structure preserving smooth projective hashing
play

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline - PowerPoint PPT Presentation

Oct 26, 2022 •476 likes •940 views

Structure Preserving Smooth Projective Hashing Olivier Blazy , Cline Chevalier O. Blazy (Xlim) (SP)2H 1 / 25 Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25 Global

  1. Structure Preserving Smooth Projective Hashing Olivier Blazy , Céline Chevalier O. Blazy (Xlim) (SP)2H 1 / 25

  2. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  3. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  4. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  5. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 2 / 25

  6. Global Framework 1 Motivation Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 3 / 25

  7. Conditional Actions Oblivious Transfer Database User C ( line ) ← − − − − − − − − − − − − − − − DB [ line ] − − − − − − − − − − − − − − − → � The User learns the value of line but nothing else � The Database learns nothing O. Blazy (Xlim) (SP)2H 4 / 25

  8. Conditional Actions Password Authenticated Key Exchange Bob Alice f ( pw A ) ← − − − − − − − − − − − − − − − f ( pw B , f A ) − − − − − − − − − − − − − − − → � The Users obtain the same key iff their passwords match � An Adversary learns nothing O. Blazy (Xlim) (SP)2H 5 / 25

  9. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  10. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  11. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  12. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  13. UC Requirements for Adaptive Corruptions First flow should be extractable First flow should be equivocable Memory should be adapted accordingly Memory as a scalar No real trapdoor possible � Partial Erasure is the only way Memory as a group element Allows extra trapdoor O. Blazy (Xlim) (SP)2H 6 / 25

  14. Global Framework 1 Cryptographic Tools 2 Encryption Scheme Smooth Projective Hash Function Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 7 / 25

  15. Definition (Encryption Scheme) E = ( Setup , KeyGen , Encrypt , Decrypt ) : Setup ( K ) : param; KeyGen ( param ) : public encryption key pk, private decryption key dk; Encrypt ( pk , m ; r ) : encrypts m ∈ M in c using pk; Decrypt ( dk , c ) : decrypts c under dk. Indistinguishability under Chosen Ciphertext Attack O. Blazy (Xlim) (SP)2H 8 / 25

  16. Definition (Smooth Projective Hash Functions) [CS02] Let { H } be a family of functions: X , domain of these functions L , subset (a language) of this domain such that, for any point x in L , H ( x ) can be computed by using either a secret hashing key hk: H ( x ) = Hash L ( hk ; x ) ; or a public projected key hp: H ′ ( x ) = ProjHash L ( hp ; x , w ) Public mapping hk �→ hp = ProjKG L ( hk , x ) O. Blazy (Xlim) (SP)2H 9 / 25

  17. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) (SP)2H 10 / 25

  18. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) (SP)2H 10 / 25

  19. Properties For any x ∈ X , H ( x ) = Hash L ( hk ; x ) For any x ∈ L , H ( x ) = ProjHash L ( hp ; x , w ) w witness that x ∈ L Smoothness For any x �∈ L , H ( x ) and hp are independent Pseudo-Randomness For any x ∈ L , H ( x ) is pseudo-random, without a witness w O. Blazy (Xlim) (SP)2H 10 / 25

  20. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 O. Blazy (Xlim) (SP)2H 11 / 25

  21. Definition (Structure Preserving Smooth Projective Hash Functions) X = G k ∗ , L � G k ∗ such that, for any point x in L , H ( x ) can be computed as: H ( x ) = Hash L ( hk ; x ) ∈ G T ; H ′ ( x ) = ProjHash L ( hp ; x , w ) hp , x , w are group elements O. Blazy (Xlim) (SP)2H 12 / 25

  22. Definition (Structure Preserving Smooth Projective Hash Functions) X = G k ∗ , L � G k ∗ such that, for any point x in L , H ( x ) can be computed as: H ( x ) = Hash L ( hk ; x ) ∈ G T ; H ′ ( x ) = ProjHash L ( hp ; x , w ) hp , x , w are group elements O. Blazy (Xlim) (SP)2H 12 / 25

  23. Why? Witnesses can now be Group Elements This means, compatible with Groth Sahai Proofs (QA-NIZK, . . . ) Witnesses can now have trapdoors O. Blazy (Xlim) (SP)2H 13 / 25

  24. Why? Witnesses can now be Group Elements This means, compatible with Groth Sahai Proofs (QA-NIZK, . . . ) Witnesses can now have trapdoors O. Blazy (Xlim) (SP)2H 13 / 25

  25. Retro-Compatibilty SPHF SP-SPHF Word u [ ω ⊙ Γ( u )] 1 [ ω ⊙ Γ( u )] 1 Witness w ω Λ = [ f ⊙ ω ] 2 hk λ λ hp = [ γ ( u )] 1 [Γ( u ) ⊙ λ ] 1 [Γ( u ) ⊙ λ ] 1 Hash ( hk , u ) [Θ( u ) ⊙ λ ] 1 [ f ⊙ Θ( u ) ⊙ λ ] T ProjHash ( hp , u , w ) [ ω ⊙ γ ( u )] 1 [ Λ ⊙ γ ( u )] T O. Blazy (Xlim) (SP)2H 14 / 25

  26. SPHF SP-SPHF h r , g r h r , g r DH g r Witness w r 2 hk λ, µ λ, µ h λ g µ h λ g µ hp ( h r ) λ ( g r ) µ e (( h r ) λ ( g r ) µ , g 2 ) Hash ( hk , u ) hp r e ( hp , g r ProjHash ( hp , u , w ) 2 ) Figure: Example of conversion of classical SPHF into SP-SPHF O. Blazy (Xlim) (SP)2H 15 / 25

  27. Global Framework 1 Cryptographic Tools 2 Structure-Preserving SPHF 3 Applications 4 Generic Constructions SPHF-friendly UC Commitment Efficiency MDDH O. Blazy (Xlim) (SP)2H 16 / 25

  28. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) (SP)2H 17 / 25

  29. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) (SP)2H 17 / 25

  30. Oblivious Transfer [Rab81] A user U wants to access a line ℓ in a database D composed of t of them: U learns nothing more than the value of the line ℓ D does not learn which line was accessed by U Correctness: if U request a single line, he learns it Security Notions Oblivious: D does not learn which line was accessed ; Semantic Security: U does not learn any information about the other lines. O. Blazy (Xlim) (SP)2H 17 / 25

  31. Generic 1-out-of- t Oblivious Transfer (Simplified) User U picks ℓ : Computes C = Encrypt ( ℓ ; s ) with a UC commit SPHF friendly ( d being the decommit information). He sends C and keeps d while erasing the rest. For each line L j , server S computes hk j , hp j , and H j = Hash L j ( hk j , C ) , M j = H j ⊕ L j and sends M j , hp j . For the line ℓ , user computes H ′ ℓ = ProjHash L ℓ ( hp ℓ , C , d ) , and then L ℓ = M ℓ ⊕ H ′ ℓ O. Blazy (Xlim) (SP)2H 18 / 25

  32. Generic 1-out-of- t Oblivious Transfer (Simplified) User U picks ℓ : Computes C = Encrypt ( ℓ ; s ) with a UC commit SPHF friendly ( d being the decommit information). He sends C and keeps d while erasing the rest. For each line L j , server S computes hk j , hp j , and H j = Hash L j ( hk j , C ) , M j = H j ⊕ L j and sends M j , hp j . For the line ℓ , user computes H ′ ℓ = ProjHash L ℓ ( hp ℓ , C , d ) , and then L ℓ = M ℓ ⊕ H ′ ℓ O. Blazy (Xlim) (SP)2H 18 / 25

Recommend

Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . .

Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . .

KDM-Security via Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . . key-dependent message security. [ Black Rogaway Shrimpton 02 ] this work. unifying framework with a simple proof of security enc pk ( sk )

955 views • 44 slides
Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective

Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective

Irrationality of quotient varieties Urban Jezernik University of the Basque Country Funded by EU Horizon 2020 under MScgrant 748129 Whichvarieties are birational to Ph rational Difficult problem k x k ti Tn smooth projective variety X rk

756 views • 28 slides
The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties

The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties

The monodromy theorem for compact K ahler manifolds and smooth quasi-projective varieties Yongqiang (Ted) Liu (Joint work with Nero Budur and Botong Wang) KU Leuven Geometry, Algebra and Combinatorics of Moduli Spaces and Configurations

551 views • 40 slides
Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing? Distribute key/value pairs across bins with a hash function , Hashing Performance Hashing (Application of Probability) which maps elements from

497 views • 3 slides
Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota

Structure-preserving numerical methods in relativity Douglas N. Arnold, University of Minnesota Advances and Challenges in Computational Relativity September 14, 2020 ICERM Structure-preserving discretization Structure-preserving

502 views • 49 slides
Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting Design a hashtable Identify the applications that require the hashtable data structure Understand the terminology of hashtables Distinguish between

319 views • 14 slides
Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi

Cryptographic Reverse Firewall via Malleable Smooth Projective Hash Functions Rongmao Chen, Yi Mu, Guomin Yang , Willy Susilo, Fuchun Guo and Mingwu Zhang Asiacrypt 2016, Hanoi Outline n Background n Cryptographic Reverse Firewall n Part

639 views • 52 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.25k views • 98 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.5k views • 58 slides
Sparse similarity-preserving hashing Jonathan Masci , Alex M. Bronstein, Michael M. Bronstein,

Sparse similarity-preserving hashing Jonathan Masci , Alex M. Bronstein, Michael M. Bronstein,

Sparse similarity-preserving hashing Jonathan Masci , Alex M. Bronstein, Michael M. Bronstein, Pablo Sprechmann, Guillermo Sapiro The Swiss AI Lab. IDSIA University of Lugano, Switzerland Tel Aviv University Duke University ICLR 2014 1 / 30

422 views • 30 slides
Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with

Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with

Enumerating the Fake Projective Planes Donald CARTWRIGHT University of Sydney Joint work with Tim STEGER University of Sassari Luminy, 25 February - 1 March 2018. 1 A fake projective plane is a smooth compact complex surface, not

716 views • 47 slides
Lecture 8 HASHING!!!!! Announcements HW3 due Friday! HW4 posted Friday! Today: hashing

Lecture 8 HASHING!!!!! Announcements HW3 due Friday! HW4 posted Friday! Today: hashing

Lecture 8 HASHING!!!!! Announcements HW3 due Friday! HW4 posted Friday! Today: hashing # 1 NIL 22 2 NIL 13 43 3 NIL 9 9 NIL n=9 buckets Outline Hash tables are another sort of data structure that allows fast

966 views • 59 slides
Lecture #2: Advanced hashing and concentration bounds o Bloom filters o Cuckoo hashing o Load

Lecture #2: Advanced hashing and concentration bounds o Bloom filters o Cuckoo hashing o Load

outline Lecture #2: Advanced hashing and concentration bounds o Bloom filters o Cuckoo hashing o Load balancing o Tail bounds Bloom filters Idea: For the sake of efficiency, sometime we allow our data structure to make mistakes Bloom filter:

712 views • 68 slides
Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview Intro to Hashing Hashing with Chaining Hashing Performance Hash Families Balls and Bins Load Balancing Universal Hashing

726 views • 18 slides
Advanced Algorithms COMS31900 Hashing part one Chaining, true randomness and universal

Advanced Algorithms COMS31900 Hashing part one Chaining, true randomness and universal

Advanced Algorithms COMS31900 Hashing part one Chaining, true randomness and universal hashing Rapha el Clifford Slides by Benjamin Sach and Markus Jalsenius Dictionaries In a dictionary data structure we store ( key , value ) -pairs

1.56k views • 98 slides
Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point:

Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point:

Computer Vision Mid-Level Vision Projective Geometry The projective projection of a 3D point: For the fundamental matrix: Ambiguity Projective ambiguity 2D projective plane Ideal points: Conics FIVE POINTS DEFIN E A CONIC Dual conics

519 views • 31 slides
Database Systems Index: Hashing Based on slides by Feifei Li, University of Utah Hashing n

Database Systems Index: Hashing Based on slides by Feifei Li, University of Utah Hashing n

Database Systems Index: Hashing Based on slides by Feifei Li, University of Utah Hashing n Hash-based indexes are best for equality selections . Cannot support range searches. n Static and dynamic hashing techniques exist. 2 Static Hashing n #

454 views • 41 slides
Autocalibration from Planar Scenes Projective Direction Frames Camera calibration + Euclidean

Autocalibration from Planar Scenes Projective Direction Frames Camera calibration + Euclidean

Simpler, more direct formulation of theory of autocalibration Autocalibration from Planar Scenes Projective Direction Frames Camera calibration + Euclidean structure + motion from a moving projective Planar Autocalibration 5

450 views • 19 slides
Last time 6.891 Computer Vision and Applications Projective SFM Projective spaces Prof.

Last time 6.891 Computer Vision and Applications Projective SFM Projective spaces Prof.

Last time 6.891 Computer Vision and Applications Projective SFM Projective spaces Prof. Trevor. Darrell Cross ratio Factorization algorithm Lecture 11: Model-based vision Hypothesize and test Euclidean upgrade

481 views • 11 slides
Projective superspace Ariunzul Davgadorj Masaryk University, Czech Republic New Frontiers in

Projective superspace Ariunzul Davgadorj Masaryk University, Czech Republic New Frontiers in

Motivation for using Projective superspace Review of Projective superspace Super Yang-Mills theory in Projective superspace framework Summary Projective superspace Ariunzul Davgadorj Masaryk University, Czech Republic New Frontiers in String

519 views • 24 slides
Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Algorithm : Design & Analysis Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed Address Hashing Open Address Hashing Hash Functions Array Doubling and Amortized Analysis Union-Find

618 views • 33 slides
Hashing () Hashing () K08

Hashing () Hashing () K08

Hashing () Hashing () K08 / 1 Ecient implementation

828 views • 56 slides
Structure preserving treatment of PCP-palindromic eigenvalue problems Christian Schr oder DFG

Structure preserving treatment of PCP-palindromic eigenvalue problems Christian Schr oder DFG

Structure preserving treatment of PCP-palindromic eigenvalue problems Christian Schr oder DFG Research Center Matheon , TU Berlin 8th GAMM Workshop Applied and Numerical Linear Algebra TU Harburg, 11. September 2008 Joint work with H.

769 views • 41 slides
Lecture 8: Hashing I Lecture Overview Dictionaries and Python Motivation Prehashing

Lecture 8: Hashing I Lecture Overview Dictionaries and Python Motivation Prehashing

Lecture 8 Hashing I 6.006 Fall 2011 Lecture 8: Hashing I Lecture Overview Dictionaries and Python Motivation Prehashing Hashing Chaining Simple uniform hashing Good hash functions Dictionary Problem Abstract

452 views • 21 slides

More recommend