Risky Traitor Tracing and New Differential Privacy Negative Results

Slides:



Advertisements
Similar presentations
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Advertisements

Perfect Non-interactive Zero-Knowledge for NP
Efficiency vs. Assumptions in Secure Computation Yuval Ishai Technion & UCLA.
Anonymity-preserving Public-Key Encryption Markulf Kohlweiss Ueli Maurer, Cristina Onete, Björn Tackmann, and Daniele Venturi PETS 2013.
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.
Encryption Public-Key, Identity-Based, Attribute-Based.
Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.
1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
Foundations of Privacy Lecture 6 Lecturer: Moni Naor.
1 Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys Dan Boneh, Amit Sahai, and Brent Waters.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 Queries on Encrypted Data Dan Boneh Brent Waters Stanford UniversitySRI.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
1 Conjunctive, Subset, and Range Queries on Encrypted Data Dan Boneh Brent Waters Stanford University SRI International.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Simons Institute, Cryptography Boot Camp
A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.
1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.
0x1A Great Papers in Computer Security
1 eill Adam O’Neill Georgetown University Joint work with Dana Dachman-Soled (Univ. of Maryland), Georg Fuchsbauer (IST Austria), and Payman Mohassel (Univ.
ON CONTINUAL LEAKAGE OF DISCRETE LOG REPRESENTATIONS Shweta Agrawal IIT, Delhi Joint work with Yevgeniy Dodis, Vinod Vaikuntanathan and Daniel Wichs Several.
Cryptography Lecture 10 Arpita Patra. Quick Recall and Today’s Roadmap >> CPA & CPA-mult security >> Equivalence of CPA and CPA-mult security >> El Gamal.
1 Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters UCLA SRI.
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
Game-based composition for key exchange Cristina Brzuska, Marc Fischlin (University of Darmstadt) Nigel Smart, Bogdan Warinschi, Steve Williams (University.
Witness Encryption and Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption Craig Gentry IBM Allison Lewko Columbia Amit.
13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Security-Preserving Operations on Big Data Algorithms for Big Data, Frankfurt, September, 2014.
1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.
Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.
Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.
A plausible approach to computer-aided cryptographic proofs (a collection of thoughts) Shai Halevi – May 2005.
Bounded key-dependent message security
Searchable Encryption in Cloud
Lower Bounds on Assumptions behind Indistinguishability Obfuscation
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Boneh-Franklin Identity Based Encryption Scheme
Selective-opening security in the presence of randomness failures
B504/I538: Introduction to Cryptography
Secrecy of (fixed-length) stream ciphers
Digital Signature Schemes and the Random Oracle Model
Cryptography Lecture 26.
Semantic Security and Indistinguishability in the Quantum World
Verifiable Oblivious Storage
Broadcast Encryption Amos Fiat & Moni Naor Advances in Cryptography - CRYPTO ’93 Proceeding, LNCS, Vol. 773, 1994, pp Multimedia Security.
A Generic Approach for Constructing Verifiable Random Functions
Topic 30: El-Gamal Encryption
Cryptography Lecture 3 Arpita Patra © Arpita Patra.
Cryptography Lecture 6.
Cryptography Lecture 7.
Cryptography Lecture 25.
Rishab Goyal Venkata Koppula Brent Waters
Cryptography Lecture 11.
Cryptography Lecture 12 Arpita Patra © Arpita Patra.
Cryptography Lecture 6.
Attribute-Based Encryption
Cryptography Lecture 9.
The power of Pairings towards standard model security
Cryptography Lecture 22.
Oblivious Transfer.
Cryptography Lecture 10.
Cryptography Lecture 21.
Cryptography Lecture 23.
Presentation transcript:

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula Andrew Russell Brent Waters Hardness of Non-Interactive Differential Privacy from One-Way Functions Lucas Kowalczyk Tal Malkin Jonathan Ullman Daniel Wichs

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula Andrew Russell Brent Waters

Traitor Tracing [Chor-Fiat-Naor 94] …… … Decoder Find Traitors Key Challenges: Obfuscated Decoder Collusions 3

Tracing Algorithms 4

(1) No false trace: (2) Catch: 5

It’s About the Ciphertext Size! PKE: Bilinear Maps [Boneh-Sahai-Waters06,Boneh-Waters06…]: Functional Encryption/iO[GGHRSW13,Boneh-Zhandry14]: Can we get better efficiency from standard assumptions if we relax tracing requirement? (* Subsequent to this work, G-Koppula-Waters gave an LWE-based standard TT scheme matching FE/iO-based efficiency.) 6

Relaxing Tracing (1) No false trace: (2) Catch: (1) No false trace: 7

(Main) Results [G-Koppula-Russell-Waters] Theorem. Under simple assumptions over bilinear groups, we build a secure f-risky Traitor Tracing scheme with |𝑐𝑡| ciphertext size. Theorem. Secure 1 𝑁 - risky Traitor Tracing scheme implies differential privacy negative results.

Remaining Talk Part I: Risky Traitor Tracing Part II: Differential Privacy Negative Results (Luke) 9

Standalone Risky TT Applications Persistent decoder setting Periodic key refreshes, decoder must work across cycles Catching probability can be amplified Resource constrained settings Get best possible tracing w/ 10 KB ciphertext overhead Risk averse attackers Deterrence against attackers if traitors heavily penalized Heavy penalty vs. Low catching probability

Framework for Risky TT – Mixed Bit Matching Encryption Correctness Enc-PK: Dec outputs 𝑚 Correctness Enc-SK: Dec outputs 𝑚 iff 𝑔 𝒙, 𝒚 =1 11

Mixed Bit Matching Security Security: 3 properties PK/SK CT Hiding  CT Hiding  Key Hiding  Distinguish Distinguish Distinguish 12

Transformation to Risky TT 13

Transformation to Risky TT 14

Transformation to Risky TT 15

Transformation to Risky TT Check if decoder is correct Do this poly times 16

Transformation to Risky TT Successful decryption probability If 𝑝 𝑖 and 𝑝 𝑖+1 are noticeably far, then add index (𝑖+𝑤−1) to the set T 17

Missing Pieces and Other Results Security proof of the transformation Significantly departs from existing proof techniques for TT Building Mixed Bit Matching Encryption from Bilinear Maps Generic risky amplification Improving success probability of tracing 18

Remaining Talk Part I: Building Risky Traitor Tracing Part II: Differential Privacy Negative Results (Luke) 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.