privately constraining and programming prfs the lwe way
play

Privately Constraining and Programming PRFs, the LWE Way Chris - PowerPoint PPT Presentation

Jan 11, 2023 •305 likes •916 views

Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018 1 / 15 Constrained Pseudorandom Functions [KPTZ13,BW13,BGI14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 / 15 Constrained

  1. Privately Constraining and Programming PRFs, the LWE Way Chris Peikert Sina Shiehian PKC 2018 1 / 15

  2. Constrained Pseudorandom Functions [KPTZ’13,BW’13,BGI’14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 / 15

  3. Constrained Pseudorandom Functions [KPTZ’13,BW’13,BGI’14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 For any constraint C ∈ C , can generate a constrained key sk C (using msk ). 2 / 15

  4. Constrained Pseudorandom Functions [KPTZ’13,BW’13,BGI’14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 For any constraint C ∈ C , can generate a constrained key sk C (using msk ). 3 Constrained evaluation algorithm CEval ( sk C , x ) . 2 / 15

  5. Constrained Pseudorandom Functions [KPTZ’13,BW’13,BGI’14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 For any constraint C ∈ C , can generate a constrained key sk C (using msk ). 3 Constrained evaluation algorithm CEval ( sk C , x ) . Correctness ◮ If C ( x ) = 0 (“authorized”) then CEval ( sk C , x ) = Eval ( msk, x ) . 2 / 15

  6. Constrained Pseudorandom Functions [KPTZ’13,BW’13,BGI’14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 For any constraint C ∈ C , can generate a constrained key sk C (using msk ). 3 Constrained evaluation algorithm CEval ( sk C , x ) . Correctness ◮ If C ( x ) = 0 (“authorized”) then CEval ( sk C , x ) = Eval ( msk, x ) . Security c ◮ If C ( x ) = 1 (“unauth”) then Eval ( msk, x ) ≈ random (even w/ sk C ). 2 / 15

  7. Constrained Pseudorandom Functions [KPTZ’13,BW’13,BGI’14] 1 Ordinary evaluation algorithm Eval ( msk, x ) . 2 For any constraint C ∈ C , can generate a constrained key sk C (using msk ). 3 Constrained evaluation algorithm CEval ( sk C , x ) . Correctness ◮ If C ( x ) = 0 (“authorized”) then CEval ( sk C , x ) = Eval ( msk, x ) . Security c ◮ If C ( x ) = 1 (“unauth”) then Eval ( msk, x ) ≈ random (even w/ sk C ). ◮ Applications: uses of iO [SW’14] , ID-based key exchange, broadcast encryption, . . . 2 / 15

  8. Privacy and Programmability [BonehLewiWu’17] ◮ Ordinarily, a constrained key sk C may reveal C . (It hides only the PRF output at unauthorized x .) 3 / 15

  9. Privacy and Programmability [BonehLewiWu’17] ◮ Ordinarily, a constrained key sk C may reveal C . (It hides only the PRF output at unauthorized x .) Privacy (a.k.a. Constraint Hiding) ◮ Constrained key sk C reveals nothing about C . In particular, it hides whether x is (un)authorized. 3 / 15

  10. Privacy and Programmability [BonehLewiWu’17] ◮ Ordinarily, a constrained key sk C may reveal C . (It hides only the PRF output at unauthorized x .) Privacy (a.k.a. Constraint Hiding) ◮ Constrained key sk C reveals nothing about C . In particular, it hides whether x is (un)authorized. ◮ Applications: searchable encryption, function secret sharing [BGI’15] . 3 / 15

  11. Privacy and Programmability [BonehLewiWu’17] ◮ Ordinarily, a constrained key sk C may reveal C . (It hides only the PRF output at unauthorized x .) Privacy (a.k.a. Constraint Hiding) ◮ Constrained key sk C reveals nothing about C . In particular, it hides whether x is (un)authorized. ◮ Applications: searchable encryption, function secret sharing [BGI’15] . Programmability ◮ Can program sk C to produce a desired value at some unauthorized x ∗ . (Nontrivial only if unauthorized x are hidden.) 3 / 15

  12. Privacy and Programmability [BonehLewiWu’17] ◮ Ordinarily, a constrained key sk C may reveal C . (It hides only the PRF output at unauthorized x .) Privacy (a.k.a. Constraint Hiding) ◮ Constrained key sk C reveals nothing about C . In particular, it hides whether x is (un)authorized. ◮ Applications: searchable encryption, function secret sharing [BGI’15] . Programmability ◮ Can program sk C to produce a desired value at some unauthorized x ∗ . (Nontrivial only if unauthorized x are hidden.) ◮ Applications: watermarking PRFs, ???. 3 / 15

  13. Prior Results BLW’17 Private constrained PRFs for all functions, & programmable PRFs, from iO . 4 / 15

  14. Prior Results BLW’17 Private constrained PRFs for all functions, & programmable PRFs, from iO . BKM’17 Private constrained PRFs for point functions, from LWE. 4 / 15

  15. Prior Results BLW’17 Private constrained PRFs for all functions, & programmable PRFs, from iO . BKM’17 Private constrained PRFs for point functions, from LWE. CC’17 Private constrained PRFs for NC 1 circuits, from LWE. 4 / 15

  16. Prior Results BLW’17 Private constrained PRFs for all functions, & programmable PRFs, from iO . BKM’17 Private constrained PRFs for point functions, from LWE. CC’17 Private constrained PRFs for NC 1 circuits, from LWE. BTVW’17 Private constrained PRFs for all circuits, from LWE. 4 / 15

  17. Prior Results BLW’17 Private constrained PRFs for all functions, & programmable PRFs, from iO . BKM’17 Private constrained PRFs for point functions, from LWE. CC’17 Private constrained PRFs for NC 1 circuits, from LWE. BTVW’17 Private constrained PRFs for all circuits, from LWE. Caveat! Limited to one constrained key. Two keys for arbitrary circuits ⇒ iO [CC’17] 4 / 15

  18. Prior Results BLW’17 Private constrained PRFs for all functions, & programmable PRFs, from iO . BKM’17 Private constrained PRFs for point functions, from LWE. CC’17 Private constrained PRFs for NC 1 circuits, from LWE. BTVW’17 Private constrained PRFs for all circuits, from LWE. Caveat! Limited to one constrained key. Two keys for arbitrary circuits ⇒ iO [CC’17] Open Programmable PRFs from a non- iO assumption. 4 / 15

  19. Our Results Main Message ◮ A unified approach to private constrained and programmable PRFs from LWE: shift-hiding functions. ◮ Simple, modular constructions via the ‘right’ choice of shift function. 5 / 15

  20. Our Results Main Message ◮ A unified approach to private constrained and programmable PRFs from LWE: shift-hiding functions. ◮ Simple, modular constructions via the ‘right’ choice of shift function. Constructions 1 Shift-hiding functions from LWE by standard FHE/ABE/PE tech [GSW’13,BGG+’14,GVW’15] 5 / 15

  21. Our Results Main Message ◮ A unified approach to private constrained and programmable PRFs from LWE: shift-hiding functions. ◮ Simple, modular constructions via the ‘right’ choice of shift function. Constructions 1 Shift-hiding functions from LWE by standard FHE/ABE/PE tech [GSW’13,BGG+’14,GVW’15] 2 Private constrained & programmable PRFs, simply by letting shift = constraint × (pseudo)random function 5 / 15

  22. Our Results Main Message ◮ A unified approach to private constrained and programmable PRFs from LWE: shift-hiding functions. ◮ Simple, modular constructions via the ‘right’ choice of shift function. Constructions 1 Shift-hiding functions from LWE by standard FHE/ABE/PE tech [GSW’13,BGG+’14,GVW’15] 2 Private constrained & programmable PRFs, simply by letting shift = constraint × (pseudo)random function In particular, the first programmable PRFs from non- iO assumptions. 5 / 15

  23. Our Results Main Message ◮ A unified approach to private constrained and programmable PRFs from LWE: shift-hiding functions. ◮ Simple, modular constructions via the ‘right’ choice of shift function. Constructions 1 Shift-hiding functions from LWE by standard FHE/ABE/PE tech [GSW’13,BGG+’14,GVW’15] 2 Private constrained & programmable PRFs, simply by letting shift = constraint × (pseudo)random function In particular, the first programmable PRFs from non- iO assumptions. Selectively simulation-secure, for a priori bounded-size functions. 5 / 15

  24. Shift-Hiding Functions ⇓ Private/Programmable PRFs 6 / 15

  25. Main Tool: Shift-Hiding Functions 1 Ordinary evaluation algorithm Eval ( msk, · ): X → Z q . 7 / 15

  26. Main Tool: Shift-Hiding Functions 1 Ordinary evaluation algorithm Eval ( msk, · ): X → Z q . 2 Shifting algorithm sk H ← Shift ( msk, H ) for shift fct H : X → Z q . 7 / 15

  27. Main Tool: Shift-Hiding Functions 1 Ordinary evaluation algorithm Eval ( msk, · ): X → Z q . 2 Shifting algorithm sk H ← Shift ( msk, H ) for shift fct H : X → Z q . 3 Shifted evaluation algorithm SEval ( sk H , · ): X → Z q . 7 / 15

  28. Main Tool: Shift-Hiding Functions 1 Ordinary evaluation algorithm Eval ( msk, · ): X → Z q . 2 Shifting algorithm sk H ← Shift ( msk, H ) for shift fct H : X → Z q . 3 Shifted evaluation algorithm SEval ( sk H , · ): X → Z q . Shifting ◮ For every shift function H and every x ∈ X : SEval ( sk H , x ) ≈ Eval ( msk, x ) + H ( x ) (mod q ) 7 / 15

  29. Main Tool: Shift-Hiding Functions 1 Ordinary evaluation algorithm Eval ( msk, · ): X → Z q . 2 Shifting algorithm sk H ← Shift ( msk, H ) for shift fct H : X → Z q . 3 Shifted evaluation algorithm SEval ( sk H , · ): X → Z q . Shifting ◮ For every shift function H and every x ∈ X : SEval ( sk H , x ) ≈ Eval ( msk, x ) + H ( x ) (mod q ) Hiding ◮ sk H reveals nothing about H . 7 / 15

  30. Shift-Hiding Functions ⇒ Private Constrained PRFs ◮ F ( msk, x ) := ⌊ Eval ( msk, x ) ⌉ , where ⌊·⌉ : Z q → Z 2 “rounds off.” 8 / 15

  31. Shift-Hiding Functions ⇒ Private Constrained PRFs ◮ F ( msk, x ) := ⌊ Eval ( msk, x ) ⌉ , where ⌊·⌉ : Z q → Z 2 “rounds off.” ◮ To generate a constrained key for circuit C , define shift function H ( x ) = C ( x ) · PRF k ( x ) and output sk C ← Shift ( msk, H ) . This hides H , hence C (and k ). 8 / 15

Recommend

On the (Im)possibility of Privately Outsourcing Linear Programming 26.10.13 1 / 25 Linear

On the (Im)possibility of Privately Outsourcing Linear Programming 26.10.13 1 / 25 Linear

On the (Im)possibility of Privately Outsourcing Linear Programming 26.10.13 1 / 25 Linear programming Suppose a brewery produces ale and beer . It uses three type of resources: corn , hops , and malt . Each beverage requires

592 views • 44 slides
Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery Ananth Raghunathan Stanford University Pseudorandom Functions (PRFs) x { 0 , 1 } R k K x k PRF PRF( k , x ) x Rand Rand(

565 views • 23 slides
Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Idaho Section Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1. Why Privately Develop Managed Aquifer Recharge? 2. What are: Recharge Development Corporation

406 views • 22 slides
Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis d 1 ,

Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis d 1 ,

Towards Fresh Re-Keying with Leakage-Resilient PRFs: Cipher Design Principles and Analysis d 1 , F. De Santis 2 , 3 , J. Heyszl 4 , S. Mangard 3 , S. Bela M. Medwed 5 , J.-M. Schmidt 6 , F.-X. Standaert 7 , S. Tillich 8 1 Ecole Normale Sup

754 views • 29 slides
Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed,

Towards Super-Exponential Side-Channel Security with Efficient Leakage-Resilient PRFs M. Medwed, F.-X. Standaert , A. Joux NXP & UCL Crypto Group & Univ. Versailles CHES 2012, Leuven, Belgium SCA security (implementation level) 1 SCA

857 views • 70 slides
Constraining Dark Matter Properties From A Gamma-Ray Detection S ergio Palomares-Rui z Centro de

Constraining Dark Matter Properties From A Gamma-Ray Detection S ergio Palomares-Rui z Centro de

Constraining Dark Matter Properties From A Gamma-Ray Detection S ergio Palomares-Rui z Centro de Fsica Terica de Partculas Instituto Superior Tcnico, Lisbon TeV Particle Astrophysics 2010 Paris, July 21, 2010 Constraining DM properties

415 views • 24 slides
CONSTRAINING NEUTRINOS WITH BBN (WITH A LITTLE HELP FROM THE CMB) GGI NEUTRINO

CONSTRAINING NEUTRINOS WITH BBN (WITH A LITTLE HELP FROM THE CMB) GGI NEUTRINO

CONSTRAINING NEUTRINOS WITH BBN (WITH A LITTLE HELP FROM THE CMB) GGI NEUTRINO WORKSHOP & SMIRNOV FEST Gary Steigman Departments of Physics and Astronomy Center for Cosmology and Astro-Particle Physics Ohio State

623 views • 33 slides
Constraining anomalous HVV interac2ons at proton and lepton

Constraining anomalous HVV interac2ons at proton and lepton

Constraining anomalous HVV interac2ons at proton and lepton colliders Yaofu Zhou Johns Hopkins University The 2014 Phenomenology Symposium May 5,

600 views • 28 slides
Range Extension for Weak PRFs Krzysztof Pietrzak (CWI Amsterdam) Johan Sj odin(ETH Z urich)

Range Extension for Weak PRFs Krzysztof Pietrzak (CWI Amsterdam) Johan Sj odin(ETH Z urich)

Range Extension for Weak PRFs Krzysztof Pietrzak (CWI Amsterdam) Johan Sj odin(ETH Z urich) (weak) pseudorandom functions F = {F 1 , F 2 , . . . } , F n : K n X n Y n is a pseudorandom function ( PRF) if F ( k , x ) can be

596 views • 48 slides
On constraining the spin of the MBH the GC via star orbits: the effects of stellar perturbations

On constraining the spin of the MBH the GC via star orbits: the effects of stellar perturbations

On constraining the spin of the MBH the GC via star orbits: the effects of stellar perturbations Zhang Fupeng, Sun Yat-sen University, China Collaborator: Lu, Youjun (NAOC), Yu, Qingjuan (PKU), Lorenzo Iorio (MIUR) 2016. 2. 11, Aspen Center for

650 views • 25 slides
Constraining the reionization era and inflation with the CMB polarization at large angular scales

Constraining the reionization era and inflation with the CMB polarization at large angular scales

Constraining the reionization era and inflation with the CMB polarization at large angular scales Anna Mangilli ! Institut dAstrophysique Spatiale & Laboratoire de lAcclrateur Linaire ! Orsay, Paris Sud LPSC Grenoble - January

787 views • 41 slides
Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic

Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic

Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic heavy-ion reactions A. Krasznahorkay, ATOMKI, Debrecen Introduction The neutronskin thickness ( r )

873 views • 30 slides
Constraining fossil fuel CO emissions by the joint assimilation of atmospheric CO and

Constraining fossil fuel CO emissions by the joint assimilation of atmospheric CO and

Constraining fossil fuel CO emissions by the joint assimilation of atmospheric CO and CO measurements Sourish Basu, John Miller, Scott Lehman A T M O S P N D H A E R C I I C N A A E D M C O I N L I S

549 views • 18 slides
Constraining the slope parameter of symmetry energy from nuclear structure International

Constraining the slope parameter of symmetry energy from nuclear structure International

Constraining the slope parameter of symmetry energy from nuclear structure International Symposium on Neutron Star Matter (NSMAT2016) - Recent Progress in Observations, Experiments and Theories - November 21 st 24 th , 2016 Tohoku

400 views • 12 slides
Constraining h s s at lepton colliders Matthias Schla ff er Weizmann Institute of Science

Constraining h s s at lepton colliders Matthias Schla ff er Weizmann Institute of Science

Constraining h s s at lepton colliders Matthias Schla ff er Weizmann Institute of Science based on ongoing work with: J. Duarte-Campderros, G. Perez, A. So ff er GGI, Florence August 2018 Gauge boson masses Higgs is main source of

525 views • 39 slides
Tagging strange jets & constraining h s s Matthias Schlaffer Weizmann Institute of

Tagging strange jets & constraining h s s Matthias Schlaffer Weizmann Institute of

Tagging strange jets & constraining h s s Matthias Schlaffer Weizmann Institute of Science based on: 1811.09636 (J. Duarte-Campderros, G. Perez, MS, A. Soffer) work in progress 4th NPKI workshop, Seoul May 2019 Gauge boson masses

589 views • 45 slides
Constraining the pulsar power in gamma-ray binaries through thermal X-ray emission V ctor

Constraining the pulsar power in gamma-ray binaries through thermal X-ray emission V ctor

Constraining the pulsar power in gamma-ray binaries through thermal X-ray emission V ctor Zabalza in collaboration with V. Bosch-Ramon and J.M. Paredes Departament dAstronomia i Meteorologia, Institut de Ci` encies del Cosmos (ICC),

920 views • 38 slides
Constraining the top Yukawa coupling from tt differential distributions in lepton+jets at 13 TeV

Constraining the top Yukawa coupling from tt differential distributions in lepton+jets at 13 TeV

CMS-PAS-TOP-17-004 Constraining the top Yukawa coupling from tt differential distributions in lepton+jets at 13 TeV Yi-Ting Duh (Brown University & University of Rochester) on behalf of the CMS Collaboration Young Scientist Forum 54th

719 views • 15 slides
Constraining Axion-Like Particles through Fifth-Force and EDM Limits Sonny Mantry University of

Constraining Axion-Like Particles through Fifth-Force and EDM Limits Sonny Mantry University of

Constraining Axion-Like Particles through Fifth-Force and EDM Limits Sonny Mantry University of North Georgia Theoretical issues and experimental opportunities in searches for time reversal invariance violation using neutrons University

678 views • 47 slides
Using block ciphers Review: PRPs and PRFs Dan Boneh Block

Using block ciphers Review: PRPs and PRFs Dan Boneh Block

Online Cryptography Course

581 views • 54 slides
Fictions, fluctuations and mean fields Pasi Huovinen Uniwersytet Wroc lawski Constraining

Fictions, fluctuations and mean fields Pasi Huovinen Uniwersytet Wroc lawski Constraining

Fictions, fluctuations and mean fields Pasi Huovinen Uniwersytet Wroc lawski Constraining the QCD Phase Boundary with Data from Heavy Ion Collisions February 12, 2018, GSI, Darmstadt in collaboration with Peter Petreczky, arXiv:1708.00879

389 views • 34 slides
Constraining Dark Matter with Background Light Sam McDermott Dec 5, LANL from 1309.4091, with

Constraining Dark Matter with Background Light Sam McDermott Dec 5, LANL from 1309.4091, with

Constraining Dark Matter with Background Light Sam McDermott Dec 5, LANL from 1309.4091, with Rouven Essig, Eric Kuflik, Tomer Volansky, and Kathryn Zurek and 1312.0608 with Ilias Cholis and Dan Hooper Prelude LUX sees nothing Is

730 views • 61 slides
Constraining the use of composite case cate- gories Workshop on Theoretical Morphology 4

Constraining the use of composite case cate- gories Workshop on Theoretical Morphology 4

Constraining the use of composite case cate- gories Workshop on Theoretical Morphology 4 Leipzig-Grobothen, June 20th, 2008 Thomas McFadden Universitt Stuttgart tom@ifla.uni-stuttgart.de 1 Introduction A common idea going back to

547 views • 20 slides
Constraining Lorentz Violation of Gravitational Waves with Lensing Adrian K.W. Chung and Tjonnie

Constraining Lorentz Violation of Gravitational Waves with Lensing Adrian K.W. Chung and Tjonnie

Introduction Method Parameter Estimation GW In CUHK Backup Slide Constraining Lorentz Violation of Gravitational Waves with Lensing Adrian K.W. Chung and Tjonnie G.F. Li 1 1 Department of Physics, The Chinese University of Hong Kong,

434 views • 17 slides

More recommend