on the complexity of simulating auxiliary input
play

On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 - PowerPoint PPT Presentation

Sep 07, 2022 •235 likes •868 views

On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1 Harvard University, Cambridge, USA 2 Academia Sinica, Taipei, Taiwan 1 / 18 Simulating Auxiliary Input [JP14] Consider random variables ( X , Z )

  1. On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1 Harvard University, Cambridge, USA 2 Academia Sinica, Taipei, Taiwan 1 / 18

  2. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient 2 / 18

  3. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient Problem ∃ ? efficiently computable simulator h : { 0 , 1 } n → { 0 , 1 } ℓ such that ( X , h ( X )) and ( X , Z ) are indistinguishable? 2 / 18

  4. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient Problem ∃ ? efficiently computable simulator h : { 0 , 1 } n → { 0 , 1 } ℓ such that ( X , h ( X )) and ( X , Z ) are indistinguishable? What is the best we can hope for? 2 / 18

  5. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient Problem ∃ ? efficiently computable simulator h : { 0 , 1 } n → { 0 , 1 } ℓ such that ( X , h ( X )) and ( X , Z ) are indistinguishable? What is the best we can hope for? ( X , h ( X )) and ( X , Z ) are statistically close 2 / 18

  6. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient Problem ∃ ? efficiently computable simulator h : { 0 , 1 } n → { 0 , 1 } ℓ such that ( X , h ( X )) and ( X , Z ) are indistinguishable? What is the best we can hope for? ( X , h ( X )) and ( X , Z ) are statistically close 2 / 18

  7. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient Problem ∃ ? efficiently computable simulator h : { 0 , 1 } n → { 0 , 1 } ℓ such that ( X , h ( X )) and ( X , Z ) are indistinguishable? What is the best we can hope for? ( X , h ( X )) and ( X , Z ) are statistically close n c -size simulator against poly(n) distinguishers 2 / 18

  8. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient Problem ∃ ? efficiently computable simulator h : { 0 , 1 } n → { 0 , 1 } ℓ such that ( X , h ( X )) and ( X , Z ) are indistinguishable? What is the best we can hope for? ( X , h ( X )) and ( X , Z ) are statistically close n c -size simulator against poly(n) distinguishers ([TTV09]) 2 / 18

  9. Simulating Auxiliary Input [JP14] Consider random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ . Z - short leakage of X Z = g ( X ) for (probabilstic) function g , but g might not be efficient Problem ∃ ? efficiently computable simulator h : { 0 , 1 } n → { 0 , 1 } ℓ such that ( X , h ( X )) and ( X , Z ) are indistinguishable? What is the best we can hope for? ( X , h ( X )) and ( X , Z ) are statistically close n c -size simulator against poly(n) distinguishers ([TTV09]) Ω( s ) simulator which fools every distinguisher of size s 2 / 18

  10. Leakage Simulation Lemma Theorem [JP14] For any random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ , ǫ > 0 and s ∈ N , there exists a (probabilistic) simulator h with complexity s h ( ǫ, s , ℓ ) := s · poly( ǫ − 1 , 2 ℓ ) which is ǫ -indistinguishable by every distinguisher f of size s , i.e. | Pr[ f ( X , Z ) = 1] − Pr[ f ( X , h ( X )) = 1] | < ǫ 3 / 18

  11. Leakage Simulation Lemma Theorem [JP14] For any random variables ( X , Z ) ∈ { 0 , 1 } n × { 0 , 1 } ℓ , ǫ > 0 and s ∈ N , there exists a (probabilistic) simulator h with complexity s h ( ǫ, s , ℓ ) := s · poly( ǫ − 1 , 2 ℓ )=? which is ǫ -indistinguishable by every distinguisher f of size s , i.e. | Pr[ f ( X , Z ) = 1] − Pr[ f ( X , h ( X )) = 1] | < ǫ 3 / 18

  12. Applications Complexity Regularity Lemma [TTV09] Hardcore Lemma [Imp95] Dense Model Theorem [GT04, TZ06, RTTV08] Weak Szemer´ edi Regularity Lemma [FK99] Cryptography Leakage Resilient Cryptography Black-box Separation for SNARGs [GW11] Chain Rule for HILL-Entropy [GW11, Rey11] Zero-Knowledge [CLP15] 4 / 18

  13. Main Results s h =? 5 / 18

  14. Main Results s h =? Upper Bound: O (2 4 ℓ ǫ − 4 · s ) JP14 O ( ℓ · 2 ℓ ǫ − 2 · s + 2 ℓ ǫ − 4 ) VZ13 O (2 5 ℓ ǫ − 2 · s ) Sk´ o16 O ( ℓ · 2 ℓ ǫ − 2 · s ) This work 5 / 18

  15. Main Results s h =? Upper Bound: O (2 4 ℓ ǫ − 4 · s ) JP14 O ( ℓ · 2 ℓ ǫ − 2 · s + 2 ℓ ǫ − 4 ) VZ13 O (2 5 ℓ ǫ − 2 · s ) Sk´ o16 O ( ℓ · 2 ℓ ǫ − 2 · s ) This work Lower Bound: Ω(2 ℓ ǫ − 2 ) queries to distinguishers Black-box simulation Query on the same input 5 / 18

  16. Applications: Leakage-Resilient Stream Cipher [DP08] Stream cipher: ( S i , X i ) := SC ( S i − 1 ) S q − 1 S 0 S 1 S 2 S i X 1 X 2 X i X q − 1 X q Λ 1 Λ 2 Λ i Λ q − 1 6 / 18

  17. Applications: Leakage-Resilient Stream Cipher [DP08] Stream cipher: ( S i , X i ) := SC ( S i − 1 ) S q − 1 S 0 S 1 S 2 S i X 1 X 2 X i X q − 1 X q Λ 1 Λ 2 Λ i Λ q − 1 6 / 18

  18. Applications: Leakage-Resilient Stream Cipher [DP08] Stream cipher: ( S i , X i ) := SC ( S i − 1 ) ( ǫ, s , ℓ, q ) leakage-resilient stream cipher: X q is ( ǫ, s ) pseudorandom given ( X 1 , . . . , X q − 1 , Λ 1 , . . . , Λ q − 1 ) S q − 1 S 0 S 1 S 2 S i X 1 X 2 X i X q − 1 X q Λ 1 Λ 2 Λ i Λ q − 1 6 / 18

  19. Applications: Leakage-Resilient Stream Cipher [DP08] Stream cipher: ( S i , X i ) := SC ( S i − 1 ) ( ǫ, s , ℓ, q ) leakage-resilient stream cipher: X q is ( ǫ, s ) pseudorandom given ( X 1 , . . . , X q − 1 , Λ 1 , . . . , Λ q − 1 ) “Only computation leaks”: Λ i = f i ( S i − 1 ) f i can be adaptively chosen, but | Λ i | ≤ ℓ ≪ | S 0 | S q − 1 S 0 S 1 S 2 S i X 1 X 2 X i X q − 1 X q Λ 1 Λ 2 Λ i Λ q − 1 6 / 18

  20. Applications: Leakage-Resilient Stream Cipher Leakage Resilient Stream Cipher [Pie09, JP14] Given ( ǫ F , s F ) wPRF F , the following stream cipher is ( ǫ, s ) secure in q rounds even when given ℓ bits of leakage per round. � ǫ = 4 q ǫ F 2 ℓ s = max { s : s h ( ǫ ′ , s , ℓ ) < s F } , where ǫ ′ = � ǫ F 2 ℓ Figure: leakage resilient stream cipher [Pie09] 7 / 18

  21. Applications: Leakage-Resilient Stream Cipher Leakage Resilient Stream Cipher [Pie09, JP14] Given ( ǫ F , s F ) wPRF F , the following stream cipher is ( ǫ, s ) secure in q rounds even when given ℓ bits of leakage per round. � ǫ F 2 ℓ ǫ = 4 q s = max { s : s h ( ǫ ′ , s , ℓ ) < s F } , where ǫ ′ = � ǫ F 2 ℓ Consider the setting in [Sk´ o16]: Security of F : s F /ǫ F = 2 256 Target stream cipher: q = 16 , ℓ = 3 , ǫ = 2 − 40 JP14 VZ13 Sk´ o16 this work 2 66 2 76 s 0 0 7 / 18

  22. Applications: Leakage-Resilient Stream Cipher Leakage Resilient Stream Cipher [Pie09, JP14] Given ( ǫ F , s F ) wPRF F , the following stream cipher is ( ǫ, s ) secure in q rounds even when given ℓ bits of leakage per round. � ǫ F 2 ℓ ǫ = 4 q s = max { s : s h ( ǫ ′ , s , ℓ ) < s F } , where ǫ ′ = � ǫ F 2 ℓ Consider the setting in [Sk´ o16]: Security of F : s F /ǫ F = 2 256 Target stream cipher: q = 16 , ℓ = 8 , ǫ = 2 − 40 JP14 VZ13 Sk´ o16 this work 2 36 2 65 s 0 0 7 / 18

  23. Boosting h T =update( h T − 1 , f T ) h i =update( h i − 1 , f i ) h 1 =update( h 0 , f 1 ) h T h 0 h 1 h i Distinguisher Simulator success f i f 1 Pr[ f 1 ( X , h 0 ( X )) = 1] − Pr[ f 1 ( X , Z ) = 1] > ǫ Pr[ f i ( X , h 1 ( X )) = 1] − Pr[ f i ( X , Z ) = 1] > ǫ Output h T 8 / 18

  24. Boosting h T =update( h T − 1 , f T ) h i =update( h i − 1 , f i ) h 1 =update( h 0 , f 1 ) h T h 0 h 1 h i Distinguisher Simulator success f i f 1 Pr[ f 1 ( X , h 0 ( X )) = 1] − Pr[ f 1 ( X , Z ) = 1] > ǫ Pr[ f i ( X , h 1 ( X )) = 1] − Pr[ f i ( X , Z ) = 1] > ǫ Output h T 8 / 18

  25. Boosting h T =update( h T − 1 , f T ) h i =update( h i − 1 , f i ) h 1 =update( h 0 , f 1 ) h T h 0 h 1 h i Distinguisher Simulator success f i f 1 Pr[ f 1 ( X , h 0 ( X )) = 1] − Pr[ f 1 ( X , Z ) = 1] > ǫ Pr[ f i ( X , h 1 ( X )) = 1] − Pr[ f i ( X , Z ) = 1] > ǫ Output h T 8 / 18

  26. Boosting h T =update( h T − 1 , f T ) h i =update( h i − 1 , f i ) h 1 =update( h 0 , f 1 ) h T h 0 h 1 h i Distinguisher Simulator success f i f 1 Pr[ f 1 ( X , h 0 ( X )) = 1] − Pr[ f 1 ( X , Z ) = 1] > ǫ Pr[ f i ( X , h 1 ( X )) = 1] − Pr[ f i ( X , Z ) = 1] > ǫ Output h T 8 / 18

  27. Boosting h T =update( h T − 1 , f T ) h i =update( h i − 1 , f i ) h 1 =update( h 0 , f 1 ) h T h 0 h 1 h i Distinguisher Simulator success f i f 1 Pr[ f 1 ( X , h 0 ( X )) = 1] − Pr[ f 1 ( X , Z ) = 1] > ǫ Pr[ f i ( X , h 1 ( X )) = 1] − Pr[ f i ( X , Z ) = 1] > ǫ Output h T 8 / 18

Recommend

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary National Headquarters Staff George Martin, Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free

1.12k views • 85 slides
Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis

Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited Yevgeniy Dodis New York University Joint work with Siyao Guo (Simons Institute, UC Berkeley) Jonathan Katz (University of Maryland) Hash Functions Are Ubiquitous

650 views • 40 slides
Example The sorting problems is defined as follows: n Input set: sequence of numbers &lt;a 1 ,

Example The sorting problems is defined as follows: n Input set: sequence of numbers &lt;a 1 ,

Advanced Programming Complexity Algorithms and Complexity Algorithm An algorithm is a calculation procedure (composed by a finite number of steps) which solves a certain problem, working on a set of input values and producing a set of output

381 views • 15 slides
VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George

VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George

VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George Martin Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free (866) 299 1286 10 th Floor Fax

392 views • 8 slides
Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research

Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting Zvika Brakerski Gil Segev Microsoft Research Weizmann Institute Silicon Valley Probabilistic Encryption Enc Semantic Security [GM82]: No

341 views • 14 slides
VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free (866) 299 1286 10 th Floor Fax (816) 931

461 views • 30 slides
input computing a function on all inputs input input input Sudoku Rubik s cube 2 3

input computing a function on all inputs input input input Sudoku Rubik s cube 2 3

3/4/17 Algorithms, complexity and P vs NP SURVEY Finding an efficient Can creativity be automated? method to solve SuDoku puzzles is: Slides by Avi Wigderson + Bernard Chazelle (with some extras) 1: A waste of time 2: A decent way to pass

77 views • 5 slides
Basics of Complexity Complexity = resources time space ink gates energy

Basics of Complexity Complexity = resources time space ink gates energy

Basics of Complexity Complexity = resources time space ink gates energy Complexity is a function Complexity = f (input size) Value depends on: problem encoding adj. list vs. adj matrix model of

326 views • 17 slides
Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer

Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer

Beaufort County School District Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer November 28, 2017 Auxiliary Services..its a team effort!!! Dr. Gregory A. McCord, Chief Auxiliary Services

190 views • 15 slides
Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop

Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop

Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop -- copula conj conjunct cc coordination ref -- referent subj subject nsubj nominal subject nsubjpass

1.18k views • 69 slides
Simulating Chromosome Segregation Qi Zheng Simulating Chromosome Segregation Qi Zheng

Simulating Chromosome Segregation Qi Zheng Simulating Chromosome Segregation Qi Zheng

High Performance Research Computing Simulating Chromosome Segregation Qi Zheng Simulating Chromosome Segregation Qi Zheng Department of Epidemiology &amp; Biostatistics, Texas A&amp;M University What motivated this study? The

211 views • 10 slides
Simulating Syst Simulating Systems in Gr ems in Ground V ound Vehicle hicle Design Design

Simulating Syst Simulating Systems in Gr ems in Ground V ound Vehicle hicle Design Design

Simulating Syst Simulating Systems in Gr ems in Ground V ound Vehicle hicle Design Design Frederic ederick J. k J. Ross ss Direct Director or, Gr , Ground T ound Transpor ansportation tation Agenda Ag Simulating Syst Simulat ng

306 views • 29 slides
Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module

Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module

Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module Tree-drepl d l T d l imports Tree-syntax Deep replacement: repla ace only occurrences close exports A bottom-up transformer that to the

183 views • 14 slides
Stack machines equiv. to CFG and CFL closure (Using slides adapted from the book) Simulating

Stack machines equiv. to CFG and CFL closure (Using slides adapted from the book) Simulating

Stack machines equiv. to CFG and CFL closure (Using slides adapted from the book) Simulating DFAs A stack machine can easily simulate any DFA Use the same input alphabet Use the states as stack symbols Use the start state

326 views • 29 slides
The I/O-Model Aggarwal and Vitter, The Input/Output Complexity of Sorting and Related Problems

The I/O-Model Aggarwal and Vitter, The Input/Output Complexity of Sorting and Related Problems

The I/O-Model Aggarwal and Vitter, The Input/Output Complexity of Sorting and Related Problems . Communications of the ACM, 31(9), p. 1116-1127, 1988. Page 1 Analysis of algorithms The standard model: Memory CPU Add : 1 unit of time

83 views • 7 slides
I/O Efficient Sorting Upper and Lower bounds Aggarwal and Vitter, The Input/Output Complexity

I/O Efficient Sorting Upper and Lower bounds Aggarwal and Vitter, The Input/Output Complexity

I/O Efficient Sorting Upper and Lower bounds Aggarwal and Vitter, The Input/Output Complexity of Sorting and Related Problems . Communications of the ACM, 31(9), p. 1116-1127, 1988. Page 1 Standard MergeSort Merge of two sorted sequences

266 views • 11 slides
Y TP YUKAWA INSTITUTE FOR THEORETICAL PHYSICS 1/21 Motivation Introduction Auxiliary Field

Y TP YUKAWA INSTITUTE FOR THEORETICAL PHYSICS 1/21 Motivation Introduction Auxiliary Field

Motivation Introduction Auxiliary Field Quantum Monte Carlo Methods Results Summary Acknowledgments Auxiliary-Field Monte Carlo method for strongly paired fermions Faisal Etminan M. M. Firoozabadi University of Birjand String and Fields

535 views • 21 slides
Simulating Search Strategies Simulating Search Strategies for Gnutella for Gnutella Chun Wai

Simulating Search Strategies Simulating Search Strategies for Gnutella for Gnutella Chun Wai

ENSC 835: HIGH-PERFORMANCE NETWORKS FINAL PROJECT PRESENTATIONS Fall 2003 Simulating Search Strategies Simulating Search Strategies for Gnutella for Gnutella Chun Wai Wai Chan Chan Chun http://www.sfu.ca/~cchany/ENSC835

463 views • 20 slides
Simulating What is Measured Closing the Loop between Experiment and Simulation Michael

Simulating What is Measured Closing the Loop between Experiment and Simulation Michael

Simulating What is Measured Closing the Loop between Experiment and Simulation Michael Bussmann, Axel Huebl Computational Radiation Physics Helmholtz-Center Dresden Rossendorf Xrays &amp; Lasers Simulating Matter when it is only

476 views • 22 slides
P and NP Evgenij Thorstensen V18 Evgenij Thorstensen P and NP V18 1 / 26 Recap We measure

P and NP Evgenij Thorstensen V18 Evgenij Thorstensen P and NP V18 1 / 26 Recap We measure

P and NP Evgenij Thorstensen V18 Evgenij Thorstensen P and NP V18 1 / 26 Recap We measure complexity of a DTM as a function of input size n . This complexity is a function t M ( n ) , the maximum number of steps the DTM needs on the input of

520 views • 30 slides
Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of

Complexity of DLs RWTH Aachen 1 Germany Complexity of DLs: Overview of the Complexity of Concept Consistency P (co-)NP PSpace ExpTime NExpTime ALC reg ALUN (NP) ALCN add regular roles without , (wrt acyc. TBoxes) ALC u only A ALN

745 views • 16 slides
t s Computability and Complexity Nabil Mustafa Nondeterministic Space Complexity Nabil Mustafa

t s Computability and Complexity Nabil Mustafa Nondeterministic Space Complexity Nabil Mustafa

The Problem REACHABILITY REACHABILITY Input: A directed graph G = ( V , E ), | V | = n , | E | = m , and two vertices s , t V Nondeterministic Space Complexity Question: Is there a directed path from s to t in G ? Nabil Mustafa t s

246 views • 6 slides
Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical

Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical

19th International Conference on Computational Statistics Giancarlo Diana, Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical results Auxiliary information A class of estimators The best

842 views • 52 slides
Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information

Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information

Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information and beyond Norman Poh Talk Outline Part I: Bayesian classifiers and decision theory Part II: Sources of auxiliary information Biometric

916 views • 53 slides

More recommend