the usefulness of sparsifiable inputs how to avoid
play

The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential - PowerPoint PPT Presentation

Jun 09, 2023 •425 likes •909 views

The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential iO Thomas Agrikola 1 Geoffroy Couteau 2 Dennis Hofheinz 3 1 Karlsruhe Institute of Technology (KIT), Germany 2 IRIF, Paris-Diderot University, CNRS, France 3 ETH Zurich, Switzerland

  1. The Usefulness of Sparsifiable Inputs: How to Avoid Subexponential iO Thomas Agrikola 1 Geoffroy Couteau 2 Dennis Hofheinz 3 1 Karlsruhe Institute of Technology (KIT), Germany 2 IRIF, Paris-Diderot University, CNRS, France 3 ETH Zurich, Switzerland May 12, 2020

  2. Introduction Indistinguishability obfuscation (IO) is a method to transform a program into an unintelligible one maintaining the original functionality. P 1 ≡ P 2 iO iO iO ( P 1 ) iO ( P 2 ) ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 1 / 15

  3. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] iO [CLTV15] [FHHL18] Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO Introduction Recap Doubly probabilistic IO Applications Conclusion 2 / 15

  4. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] ◮ But what can we do iO [CLTV15] [FHHL18] from polynomial iO ? Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO Introduction Recap Doubly probabilistic IO Applications Conclusion 2 / 15

  5. Related work on removing subexp. IO ◮ Previous approaches to avoid subexponential reductions to iO: replace iO with functional encryption, [GS16; GPSZ17; LZ17; KLMR18] ◮ short signatures ◮ universal samplers ◮ non-interactive multiparty key exchange ◮ trapdoor one-way permutations ◮ multi-key functional encryption ◮ . . . Introduction Recap Doubly probabilistic IO Applications Conclusion 3 / 15

  6. Related work on removing subexp. IO ◮ Previous approaches to avoid subexponential reductions to iO: replace iO with functional encryption, [GS16; GPSZ17; LZ17; KLMR18] ◮ short signatures ◮ universal samplers ◮ non-interactive multiparty key exchange ◮ trapdoor one-way permutations ◮ multi-key functional encryption ◮ . . . ◮ But the supported operations are relatively restricted Introduction Recap Doubly probabilistic IO Applications Conclusion 3 / 15

  7. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] ◮ But what can we do iO [CLTV15] [FHHL18] from polynomial iO ? Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO piO abstraction Introduction Recap Doubly probabilistic IO Applications Conclusion 4 / 15

  8. Applications of iO encryption Functional adaptive MPC Succinct ◮ We can build almost anything from iO . [GGHRS+13] [CsW19; ACIJS20] IO for Turing Deniable encryption machines [SW14] [KLW15] ◮ But what can we do iO [CLTV15] [FHHL18] from polynomial iO ? Graded encoding Fully homomorphic [DHRW16] [BGI16] schemes encryption [DN18] Homomorphic secret sharing Spooky encryption Universal proxy re-encryption poly reduction to iO subexp reduction to iO piO abstraction Introduction Recap Doubly probabilistic IO Applications Conclusion 4 / 15

  9. Probabilistic IO iO compiles programs into unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  10. Probabilistic IO iO compiles programs into unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  11. Probabilistic IO iO compiles programs into piO compiles randomized unintelligible ones, while programs into deterministic preserving their functionality . unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  12. Probabilistic IO iO compiles programs into piO compiles randomized unintelligible ones, while programs into deterministic preserving their functionality . unintelligible ones, while preserving their functionality . x x x x deterministic piO iO iO ( P ) piO ( P ) P P P ( x ) P ( x ) P ( x ; r ) P ( x ; r ′ ) functionally “functionally equivalent indistinguishable” P 1 ≡ P 2 P 1 ≈ P 2 piO piO iO iO iO ( P 1 ) iO ( P 2 ) piO ( P 1 ) piO ( P 2 ) ≈ ≈ Introduction Recap Doubly probabilistic IO Applications Conclusion 5 / 15

  13. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  14. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” ◮ Captures a vast class of programs, e.g. P 1 ( x ; r ) P 2 ( x ; r ) ≈ return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  15. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” ◮ Captures a vast class of programs, e.g. P 1 ( x ; r ) P 2 ( x ; r ) ≈ return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) ◮ Strategy due to Canetti et al., [CLTV15]: ◮ derive random coins from input x via PRF( K , x ) r := PRF( x ) piO ( P ) iO return P ( x ; r ) Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  16. Why does piO require subexponential iO ? ◮ Programs are only required to be “functionally indistinguishable” ◮ Captures a vast class of programs, e.g. P 1 ( x ; r ) P 2 ( x ; r ) ≈ return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) ◮ Strategy due to Canetti et al., [CLTV15]: ◮ derive random coins from input x via PRF( K , x ) r := PRF( x ) piO ( P ) iO return P ( x ; r ) ◮ use iO to obfuscate this deterministic program Introduction Recap Doubly probabilistic IO Applications Conclusion 6 / 15

  17. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  18. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently � direct (polynomial) reduction to iO won’t work Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  19. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently � direct (polynomial) reduction to iO won’t work ◮ Use a “one-input-at-a-time” hybrid argument for all possible inputs ◮ this includes the randomness Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  20. Construction of piO due to Canetti et al., [CLTV15] piO construction: Example: P 1 ( x ; r ) P 2 ( x ; r ) ≈ r := PRF( x ) return Enc ( pk , x ; r ) return Enc ( pk , 0; r ) return P ( x ; r ) ◮ But iO security can only be applied if circuits behave fully identically ◮ in our example, P 1 and P 2 behave very differently � direct (polynomial) reduction to iO won’t work ◮ Use a “one-input-at-a-time” hybrid argument for all possible inputs ◮ this includes the randomness � Our goal: reduce number of hybrids to a polynomial amount Introduction Recap Doubly probabilistic IO Applications Conclusion 7 / 15

  21. Main tool – Extremely lossy functions ◮ Extremely lossy functions (ELFs) due to Zhandry, [Zha16] offer two indistinguishable modes: injective mode extremely lossy mode image size exponential image size polynomial Introduction Recap Doubly probabilistic IO Applications Conclusion 8 / 15

Recommend

Evaluating Usefulness of Software Metrics An Industrial Experience Report @EricBouwers

Evaluating Usefulness of Software Metrics An Industrial Experience Report @EricBouwers

Evaluating Usefulness of Software Metrics An Industrial Experience Report @EricBouwers @avandeursen @jstvssr Identify Define Validate attributes metrics metrics Validity versus Usefulness Does it measure What can we do what we want to

339 views • 23 slides
C++ Basics Announcements Lab 1 this week! Homework posted Friday (will be on gradescope) Avoid

C++ Basics Announcements Lab 1 this week! Homework posted Friday (will be on gradescope) Avoid

C++ Basics Announcements Lab 1 this week! Homework posted Friday (will be on gradescope) Avoid errors To remove your program of bugs, you should try to test your program on a wide range of inputs Typically it is useful to start with a small

800 views • 48 slides
Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs

Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs

1 2 3 4 5 6 A Inputs and Outputs Objects with Analog Inputs A io.sch analog.sch Objects with Digital Inputs Other Symbols B B digital.sch other.sch Objects with Mixed Inputs C C mixed.sch Snaiks Kicad Library Presentation

234 views • 6 slides
Machine Learning Regression Where we are Inputs Prob- Density ability Estimator Inputs

Machine Learning Regression Where we are Inputs Prob- Density ability Estimator Inputs

10-701 Machine Learning Regression Where we are Inputs Prob- Density ability Estimator Inputs Predict Classifier category Inputs Predict Regressor Today real no. Choosing a restaurant In everyday life we need to make

630 views • 31 slides
INPUT THE INPUTS ON THE ARDUINO READ VOLTAGE. ALL INPUTS NEED TO BE THOUGHT OF IN TERMS OF

INPUT THE INPUTS ON THE ARDUINO READ VOLTAGE. ALL INPUTS NEED TO BE THOUGHT OF IN TERMS OF

INPUT THE INPUTS ON THE ARDUINO READ VOLTAGE. ALL INPUTS NEED TO BE THOUGHT OF IN TERMS OF VOLTAGE DIFFERENTIALS. THE ANALOG INPUTS CONVERT VOLTAGE LEVELS TO A NUMERICAL VALUE. PULL-UP (OR DOWN) RESISTOR Often it is useful to steer an

539 views • 31 slides
Software size measures and their usefulness for software project estimation Software Size

Software size measures and their usefulness for software project estimation Software Size

Software size measures and their usefulness for software project estimation Software Size Measures and their usefulness for software project estimation Harold van Heeringen Sogeti Nederland B.V., Senior Software Cost Engineer San Diego (CA,

779 views • 32 slides
Draft EE 8235: Lecture 15 1 Lecture 15: Systems with inputs Input types Additive inputs

Draft EE 8235: Lecture 15 1 Lecture 15: Systems with inputs Input types Additive inputs

Draft EE 8235: Lecture 15 1 Lecture 15: Systems with inputs Input types Additive inputs Boundary inputs Input-output mappings Transfer function Frequency response Impulse response Abstract evolution equation for

218 views • 10 slides
Session Presentation: The Usefulness and Limitations of Using Evaluation to Improve the

Session Presentation: The Usefulness and Limitations of Using Evaluation to Improve the

Session Presentation: The Usefulness and Limitations of Using Evaluation to Improve the Management of Conservation Programs: Experiences from Evaluations of the Fish and Wildlife Service's National Wildlife Refuge and Endangered Species

543 views • 21 slides
12. Principles of Parameter Estimation The purpose of this lecture is to illustrate the usefulness

12. Principles of Parameter Estimation The purpose of this lecture is to illustrate the usefulness

12. Principles of Parameter Estimation The purpose of this lecture is to illustrate the usefulness of the various concepts introduced and studied in earlier lectures to practical problems of interest. In this context, consider the problem of

354 views • 19 slides
OrbiVib Std Profibus DP interface 2 Digital inputs with

OrbiVib Std Profibus DP interface 2 Digital inputs with

OrbiVib Std Profibus DP interface 2 Digital inputs with encoder function 2 Relay outputs 8 PT100 temperature inputs External Dual axis accelerometer

76 views • 6 slides
Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch ,

Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch ,

Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch , D. Ramos Castro , J. Gonz guez , alez Rodr Christian Rathgeb , Christoph Busch Hochschule Darmstadt, CRISP, CASED, da/sec

1.24k views • 57 slides
Forensic IT Chartered Institute of Management Accountants (CIMA) Enhancing the usefulness of

Forensic IT Chartered Institute of Management Accountants (CIMA) Enhancing the usefulness of

Forensic IT Chartered Institute of Management Accountants (CIMA) Enhancing the usefulness of Investigations with Computer Forensics April 2014 Michael Khoury Clear Wealth Pty Ltd v Kwong (No 2) [2012] NSWSC 1233 Whilst I accept that Mr

414 views • 16 slides
Understanding usefulness of IT in business Aim Determine learning objectives for use of the

Understanding usefulness of IT in business Aim Determine learning objectives for use of the

INF 3280, 4 Feb 2016 Understanding usefulness of IT in business Aim Determine learning objectives for use of the application Assignment 1 Make Business oriented models Core literature: Chapter 3 Learning business fit

340 views • 8 slides
Automated Metadata, Provenance Cataloging and Navigable Interfaces: Ensuring the Usefulness of

Automated Metadata, Provenance Cataloging and Navigable Interfaces: Ensuring the Usefulness of

Automated Metadata, Provenance Cataloging and Navigable Interfaces: Ensuring the Usefulness of Extreme-Scale Data David Schissel, Gheni Abla, Bobby Chanthavong, Sean Flanagan, Xia Lee General Atomics Alex Romosan, Arie Shoshani - LBNL

360 views • 19 slides
The usefulness of Ion Mobility-Mass Spectrometry for Small Molecules Analysis J. Far a ,

The usefulness of Ion Mobility-Mass Spectrometry for Small Molecules Analysis J. Far a ,

The usefulness of Ion Mobility-Mass Spectrometry for Small Molecules Analysis J. Far a , S. Goscinny b , L. Joly a,b , R. Touilloux a , J. Echterbille a , L. Quinton a , G. Eppe a and E.

571 views • 21 slides
In this video Why do we avoid inversions? Why do we avoid inversions? Three main reasons:

In this video Why do we avoid inversions? Why do we avoid inversions? Three main reasons:

In this video Why do we avoid inversions? Why do we avoid inversions? Three main reasons: 1) lack of understanding how to do them safely 2) fear of falling 3) fear of injury Headstand magic People who love headstand really

240 views • 7 slides
The usefulness of oncoplastic breast surgery with rotation flap supercharged with lateral thoracic

The usefulness of oncoplastic breast surgery with rotation flap supercharged with lateral thoracic

The usefulness of oncoplastic breast surgery with rotation flap supercharged with lateral thoracic artery perforator in partial mastectomy defect Chilgok Kyungpook National University Hospital Dong Hun Choi Jung Dug Yang* 1 Introduction

388 views • 20 slides
for the current situation A large scale UK longitudinal household survey and its usefulness for

for the current situation A large scale UK longitudinal household survey and its usefulness for

Research findings of Type of contact and ethnic identity and its implication for the current situation A large scale UK longitudinal household survey and its usefulness for ethnicity and migration research Alita Nandi University of

1.44k views • 90 slides
User-Centered Design Usability and Usefulness Normans Model of Interaction UI Design

User-Centered Design Usability and Usefulness Normans Model of Interaction UI Design

User-Centered Design Usability and Usefulness Normans Model of Interaction UI Design Principles Don Norman, The Design of Everyday Things What innovation made watching television easier? 2 http://www.tvhistory.tv 3 4 Devices capability

450 views • 32 slides
User-Centered Design Usability and Usefulness Normans Model of Interaction UI Design

User-Centered Design Usability and Usefulness Normans Model of Interaction UI Design

User-Centered Design Usability and Usefulness Normans Model of Interaction UI Design Principles Don Norman, The Design of Everyday Things What innovation made watching television easier? 2 http://www.tvhistory.tv 3 4 Devices

551 views • 32 slides
Another example of truth table Logic function: 3 inputs : A, B, C 3 outputs : D, E, F

Another example of truth table Logic function: 3 inputs : A, B, C 3 outputs : D, E, F

Another example of truth table Logic function: 3 inputs : A, B, C 3 outputs : D, E, F D = T if at least 1 input is T E = T if 2 inputs are T F = T if 3 inputs are T Truth tables Completely describe any function

116 views • 10 slides
Evolving Technique Update Cup positioning to avoid Metalosis Bone preparation to avoid Failure of

Evolving Technique Update Cup positioning to avoid Metalosis Bone preparation to avoid Failure of

OS ET 2017 Bellagio Las Vegas Evolving Technique Update Cup positioning to avoid Metalosis Bone preparation to avoid Failure of Ingrowth Thomas Gross 8:52 AM 33 #1 Preventing Metalosis in Hip Resurfacing using RAIL guidelines and NS IOR

344 views • 33 slides
Pilot study of the German innovAge internet platform for carers: discussing usefulness and virtual

Pilot study of the German innovAge internet platform for carers: discussing usefulness and virtual

Funded by the European Commission's Seventh Framework Programme FP7-HEALTH-2012-INNOVATION-1/No 306058 Pilot study of the German innovAge internet platform for carers: discussing usefulness and virtual social support B. Salzmann, M.Soc., H.

505 views • 17 slides
The Usefulness of Capsule Endoscopy David J. Hass, MD, FACG Assistant Clinical Professor of

The Usefulness of Capsule Endoscopy David J. Hass, MD, FACG Assistant Clinical Professor of

The Usefulness of Capsule Endoscopy David J. Hass, MD, FACG Assistant Clinical Professor of Medicine Yale University School of Medicine Gastroenterology Center of Connecticut Obscure Gastrointestinal Bleeding ASGE Technology Status Evaluation

1.08k views • 68 slides

More recommend