Laconic Zero Knowledge to. Akshay Degwekar (MIT)
|
|
- Nora Gardner
- 5 years ago
- Views:
Transcription
1 Laconic Zero Knowledge to Public Key Cryptography Akshay Degwekar (MIT)
2 Public Key Encryption (PKE) [Diffie-Hellman76, Rivest-Shamir-Adelman78, Goldwasser-Micali82] sk pk Public Key Encryption ct = Enc pk (m) GOAL: Construct different public-key encryption schemes Number Theory Lattices
3 What structure+hardness implies public-key crypto?
4 Possible answers: NP-hardness No Crypto Known Some impossibility results [Brassard79, Feigenbaum-Fortnow93, Bogdanov- Trevisan03, Goldreich-Goldwasser98, AkaviaGoldreichGoldwasserMoshkovitz06] One-Way Functions Some barriers [Impagliazzo-Rudich89, Brakerski-Katz-Segev-Yerukhimovich11, Dachman-Soled16, Garg-Hajiabadi-Mahmoody-Mohammed18] SZK-hardness (SZK = Statistical Zero Knowledge) Implies OWFs [Ostrovsky91] Many problems in SZK imply PKE
5 Statistical Zero Knowledge (SZK) [Goldwasser-Micali-Rackoff85] Completeness: P * P V Soundness: Proof : All powerful P * Argument : Efficient P *
6 Honest-Verifier Statistical Zero Knowledge: [Goldwasser-Micali-Rackoff85] P V Simulator:
7 Statistical Zero Knowledge NP PKE from SZK-Hardness? Factoring DLog LWE QR SZK Graph Iso. Seems Challenging: Discrete Log, Graph Iso have SZK proofs but no PKE known. Need more Structure?
8 Example: Quadratic Non-Residuosity (Or: From GMR to GM) [Goldwasser-Micali82, Goldwasser-Micali-Rackoff85] (Honest-Verifier) Statistical Zero-Knowledge Proof Efficient Prover Prover talks very little Can sample hard instances w/ witnesses
9 Our Results: These Properties are Sufficient! ZK PROOF SYSTEM Public-Key Encryption + CRYPTO HARD LANGUAGE Implies One-Way Functions
10 Instantiations QR DDH LWE Low noise LPN ABW Factoring CDH Our Assumption PKE
11 Perspective: Relaxing the Assumption ZK PROOF SYSTEM + CRYPTO HARD LANGUAGE [Sahai-Vadhan03] [HaitnerNguyenOng ReingoldVadhan03]
12 Characterization WEAK ZK PROOF SYSTEM WEAK: soundness, completeness hold on average Public-Key Encryption + DISTRIBUTIONS CRYPTO HARD LANGUAGE
13 Summary Laconic, Efficient Prover, HVSZK ARGUMENT + CRYPTO HARD LANGUAGE Public Key Encryption
14 Techniques
15 Warmup: 2-Msg, Deterministic Prover * V * a.k.a Hash Proof System [Cramer-Shoup02]
16 Weak Key Agreement Correctness: Every verifier challenge has Every verifier challenge has unique prover response
17 Break average-case hardness Adv = Cheating Prover D V 0/1 soundness Contradiction. D breaks average-case hardness. Amplify from weak PKE to PKE using HolensteinRenner05
18 We saw: PKE from deterministic, 2-msg SZK Proof System. Challenges: Randomized Prover Multi-round Proof System Stateful Prover Lesser Challenges: Relaxing perfect ZK, perfect completeness
19 Coping with Randomized Provers Weak Security: Correctness: Our Assumption Trapdoor Pseudoentropy Generator PKE
20 Our Assumption Trapdoor Pseudoentropy Generator PKE Security: Adv can only sample from bigger dist. Formalized using pseudoentropy [HILL99]
21 Our Assumption Trapdoor Pseudoentropy Generator PKE Challenges: Many rounds [Ostrovsky 91] Terminate at random round. Stateful Prover Laconic. Rejection Sampling
22 Our Assumption Trapdoor Pseudoentropy Generator Amplification Theorem Technically difficult half Uses connections between Pseudorandomness & Unpredictability Ingredients from: OWFs => PRG (HILL99, VadhanZheng12) PKE
23 Conclusion and Open Problems Laconic, Efficient Prover, HVSZK ARGUMENT + CRYPTO HARD LANGUAGE Public Key Encryption Big Open Q: Design new PKE schemes
24 Thank You!
25 Trapdoor Pseudoentropy Generator Public Key Encryption Security: Gap between Decode & adversary Formalized using pseudoentropy [HILL99]
Multi-Theorem Preprocessing NIZKs from Lattices
Multi-Theorem Preprocessing NIZKs from Lattices Sam Kim and David J. Wu Stanford University Soundness: x L, P Pr P, V (x) = accept = 0 No prover can convince honest verifier of false statement Proof Systems
More informationBetter 2-round adaptive MPC
Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of MPC Adaptive corruptions: adversary adversary can decide can decide who to who corrupt to corrupt adaptively
More informationLecture 5: Zero Knowledge for all of NP
600.641 Special Topics in Theoretical Cryptography February 5, 2007 Lecture 5: Zero Knowledge for all of NP Instructor: Susan Hohenberger Scribe: Lori Kraus 1 Administrative The first problem set goes
More informationNotes for Lecture 24
U.C. Berkeley CS276: Cryptography Handout N24 Luca Trevisan April 21, 2009 Notes for Lecture 24 Scribed by Milosh Drezgich, posted May 11, 2009 Summary Today we introduce the notion of zero knowledge proof
More information6.897: Selected Topics in Cryptography Lectures 9 and 10. Lecturer: Ran Canetti
6.897: Selected Topics in Cryptography Lectures 9 and 10 Lecturer: Ran Canetti Highlights of past lectures Presented two frameworks for analyzing protocols: A basic framework: Only function evaluation
More informationEncryption from the Diffie-Hellman assumption. Eike Kiltz
Encryption from the Diffie-Hellman assumption Eike Kiltz Elliptic curve public-key crypto Key-agreement Signatures Encryption Diffie-Hellman 76 passive security ElGamal 84 passive security Hybrid DH (ECDH)
More informationZero-Knowledge Proofs
Zero-Knowledge Proofs Yevgeniy Dodis New York University Special thanks: Salil Vadhan Zero-Knowledge Proofs [GMR85] Interactive proofs that reveal nothing other than the validity of assertion being proven
More informationLecture 10, Zero Knowledge Proofs, Secure Computation
CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last
More informationLecture 14 Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze. 1 A Note on Adaptively-Secure NIZK. 2 The Random Oracle Model
CMSC 858K Advanced Topics in Cryptography March 11, 2004 Lecturer: Jonathan Katz Lecture 14 Scribe(s): Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze 1 A Note on Adaptively-Secure NIZK A close look
More informationLecture 6: ZK Continued and Proofs of Knowledge
600.641 Special Topics in Theoretical Cryptography 02/06/06 Lecture 6: ZK Continued and Proofs of Knowledge Instructor: Susan Hohenberger Scribe: Kevin Snow 1 Review / Clarification At the end of last
More informationMTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov October 31, 2005 Abstract Standard security assumptions (IND-CPA, IND- CCA) are explained. A number of cryptosystems
More informationResearch Statement. Computational Assumptions in Cryptography. Mohammad Mahmoody (August 2018)
Research Statement Mohammad Mahmoody (August 2018) My research is focused on foundations of cryptography, which is the the science of designing provably secure protocols based computationally intractable
More informationEfficient and Non-Malleable Proofs of Plaintext Knowledge and Applications
Efficient and Non-Malleable Proofs of Plaintext Knowledge and Applications (Extended Abstract ) Jonathan Katz Abstract We describe very efficient protocols for non-malleable (interactive) proofs of plaintext
More informationConcurrent Zero Knowledge without Complexity Assumptions
Concurrent Zero Knowledge without Complexity Assumptions Daniele Micciancio 1, Shien Jin Ong 2, Amit Sahai 3, and Salil Vadhan 2 1 University of California, San Diego, La Jolla CA 92093, USA daniele@cs.ucsd.edu
More informationOn the Composition of Public- Coin Zero-Knowledge Protocols. Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm(KTH)
On the Composition of Public- Coin Zero-Knowledge Protocols Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktröm(KTH) 1 Zero Knowledge [GMR85] Interactive protocol between a Proverand
More informationUniversally Composable Password-Based Key Exchange
Universally Composable Password-Based Key Exchange Ran Canetti 1, Shai Halevi 1, Jonathan Katz 2, Yehuda Lindell 3, and Phil MacKenzie 4 1 IBM T.J. Watson Research Center, Hawthorne, NY, USA. canetti@watson.ibm.com,
More informationEfficient and Non-malleable Proofs of Plaintext Knowledge and Applications
Efficient and Non-malleable Proofs of Plaintext Knowledge and Applications (Extended Abstract) Jonathan Katz Dept. of Computer Science, University of Maryland, College Park, MD jkatz@cs.umd.edu Abstract.
More informationEfficient Round Optimal Blind Signatures
Efficient Round Optimal Blind Signatures Sanjam Garg IBM T.J. Watson Divya Gupta UCLA Complexity Leveraging Highly theoretical tool Used to obtain feasibility results Gives inefficient constructions Is
More informationNew Constructions for UC Secure Computation using Tamper-proof Hardware
New Constructions for UC Secure Computation using Tamper-proof Hardware Nishanth Chandran Vipul Goyal Amit Sahai Department of Computer Science, UCLA {nishanth,vipul,sahai}@cs.ucla.edu Abstract The Universal
More informationCRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS
CRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS Yevgeniy Dodis, Kristiyan Haralambiev, Adriana Lopez-Alt and Daniel Wichs NYU NY Area Crypto Reading Group Continuous Leakage Resilience (CLR): A Brief History
More informationHomomorphic encryption (whiteboard)
Crypto Tutorial Homomorphic encryption Proofs of retrievability/possession Attribute based encryption Hidden vector encryption, predicate encryption Identity based encryption Zero knowledge proofs, proofs
More informationA public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks
A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks Jan Camenisch 1, Nishanth Chandran 2, and Victor Shoup 3 1 IBM Research, work funded
More informationIND-CCA2 secure cryptosystems, Dan Bogdanov
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results
More informationCryptography with Updates
Cryptography with Updates Slides and research in collaboration with: Prabhanjan Ananth UCLA Aloni Cohen MIT Abhishek Jain JHU Garbled Circuits C Offline: slow Online: fast x C(x) Garbled Circuits C Offline:
More informationCryptography. and Network Security. Lecture 0. Manoj Prabhakaran. IIT Bombay
Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this course: Cryptography as used in network security Humans, Societies, The World Network Hardware OS Libraries Programs
More informationStateless Cryptographic Protocols
Stateless Cryptographic Protocols Vipul Goyal Microsoft Research, India. Email: vipul@microsoft.com Hemanta K. Maji Department of Computer Science, University of Illinois at Urbana-Champaign. Email: hmaji2@uiuc.edu
More informationLeakage-Resilient Zero Knowledge
Leakage-Resilient Zero Knowledge Sanjam Garg, Abhishek Jain, and Amit Sahai UCLA {sanjamg,abhishek,sahai}@cs.ucla.edu Abstract. In this paper, we initiate a study of zero knowledge proof systems in the
More informationLecture 20: Public-key Encryption & Hybrid Encryption. Public-key Encryption
Lecture 20: & Hybrid Encryption Lecture 20: & Hybrid Encryption Overview Suppose there is a 2-round Key-Agreement protocol. This means that there exists a protocol where Bob sends the first message m B
More informationThe Exact Round Complexity of Secure Computation
The Exact Round Complexity of Secure Computation Antigoni Polychroniadou (Aarhus University) joint work with Sanjam Garg, Pratyay Mukherjee (UC Berkeley), Omkant Pandey (Drexel University) Background:
More informationClient-Server Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity
Client-Server Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity Ran Canetti 1, Abhishek Jain 2, and Omer Paneth 3 1 Boston University and Tel-Aviv University, canetti@bu.edu 2 Boston
More informationFunctional Signatures and Pseudorandom Functions
Functional Signatures and Pseudorandom Functions The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published Publisher Boyle,
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationPlaintext Awareness via Key Registration
Plaintext Awareness via Key Registration Jonathan Herzog CIS, TOC, CSAIL, MIT Plaintext Awareness via Key Registration p.1/38 Context of this work Originates from work on Dolev-Yao (DY) model Symbolic
More informationBU CAS CS 538: Cryptography Lecture Notes. Fall itkis/538/
BU CAS CS 538: Cryptography Lecture Notes. Fall 2005. http://www.cs.bu.edu/ itkis/538/ Gene Itkis Boston University Computer Science Dept. 1 General One-Way and Trapdoor Functions In this section, we will
More informationPseudorandomness and Cryptographic Applications
Pseudorandomness and Cryptographic Applications Michael Luby PRINCETON UNIVERSITY PRESS PRINCETON, NEW JERSEY Overview and Usage Guide Mini-Courses Acknowledgments ix xiii xv Preliminaries 3 Introduction
More informationImproved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption
Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption Dan Boneh 1 and Jonathan Katz 2 1 Computer Science Department, Stanford University, Stanford CA 94305 dabo@cs.stanford.edu
More informationOn Robust Combiners for Oblivious Transfer and other Primitives
On Robust Combiners for Oblivious Transfer and other Primitives Danny Harnik Joe Kilian Moni Naor Omer Reingold Alon Rosen Abstract A (1,2)-robust combiner for a cryptographic primitive P is a construction
More informationThe ElGamal Public- key System
Online Cryptography Course Dan Boneh Public key encryp3on from Diffie- Hellman The ElGamal Public- key System Recap: public key encryp3on: (Gen, E, D) Gen pk sk m c c m E D Recap: public- key encryp3on
More informationCSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring and 6 February 2018
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring 2018 5 and 6 February 2018 Identification schemes are mechanisms for Alice to prove her identity to Bob They comprise a setup
More informationBounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority
Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority Rafael Pass Massachusetts Institute of Technology pass@csail.mit.edu June 4, 2004 Abstract We show how to securely realize any
More informationLeakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore,
More informationCryptographic protocols
Cryptographic protocols Lecture 3: Zero-knowledge protocols for identification 6/16/03 (c) Jussipekka Leiwo www.ialan.com Overview of ZK Asymmetric identification techniques that do not rely on digital
More informationSecurity of Cryptosystems
Security of Cryptosystems Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Symmetric key cryptosystem m M 0 c Enc sk (m) sk Gen c sk m Dec sk (c) A randomised key generation algorithm outputs
More informationReferences O. Goldreich. Foundations of Cryptography, vol. 2: Basic Applications. Cambridge University
References 1. M. Abdalla, J. H. An, M. Bellare, and C. Namprempre. From identification to signatures via the Fiat-Shamir transform: Necessary and sufficient conditions for security and forwardsecurity.
More informationFoundations of Cryptography CS Shweta Agrawal
Foundations of Cryptography CS 6111 Shweta Agrawal Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions
More informationYuval Ishai Technion
Winter School on Bar-Ilan University, Israel 30/1/2011-1/2/2011 Bar-Ilan University Yuval Ishai Technion 1 Zero-knowledge proofs for NP [GMR85,GMW86] Bar-Ilan University Computational MPC with no honest
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2018 Identification Identification Identification To identify yourself, you need something the adversary doesn t have Typical factors:
More informationPublic-Key Cryptography
Computer Security Spring 2008 Public-Key Cryptography Aggelos Kiayias University of Connecticut A paradox Classic cryptography (ciphers etc.) Alice and Bob share a short private key using a secure channel.
More informationHomomorphic Encryption
Homomorphic Encryption Travis Mayberry Cloud Computing Cloud Computing Cloud Computing Cloud Computing Cloud Computing Northeastern saves money on infrastructure and gets the benefit of redundancy and
More informationEfficient Password Authenticated Key Exchange via Oblivious Transfer
Efficient Password Authenticated Key Exchange via Oblivious Transfer Ran Canetti, Dana Dachman-Soled, Vinod Vaikuntanathan, and Hoeteck Wee 1 Tel Aviv University & Boston University 2 Microsoft Research
More informationImplementing Resettable UC-functionalities with Untrusted Tamper-proof Hardware-Tokens
Implementing Resettable UC-functionalities with Untrusted Tamper-proof Hardware-Tokens Nico Döttling, Thilo Mie, Jörn Müller-Quade, and Tobias Nilges Karlsruhe Institute of Technology, Karlsruhe, Germany
More informationBounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority
Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority Rafael Pass Royal Institute of Technology Stockholm, Sweden rafael@nada.kth.se ABSTRACT We show how to securely realize any multi-party
More informationUniversally Composable Multi-Party Computation Using Tamper-Proof Hardware
Universally Composable Multi-Party Computation Using Tamper-Proof Hardware Jonathan Katz Dept. of Computer Science, University of Maryland jkatz@cs.umd.edu Abstract. Protocols proven secure within the
More informationOn Black-Box Complexity and Adaptive, Universal Composability of Cryptographic Tasks. Dana Dachman-Soled
On Black-Box Complexity and Adaptive, Universal Composability of Cryptographic Tasks Dana Dachman-Soled Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the
More informationMercurial Commitments with Applications to Zero-Knowledge Sets
Mercurial Commitments with Applications to Zero-Knowledge Sets Extended Abstract Melissa Chase 1, Alexander Healy 2, Anna Lysyanskaya 1, Tal Malkin 3, and Leonid Reyzin 4 1 Brown University {mchase,anna}@cs.brown.edu
More informationParallel Repetition for Leakage Resilience Amplification Revisited
Parallel Repetition for Leakage Resilience Amplification Revisited Abhishek Jain 1 and Krzysztof Pietrzak 2 1 UCLA, abhishek@cs.ucla.edu 2 CWI, Amsterdam, pietrzak@cwi.nl Abstract. If a cryptographic primitive
More informationPost-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives
Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives Sebastian Ramacher Joint work with Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Christian Rechberger, Daniel
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationAggregate and Verifiably Encrypted Signatures from Multilinear Maps Without Random Oracles
A preliminary version appears in ISA 2009, Lecture Notes in Computer Science, Springer-Verlag, 2009. Aggregate and Verifiably Encrypted Signatures from Multilinear Maps Without Random Oracles Markus Rückert
More informationOptimistic Fair Exchange in a Multi-User Setting
Optimistic Fair Exchange in a Multi-User Setting Yevgeniy Dodis 1, Pil Joong Lee 2, and Dae Hyun Yum 2 1 Department of Computer Science, New York University, NY, USA dodis@cs.nyu.edu 2 Department of Electronic
More informationResearch Statement. Yehuda Lindell. Dept. of Computer Science Bar-Ilan University, Israel.
Research Statement Yehuda Lindell Dept. of Computer Science Bar-Ilan University, Israel. lindell@cs.biu.ac.il www.cs.biu.ac.il/ lindell July 11, 2005 The main focus of my research is the theoretical foundations
More informationGeneric Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model
Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model Janaka Alawatugoda Department of Computer Engineering University of Peradeniya,
More informationBounded-Collusion IBE from Key Homomorphism
Bounded-Collusion IBE from Key Homomorphism Shafi Goldwasser 1, Allison Lewko 2, and David A. Wilson 3 1 MIT CSAIL and Weizmann Institute shafi@csail.mit.edu 2 UT Austin alewko@cs.utexas.edu 3 MIT CSAIL
More informationThe Magic of ELFs. Mark Zhandry Princeton University (Work done while at MIT)
The Magic of ELFs Mark Zhandry Princeton University (Work done while at MIT) Prove this secure: Enc(m) = ( TDP(r), H(r) m ) (CPA security, many- bit messages, arbitrary TDP) Random Oracles Random Oracle
More informationZERO KNOWLEDGE PROOFS FOR EXACT COVER AND 0-1 KNAPSACK
Proceedings of the 6th Annual ISC Graduate Research Symposium ISC-GRS 01 April 13, 01, Rolla, Missouri ZERO KNOWLEDGE PROOFS FOR EXACT COVER AND 0-1 KNAPSACK ABSTRACT Zero Knowledge Proofs (ZKPs) are interactive
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationNotes for Lecture 5. 2 Non-interactive vs. Interactive Key Exchange
COS 597C: Recent Developments in Program Obfuscation Lecture 5 (9/29/16) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 5 1 Last Time Last time, we saw that we can get public
More informationPractical Implementations of Program Obfuscators for Point Functions
Practical Implementations of Program Obfuscators for Point Functions Giovanni Di Crescenzo Lisa Bahler, Brian Coan Applied Communication Sciences Basking Ridge, NJ, 07920, USA Email: gdicrescenzo@appcomsci.com
More informationOptimal-Rate Non-Committing Encryption in a CRS Model
Optimal-Rate Non-Committing Encryption in a CRS Model Ran Canetti Oxana Poburinnaya Mariana Raykova May 24, 2016 Abstract Non-committing encryption (NCE) implements secure channels under adaptive corruptions
More information6.842 Randomness and Computation September 25-27, Lecture 6 & 7. Definition 1 Interactive Proof Systems (IPS) [Goldwasser, Micali, Rackoff]
6.84 Randomness and Computation September 5-7, 017 Lecture 6 & 7 Lecturer: Ronitt Rubinfeld Scribe: Leo de Castro & Kritkorn Karntikoon 1 Interactive Proof Systems An interactive proof system is a protocol
More informationKey Dependent Message Security and Receiver Selective Opening Security for Identity-Based Encryption
Key Dependent Message Security and Receiver Selective Opening Security for Identity-Based Encryption Fuyuki Kitagawa and Keisuke Tanaka Tokyo Institute of Technology, Tokyo, Japan kitagaw1,keisuke}@is.titech.ac.jp
More informationBounded-Concurrent Secure Two-Party Computation in a Constant Number of Rounds
Bounded-Concurrent Secure Two-Party Computation in a Constant Number of Rounds Rafael Pass NADA Royal Institute of Technology SE-10044 Stockholm, Sweden rafael@nada.kth.se Alon Rosen Laboratory for Computer
More informationEfficient Dynamic-Resharing Verifiable Secret Sharing Against Mobile Adversary
Efficient Dynamic-Resharing Verifiable Secret Sharing Against Mobile Adversary Noga Alon Zvi Galil Moti Yung March 25, 1995 Abstract We present a novel efficient variant of Verifiable Secret Sharing (VSS)
More informationBrief Introduction to Provable Security
Brief Introduction to Provable Security Michel Abdalla Département d Informatique, École normale supérieure michel.abdalla@ens.fr http://www.di.ens.fr/users/mabdalla 1 Introduction The primary goal of
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationOn the Impossibility of Obfuscation with Auxiliary Input
On the Impossibility of Obfuscation with Auxiliary Input Shafi Goldwasser The Weizmann Institute shafi@theory.lcs.mit.edu Yael Tauman Kalai MIT yael@theory.lcs.mit.edu Abstract Barak et al. formalized
More informationSECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY
SECURE AND ANONYMOUS HYBRID ENCRYPTION FROM CODING THEORY Edoardo Persichetti University of Warsaw 06 June 2013 (UNIVERSITY OF WARSAW) SECURE AND ANONYMOUS KEM 06 JUNE 2013 1 / 20 Part I PRELIMINARIES
More informationLecture 8: Cryptography in the presence of local/public randomness
Randomness in Cryptography Febuary 25, 2013 Lecture 8: Cryptography in the presence of local/public randomness Lecturer: Yevgeniy Dodis Scribe: Hamidreza Jahanjou So far we have only considered weak randomness
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationAnonymizable Ring Signature Without Pairing
Anonymizable Ring Signature Without Pairing Olivier Blazy, Xavier Bultel, Pascal Lafourcade To cite this version: Olivier Blazy, Xavier Bultel, Pascal Lafourcade. Anonymizable Ring Signature Without Pairing.
More informationOne-Shot Verifiable Encryption from Lattices. Vadim Lyubashevsky and Gregory Neven IBM Research -- Zurich
One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research -- Zurich Zero-Knowledge Proofs Zero-Knowledge Proofs Relation f(s)=t, and want to prove knowledge of s Zero-Knowledge
More informationResettably Sound Zero-Knoweldge Arguments from OWFs - the (semi) Black-Box way
Resettably Sound Zero-Knoweldge Arguments from OWFs - the (semi) Black-Box way Rafail Ostrovsky 1 and Alessandra Scafuro 2 Muthuramakrishnan Venkitasubramanian 3 1 UCLA, USA 2 Boston University and Northeastern
More informationOn Deniability in the Common Reference String and Random Oracle Model
On Deniability in the Common Reference String and Random Oracle Model Rafael Pass Department of Numerical Analysis and Computer Science Royal Institute of Technology, Stockholm, Sweden rafael@nada.kth.se
More informationThreshold Cryptosystems from Threshold Fully Homomorphic Encryption
Threshold Cryptosystems from Threshold Fully Homomorphic Encryption Sam Kim Stanford University Joint work with Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Peter M. R. Rasmussen, and Amit
More informationOne-way Functions are Essential for Single-Server. Private Information Retrieval. then one-way functions exist. 1 Introduction
One-way Functions are Essential for Single-Server Private Information Retrieval Amos Beimel Yuval Ishai y Eyal Kushilevitz z Tal Malkin x Abstract Private Information Retrieval (PIR) protocols allow a
More informationHash Proof Systems and Password Protocols
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale supe rieure/psl & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA
More informationOn the Black-Box Complexity of Optimally-Fair Coin Tossing
On the Black-Box Complexity of Optimally-Fair Coin Tossing Dana Dachman-Soled 1, Yehuda Lindell 2, Mohammad Mahmoody 3, and Tal Malkin 1 1 Columbia University {dglasner, tal}@cs.columbia.edu 2 Bar-Ilan
More informationDigital Signatures. Sven Laur University of Tartu
Digital Signatures Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic identity,
More informationAn Exploration of Group and Ring Signatures
An Exploration of Group and Ring Signatures Sarah Meiklejohn February 4, 2011 Abstract Group signatures are a modern cryptographic primitive that allow a member of a specific group (e.g., the White House
More informationHOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &
Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationGreat Theoretical Ideas in Computer Science. Lecture 27: Cryptography
15-251 Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about? Adversary Eavesdropper I will cut his throat I will cut his throat What is cryptography about? loru23n8uladjkfb!#@
More informationSecurity Against Selective Opening Attacks
Security Against Selective Opening Attacks Rafael Dowsley June 2012 Abstract This survey will deal with the problem of selective opening attacks (SOA). We will present the known results (both possibility
More informationAnonymous Identification in Ad Hoc Groups
Anonymous Identification in Ad Hoc Groups Yevgeniy Dodis 1, Aggelos Kiayias 2, Antonio Nicolosi 1, and Victor Shoup 1 1 Courant Institute of Mathematical Sciences, New York University, NY, USA {dodis,nicolosi,shoup}@cs.nyu.edu
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationOn Minimal Assumptions for Sender-Deniable Public Key Encryption
On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland danadach@ece.umd.edu Abstract. The primitive of deniable encryption was introduced by Canetti
More informationRound Optimal Concurrent Non-Malleability from Polynomial Hardness
Round Optimal Concurrent Non-Malleability from Polynomial Hardness Dakshita Khurana Department of Computer Science, UCLA, Los Angeles, USA dakshita@cs.ucla.edu Abstract. Non-malleable commitments are a
More informationApplication to More Efficient Obfuscation
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation (io)
More informationScalable Transparent ARguments-of-Knowledge
Scalable Transparent ARguments-of-Knowledge Michael Riabzev Department of Computer Science, Technion DIMACS Workshop on Outsourcing Computation Securely Joint work with Eli Ben-Sasson, Iddo Bentov, and
More informationFunctional Encryption from (Small) Hardware Tokens
Functional Encryption from (Small) Hardware Tokens Kai-Min Chung 1, Jonathan Katz 2, and Hong-Sheng Zhou 3 1 Academia Sinica kmchung@iis.sinica.edu.tw 2 University of Maryland jkatz@cs.umd.edu 3 Virginia
More information