministic input.

Outline Linear System Response Linear System to Random Inputs Response to deterministic input. Response to stochastic input. Characterize the stochastic output using: mean, mean square, autocorrelation, M. Sami Fadali spectral

296 views • 14 slides
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct decryption requirement More

1.19k views • 53 slides
Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

877 views • 48 slides
Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and

Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and

(A brief, incomplete) Introduction to Authenticated Encryption Tom Shrimpton Summer School on Real-World Crypto and Privacy June 11, 2018 Authenticated Encryption M M Its complicated Probabilistic or deterministic AE? Nonce based AE?

868 views • 47 slides
1 The Minimization Problem The Minimization Problem Input: A DFA (deterministic finite-state

1 The Minimization Problem The Minimization Problem Input: A DFA (deterministic finite-state

Simpler &amp; More General Minimization The Minimization Problem for Weighted Finite-State Automata Input: A DFA (deterministic finite-state automaton) Output: An equiv. DFA with as few states as possible Complexity: O(|arcs| log |states| )

792 views • 16 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and

Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and

Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings Michel Abdalla Dario Catalano Dario Fiore Romain Gay Bogdan Ursu August 21, 2018 August 21, 2018 1 / 30 Motivation - Spam

552 views • 31 slides
Training Deterministic Parsers with Non-Deterministic Oracles by Yoav Goldberg and Joakim

Training Deterministic Parsers with Non-Deterministic Oracles by Yoav Goldberg and Joakim

Training Deterministic Parsers with Non-Deterministic Oracles by Yoav Goldberg and Joakim Nivre, 2013 Seminarvortrag Pius Meinert July 13, 2018 Training Deterministic Parsers with Non-Deterministic Oracles root PRD SBJ DOBJ IOBJ

842 views • 47 slides
CLOC: Authenticated Encryption for Short Input Tetsu Iwata, Nagoya University Kazuhiko Minematsu,

CLOC: Authenticated Encryption for Short Input Tetsu Iwata, Nagoya University Kazuhiko Minematsu,

CLOC: Authenticated Encryption for Short Input Tetsu Iwata, Nagoya University Kazuhiko Minematsu, NEC Corporation Jian Guo, Nanyang Technological University Sumio Morioka, NEC Europe Ltd. FSE 2014 March 3, 2014, London, UK 1 Outline A new

668 views • 33 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana

Multi-input Inner-Product Functional Encryption from Pairings Michel Abdalla, CNRS and ENS Romain Gay, ENS Mariana Raykova, Yale University Hoeteck Wee, CNRS and ENS Functional Encryption [Boneh, Sahai, Waters 11] m Alice Functional

585 views • 40 slides
APE(X): Authenticated Permutation-Based Encryption with Extended Misuse Resistance Atul Luykx

APE(X): Authenticated Permutation-Based Encryption with Extended Misuse Resistance Atul Luykx

APE(X): Authenticated Permutation-Based Encryption with Extended Misuse Resistance Atul Luykx COSIC, KU Leuven August 14, 2013 Joint work with A. Bogdanov, E. Andreeva, B. Mennink, N. Mouha, K. Yasuda 1 / 16 Stateless, Deterministic

198 views • 17 slides
Correlated-Q Learning and Cyclic Equilibria in Markov games Haoqi Zhang Correlated-Q Learning

Correlated-Q Learning and Cyclic Equilibria in Markov games Haoqi Zhang Correlated-Q Learning

Correlated-Q Learning and Cyclic Equilibria in Markov games Haoqi Zhang Correlated-Q Learning Greeenwald and Hall (2003) Setting: general sum Markov games Goal: convergence (reach equilibrium), payoff Means: CE-Q Results:

461 views • 24 slides
From normal to anomalous deterministic diffusion Part 1: Normal deterministic diffusion Rainer

From normal to anomalous deterministic diffusion Part 1: Normal deterministic diffusion Rainer

Outline Chaotic maps Deterministic diffusion End From normal to anomalous deterministic diffusion Part 1: Normal deterministic diffusion Rainer Klages Queen Mary University of London, School of Mathematical Sciences Sperlonga, 20-24

465 views • 29 slides
Policy Discussion #3 T wo Criteria Calculation Methods: Deterministic and Probabilistic Don A.

Policy Discussion #3 T wo Criteria Calculation Methods: Deterministic and Probabilistic Don A.

Policy Discussion #3 T wo Criteria Calculation Methods: Deterministic and Probabilistic Don A. Essig, Idaho DEQ April 2, 2014 Negotiated Rulemaking, Docket 58-0102-1201 Outline Human Health Criteria Equations - Revisited Needed Input

370 views • 15 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
TERN: Stable Deterministic Multithreading through Schedule Memoization Heming Cui Jingyue Wu

TERN: Stable Deterministic Multithreading through Schedule Memoization Heming Cui Jingyue Wu

TERN: Stable Deterministic Multithreading through Schedule Memoization Heming Cui Jingyue Wu Chia-che Tsai Junfeng Yang Computer Science Columbia University New York, NY, USA 1 Nondeterministic Execution Same input many schedules

232 views • 21 slides
Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a

Secret-Key Encryption Introduction Encryption is the process of encoding a message in such a way that only authorized parties can read the content of the original message History of encryption dates back to 1900 BC Two types of

533 views • 38 slides

More recommend