online offline or composition of protocols
play

Online/Offline OR Composition of -Protocols Michele Ciampi - PowerPoint PPT Presentation

Sep 26, 2023 •174 likes •1.03k views

Online/Offline OR Composition of -Protocols Michele Ciampi Alessandra Scafuro Giuseppe Persiano DIEM Boston University and DISA-MIS Universit di Salerno Northeastern University Universit di Salerno ITALY USA ITALY Luisa Siniscalchi Ivan

  1. Online/Offline OR Composition of ∑ -Protocols Michele Ciampi Alessandra Scafuro Giuseppe Persiano DIEM Boston University and DISA-MIS Università di Salerno Northeastern University Università di Salerno ITALY USA ITALY Luisa Siniscalchi Ivan Visconti DIEM DIEM Università di Salerno Università di Salerno ITALY ITALY

  2. Proofs of Knowledge (PoKs) A fundamental crypto tool with many applications Identification Schemes Simulation-Based Security E-Voting Systems … Useful in cryptography when the witness is protected: Witness Indistinguishable (WI), Witness Hiding (WH), Zero Knowledge (ZK) e.g., prove knowledge of one thing OR another thing OR … 2

  3. Proofs of Knowledge (PoKs) In theory In practice x ∈ L G NP-reduction x “(G, C) in R HAM ” WI Proof of Knowledge of Hamiltonicity [Blum86, L apidot S hamir 90 ] P V m 1 m 2 m 3 3

  4. Proofs of Knowledge (PoKs) In theory In practice x ∈ L ∑ -protocol for R G NP-reduction x “(G, C) in R HAM ” “(x, y) in R Dlog ” e.g. Discret Log [Schnorr89]) WI Proof of Knowledge of Hamiltonicity [Blum86, L apidot S hamir 90 ] x= g y V P g r P V m 1 c m 2 r+cy m 3 3

  5. Proofs of Knowledge (PoKs) Observation: neither [LS90] Observation: [LS90] and [Schnorr89] need the nor In theory theorem and witness only in [Schnorr89] need theorem+ In practice the last round witness x ∈ L ∑ -protocol for R G NP-reduction x “(G, C) in R HAM ” “(x, y) in R Dlog ” e.g. Discret Log [Schnorr89]) WI Proof of Knowledge of Hamiltonicity [Blum86, L apidot S hamir 90 ] x= g y V P g r P V m 1 c m 2 r+cy m 3 3

  6. ∑ -protocol for relation R x V P (w) a c z 4

  7. ∑ -protocol for relation R x V P (w) Completeness a c z 4

  8. ∑ -protocol for relation R x V P (w) Completeness a c SHVZK Sim(x,c) ⇒ z 4

  9. ∑ -protocol for relation R x V P (w) Completeness a a’ c SHVZK Sim(x,c) ⇒ c z z’ 4

  10. ∑ -protocol for relation R x V P (w) Completeness a a’ z’ ≡ c SHVZK Sim(x,c) ⇒ c z 4

  11. ∑ -protocol for relation R x V P (w) Completeness a a’ z’ ≡ c SHVZK Sim(x,c) ⇒ c z Special Soundness 4

  12. ∑ -protocol for relation R x V P (w) Completeness a a’ z’ ≡ c SHVZK Sim(x,c) ⇒ c z Special Soundness x , ( a c z) w: ( x ,w) ∈ R x , ( a c’ z’) 4

  13. R 0 OR R 1 5

  14. R 0 OR R 1 In theory In practice G (x 0 V x 1 ) Consider the ∑ -protocols 𝛵 0 NP-reduction and 𝛵 1 for R 0 and R 1 and “(G, C) in R HAM ” WI Proof of Knowledge of Hamiltonicity compile them using [Blum86, LS90] [ C ramer D amgard S choenmakers 94 ] P V In both cases you get 3 rounds, WI and PoK 5

  15. R 0 OR R 1 : The Gap In theory In practice G (x 0 V x 1 ) Consider the ∑ -protocols 𝛵 0 NP-reduction and 𝛵 1 for R 0 and R 1 and “(G, C) in R HAM ” WI Proof of Knowledge of Hamiltonicity compile them using [Blum86, LS90 ] [ C ramer D amgard S choenmakers 94 ] P V 6

  16. R 0 OR R 1 : The Gap In theory In practice G (x 0 V x 1 ) Consider the ∑ -protocols 𝛵 0 NP-reduction and 𝛵 1 for R 0 and R 1 and “(G, C) in R HAM ” WI Proof of Knowledge of Hamiltonicity compile them using [Blum86, LS90 ] [ C ramer D amgard S choenmakers 94 ] P V No need to know any theorem x 0 and x 1 are needed already already at the 1 rd round at the 1 rd round 6

  17. R 0 OR R 1 : The Gap In theory In practice [CDS94] [LS90] Delayed-Input Completeness Completeness 7

  18. Delayed-Input Completeness P V a c 8

  19. Delayed-Input Completeness x (w) P V a c 8

  20. Delayed-Input Completeness x (w) P V a c z 8

  21. R 0 OR R 1 : The Gap In theory In practice [CDS94] [LS90] Delayed-Input Completeness Completeness Proof of Knowledge Adaptive-Input Proof of Knowledge 9

  22. Adaptive-Input PoK x P * Extractor a c 10

  23. Adaptive-Input PoK x P * Extractor a c z 10

  24. Adaptive-Input PoK x P * Extractor a x (a,c,z) 10

  25. Adaptive-Input PoK x’ P * Extractor a x (a,c,z) c’ 10

  26. Adaptive-Input PoK x’ P * Extractor a x (a,c,z) c’ x’ (a,c’,z’) z’ 10

  27. Adaptive-Input PoK x’ P * Extractor a x (a,c,z) c’ x’ (a,c’,z’) z’ w witness for x 10

  28. R 0 OR R 1 : The Gap In theory In practice [CDS94] [LS90] Delayed-Input Completeness Completeness Adaptive-Input Proof of Knowledge Proof of Knowledge Adaptive-Input Witness Indistinguishable Witness Indistinguishable 11

  29. Adaptive-Input WI V * P a c 12

  30. Adaptive-Input WI (x,w 1 ,w 2 ) (w b ) V * P a c w 1 ,w 2 witnesses for x 12

  31. Adaptive-Input WI (x,w 1 ,w 2 ) (w b ) V * P a c z w 1 ,w 2 witnesses for x 12

  32. R 0 OR R 1 : The Gap In theory In practice [CDS94] [LS90] Delayed-Input Completeness Completeness Adaptive-Input Proof of Knowledge Proof of Knowledge Adaptive-Input Witness Indistinguishable Witness Indistinguishable Assumption: OWP Assumption: none 13

  33. R 0 OR R 1 : The Gap In theory In practice [CDS94] [LS90] Delayed-Input Completeness Completeness Adaptive-Input Proof of Knowledge Proof of Knowledge Adaptive-Input Witness Indistinguishable Witness Indistinguishable Assumption: OWP Assumption: none Requires NP-reduction and gives No NP-reduction and gives Computational WI Perfect WI 14

  34. R 0 OR R 1 : The Gap In theory In practice [CDS94] [LS90] Delayed-Input Completeness Completeness Adaptive-Input Proof of Knowledge Proof of Knowledge Adaptive-Input Witness Indistinguishable Witness Indistinguishable Assumption: OWP Assumption: none Requires NP-reduction and gives No NP-reduction and gives Computational WI Perfect WI Applicable to All NP Restricted to ∑ -protocols 15

  35. R 0 OR R 1 The Gap A larger protocols using [CDS94] instead of [LS90] may have a worse round complexity 16

  36. R 0 OR R 1 The Gap A larger protocols using [CDS94] instead of [LS90] may have a worse round complexity e.g. [Pass – Eurocrypt 03], [KaOs – Crypto 04], [YuZh – Eurocrypt 07][ScVi – Eurocrypt 12]… 16

  37. R 0 OR R 1 The Gap A larger protocols using [CDS94] instead of [LS90] may have a worse round complexity e.g. [Pass – Eurocrypt 03], [KaOs – Crypto 04], [YuZh – Eurocrypt 07][ScVi – Eurocrypt 12]… Recently Delayed-Input completeness is widely used [GMPP16 – tomorrow], [Kiayias0Z15 – CCS15], [BBKPV16 – eprint]… 16

  38. Our Results 1) From PoK to Adaptive-Input PoK 2) Bridging the gap 17

  39. Our First Result: from PoK to Adaptive-Input PoK ∑ -Protocols (in general) are not Adaptive-Input PoK P* Extractor g r c c’ z=r+cy x= g y z’=r+c’y’ x’= g y’ Issue observed in [ B ernhard P ereira W arinschi 12 ] about the weak Fiat-Shamir transform 18

  40. Our Transform From PoK to Adaptive-Input PoK P V g r’ g r c z=r’+c r z=r+cy x= g y 19

  41. Our Transform From PoK to Adaptive-Input PoK P V g r’ g r c z=r’+c r z=r+cy x= g y 19

  42. Our Transform From PoK to Adaptive-Input PoK P V g r’ g r c z=r’+c r z=r+cy x= g y Our transform applies to the class described in [ C ramer 96 , M aurer 15 , C ramer D amgard 98 ] e.g. Schnorr, Guillou–Quisquater, Diffie–Hellman, Multiplication proof for pedersen commitments, … 19

  43. Our Results 1) From PoK to Adaptive-Input PoK 2) Bridging the gap 20

  44. R 0 OR R 1 : Bridging the Gap In theory In practice [LS90] [CDS94] This work [CPS + TCC 2016-A] 21

  45. R 0 OR R 1 : Bridging the Gap In theory In practice [LS90] [CDS94] Delayed-Input Completeness Completeness This work [CPS + TCC 2016-A] Delayed-Input Completeness: All input 
 Semi-Delayed Input Completeness ∑ -protocols have to be Delayed-Input 21

  46. R 0 OR R 1 : Bridging the Gap In theory In practice [LS90] [CDS94] Delayed-Input Completeness Completeness Adaptive-Input PoK Proof of Knowledge This work [CPS + TCC 2016-A] Delayed-Input Completeness: All input 
 Semi-Delayed Input Completeness ∑ -protocols have to be Delayed-Input Proof of Knowledge Proof of Knowledge 21

  47. R 0 OR R 1 : Bridging the Gap In theory In practice [LS90] [CDS94] Delayed-Input Completeness Completeness Adaptive-Input PoK Proof of Knowledge Adaptive-Input WI Witness Indistinguishable This work [CPS + TCC 2016-A] Delayed-Input Completeness: All input 
 Semi-Delayed Input Completeness ∑ -protocols have to be Delayed-Input Proof of Knowledge Proof of Knowledge Semi-Adaptive Input WI: one of two instances is Adaptive-Input WI adaptively chosen by V* 21

  48. R 0 OR R 1 : Bridging the Gap In theory In practice [LS90] [CDS94] Delayed-Input Completeness Completeness Adaptive-Input PoK Proof of Knowledge Adaptive-Input WI Witness Indistinguishable Assumption: OWP Assumption: none This work [CPS + TCC 2016-A] Delayed-Input Completeness: All input 
 Semi-Delayed Input Completeness ∑ -protocols have to be Delayed-Input Proof of Knowledge Proof of Knowledge Semi-Adaptive Input WI: one of two instances is Adaptive-Input WI adaptively chosen by V* Assumption: DDH Assumption: none 21

Recommend

5.1 Online versus Offline SVMs We start with a review of the Offline Support Vector Machine.

5.1 Online versus Offline SVMs We start with a review of the Offline Support Vector Machine.

CS/CNS/EE 253: Advanced Topics in Machine Learning Topic: Running time analysis for Offline and Online Optimization Lecturer: Andreas Krause Scribe: Chris Kennelly Date: Jan. 20, 2010 5.1 Online versus Offline SVMs We start with a review of the

443 views • 4 slides
On the Composition of Public- - On the Composition of Public Coin Zero- -Knowledge Protocols

On the Composition of Public- - On the Composition of Public Coin Zero- -Knowledge Protocols

On the Composition of Public- - On the Composition of Public Coin Zero- -Knowledge Protocols Knowledge Protocols Coin Zero Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktrm (KTH) 1 Zero Knowledge [GMR85] Zero

613 views • 22 slides
PLEASE CHECK-IN Strategic Online/Offline Campaigns Sent to Customers and/or Prospects What Do I

PLEASE CHECK-IN Strategic Online/Offline Campaigns Sent to Customers and/or Prospects What Do I

PLEASE CHECK-IN Strategic Online/Offline Campaigns Sent to Customers and/or Prospects What Do I mean by Online/Offline? Online: Using email marketing software, we send campaigns to your existing email list. Online: Using email

1.13k views • 85 slides
Update on offline resources at CERN and some news on: database for logging online processing

Update on offline resources at CERN and some news on: database for logging online processing

Update on offline resources at CERN and some news on: database for logging online processing benchmarking Elisabetta Pennacchio, IPNL WA105 TB-SB joint meeting, April 12 th 2017 1 1 Outline: 1. personal working space Offline

216 views • 20 slides
Automated Composition of Security Protocols ela 1 , Iosif Ignat 2 and Haller Piroska 1 Genge B 1

Automated Composition of Security Protocols ela 1 , Iosif Ignat 2 and Haller Piroska 1 Genge B 1

Overview Introduction & Motivation Composition Experimental results Conclusion Automated Composition of Security Protocols ela 1 , Iosif Ignat 2 and Haller Piroska 1 Genge B 1 Petru Maior University of T argu Mure s, Romania

683 views • 33 slides
From offline to online: Retaining quality while transferring an established survey ASC - Smart

From offline to online: Retaining quality while transferring an established survey ASC - Smart

From offline to online: Retaining quality while transferring an established survey ASC - Smart research technology for cost- conscious times 27 th April 2012 Background Shared\Execs\Tim Barber\My Documents\Powerpoint\Ofcom\J11426 Online

766 views • 43 slides
Successful Online and Offline Cleaning of Steam Turbines With and Without Disassembly Successful

Successful Online and Offline Cleaning of Steam Turbines With and Without Disassembly Successful

Successful Online and Offline Cleaning of Steam Turbines With and Without Disassembly Successful Online and Offline Cleaning of Steam Turbines With and Without Disassembly Bladimir Gomez Supervisor, Rotating Equipment Engineering PDVSA CRP

354 views • 21 slides
2018 Offline and Online Media Trends BMAP General Membership Meeting Jay G. Bautista April 20,

2018 Offline and Online Media Trends BMAP General Membership Meeting Jay G. Bautista April 20,

2018 Offline and Online Media Trends BMAP General Membership Meeting Jay G. Bautista April 20, 2018 Topics for today Advertising Highlights Offline Media Trends Television Radio Print Out of Home Online

819 views • 66 slides
The Challenges of Online Trust For online and offline business Alex Todd, President, Trust

The Challenges of Online Trust For online and offline business Alex Todd, President, Trust

The Challenges of Online Trust For online and offline business Alex Todd, President, Trust Enabling Strategies McMaster World Congress 2005 1 Why do we still not trust the Internet? 2 Internet Trends 200 175 Users Growth Usage 150

566 views • 28 slides
Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is

Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is

Reasoning about Byzantine Protocols Ilya Sergey ilyasergey.net Why Distributed Consensus is difficult? Arbitrary message delays (asynchronous network) Independent parties (nodes) can go offline (and also back online) Network

1.29k views • 72 slides
Online vs. Offline Wire Posi/ons Tyler Alion Mike Wallbank

Online vs. Offline Wire Posi/ons Tyler Alion Mike Wallbank

Online vs. Offline Wire Posi/ons Tyler Alion Mike Wallbank July 30, 2012 1 Z Plane Havent looked into matching up y ranges. Online z

487 views • 6 slides
FPGA Implementation of an Asynchronous Processor with Both Online and Offline Testing

FPGA Implementation of an Asynchronous Processor with Both Online and Offline Testing

FPGA Implementation of an Asynchronous Processor with Both Online and Offline Testing Capabilities Nikolaos Minas Matthew Marshall Gordon Russell Alex Yakovlev Outline Introduction. Error Detection/Correction overview. Information

730 views • 27 slides
Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of

Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of

Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of Rochester Some slides borrowed from Manoj, Huijia, Abhishek and Rafael Secure Multi-party Computation [Yao,Goldreich-Micali-Wigderson] Goal: Allow a

652 views • 63 slides
Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon.

Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon.

anonymize Anon. Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon. trace) parse TCP assembly Enc. Key decrypt Offline Online encrypt Encrypted Raw Data capture Capture Hardware Closed-box VM anonymize

838 views • 40 slides
A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos

A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos

A Formal Model and Composition Language for Context-Aware Service Protocols A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos Canal, Ernesto Pimentel, Gwen Sala un University of M alaga, Spain

603 views • 10 slides
+ Online and Offline Experiences of Aggression and Bullying: Views from Adolescents in the UK and

+ Online and Offline Experiences of Aggression and Bullying: Views from Adolescents in the UK and

+ Online and Offline Experiences of Aggression and Bullying: Views from Adolescents in the UK and South Africa Dr. Maa Popovac Presented at the World Anti-Bullying Forum, 2017 Stockholm, Sweden + Definitions Cyberaggression vs.

632 views • 34 slides
Offline First @caolan Unlike the always-wired machines of the past, computers are now truly

Offline First @caolan Unlike the always-wired machines of the past, computers are now truly

Offline First @caolan Unlike the always-wired machines of the past, computers are now truly personal, and people move through online and offline seamlessly our apps should do the same More often than not, the mobile experience for a

1.48k views • 124 slides
The use of parallel corpora in linguistics Annemarie Verkerk Translation: Online and offline,

The use of parallel corpora in linguistics Annemarie Verkerk Translation: Online and offline,

The use of parallel corpora in linguistics Annemarie Verkerk Translation: Online and offline, losses and gains Nijmegen, June 25-26 2012 Parallel corpus a collection of texts that are all translations of a single original text that is made

598 views • 18 slides
Remarks on Vertical Restraints Offline & Online Ali Hortasu Department of Economics

Remarks on Vertical Restraints Offline & Online Ali Hortasu Department of Economics

Remarks on Vertical Restraints Offline & Online Ali Hortasu Department of Economics University of Chicago VR 1.0: Pro-competitive? Vertical contracts and/or integration help align incentives of upstream and downstream entities In

807 views • 25 slides
A game about hunting monsters Online and Offline Play Hunt increasingly difficult enemies Boss

A game about hunting monsters Online and Offline Play Hunt increasingly difficult enemies Boss

A game about hunting monsters Online and Offline Play Hunt increasingly difficult enemies Boss Monsters Made by Capcom Popular in both Eastern and Western Areas 16+ Mature Game Free Online Play (Well, No extra Costs) Challenging Gameplay S

192 views • 8 slides
Webinar agenda Online/Offline: How Technology Can Empower Local Refugee Communities 1.

Webinar agenda Online/Offline: How Technology Can Empower Local Refugee Communities 1.

Webinar agenda Online/Offline: How Technology Can Empower Local Refugee Communities 1. Presentation by Alan Vernon, Project Lead, Connectivity for Refugees, UNHCR, the UN Refugee Agency (Washington DC) 2. Interview by Josephine Goube, Chief

1.86k views • 23 slides
From Offline Long-Run to Online Short-Run: Exploring A New Approach of Hybrid Systems Model

From Offline Long-Run to Online Short-Run: Exploring A New Approach of Hybrid Systems Model

From Offline Long-Run to Online Short-Run: Exploring A New Approach of Hybrid Systems Model Checking for MDPnP Tao Li*, Qixin Wang*, Feng Tan*, Lei Bu, Jian-nong Cao*, Xue Liu, Yufei Wang*, Rong Zheng *The Hong Kong Polytechnic Univ. CPS Week

1.04k views • 66 slides
SURVIVING CRAPPY INTERNET Anouk Ruhaak @anoukruhaak BETWEEN OFFLINE AND ONLINE SPEED

SURVIVING CRAPPY INTERNET Anouk Ruhaak @anoukruhaak BETWEEN OFFLINE AND ONLINE SPEED

SURVIVING CRAPPY INTERNET Anouk Ruhaak @anoukruhaak BETWEEN OFFLINE AND ONLINE SPEED RELIABILITY LATENCY BANDWIDTH PACKET LOSS LATENCY Time it takes to connect to the server. 2G TUESDAYS MAC Network Link Conditioner:

562 views • 30 slides
Composition of Password-based Protocols ephanie Delaune 1 , Steve Kremer 1 and Mark Ryan 2 St 1

Composition of Password-based Protocols ephanie Delaune 1 , Steve Kremer 1 and Mark Ryan 2 St 1

Composition of Password-based Protocols ephanie Delaune 1 , Steve Kremer 1 and Mark Ryan 2 St 1 LSV, ENS de Cachan, CNRS & INRIA, France 2 School of Computer Science, University of Birmingham, UK CSF08, Pittsburgh June 2008

403 views • 27 slides

More recommend