Definition and applications Lossy Trapdoor Functions 2.

Slides:



Advertisements
Similar presentations
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Advertisements

Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
1. Breaking the Adaptivity Barrier for Deterministic Public-Key Encryption Ananth Raghunathan (joint work with Gil Segev and Salil Vadhan)
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Secure Evaluation of Multivariate Polynomials
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
Dual System Encryption: Concept, History and Recent works Jongkil Kim.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Garbled RAM, Revisited Daniel Wichs (Northeastern University) Joint work with: Craig Gentry, Shai Halevi, Seteve Lu, Rafail Ostrovsky, Mariana Raykova.
On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),
Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.
INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.
Dennis Hofheinz, Jessica Koch, Christoph Striecks
1 IDENTITY BASED ENCRYPTION SECURITY NOTIONS AND NEW IBE SCHEMES FOR SAKAI KASAHARA KEY CONSTRUCTION N. DENIZ SARIER.
Topics in Cryptography Lecture 6 Topic: Chosen Ciphertext Security Lecturer: Moni Naor.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.
Matrix Algebra THE INVERSE OF A MATRIX © 2012 Pearson Education, Inc.
Simons Institute, Cryptography Boot Camp
Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.
1 eill Adam O’Neill Georgetown University Joint work with Dana Dachman-Soled (Univ. of Maryland), Georg Fuchsbauer (IST Austria), and Payman Mohassel (Univ.
Dan Boneh Public Key Encryption from trapdoor permutations Public key encryption: definitions and security Online Cryptography Course Dan Boneh.
8. Data Integrity Techniques
Functional Encryption: An Introduction and Survey Brent Waters.
1 Hierarchical Identity-Based Encryption with Constant Size Ciphertext Dan Boneh, Xavier Boyen and Eu-Jin Goh Eurocrypt 2005 投影片製作:張淑慧.
Empirical Explorations with The Logical Theory Machine: A Case Study in Heuristics by Allen Newell, J. C. Shaw, & H. A. Simon by Allen Newell, J. C. Shaw,
Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.
1 Network and Computer Security (CS 475) Modular Arithmetic and the RSA Public Key Cryptosystem Jeremy R. Johnson.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.
David Cash (UCSD) Dennis Hofheinz (KIT) Eike Kiltz (CWI) Chris Peikert (GA)
Tae-Joon Kim Jong yun Jun
Secure Computation (Lecture 9-10) Arpita Patra. Recap >> MPC with honest majority in i.t. settings > Protocol using (n,t)-sharing, proof of security---
1 Efficient Selective-ID IBE Without Random Oracle Dan Boneh Stanford University Xavier Boyen Voltage Security.
1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
Ilya Mironov, Omkant Pandey, Omer Reingold, Gil Segev Microsoft Research.
Trapdoor Functions, Large Numbers and Factoring Keeping your personal information secure.
Constructing Verifiable Random Functions for Large Input Spaces Brent Waters Susan Hohenberger.
Ryan Henry I 538 /B 609 : Introduction to Cryptography.
Dan Boneh Public Key Encryption from trapdoor permutations Constructions Online Cryptography Course Dan Boneh Goal: construct chosen-ciphertext secure.
Cryptography Lecture 9 Arpita Patra © Arpita Patra.
Cryptography Lecture 10 Arpita Patra © Arpita Patra.
Practical Order-Revealing Encryption with Limited Leakage Nathan Chenette, Kevin Lewi, Stephen A. Weis, and David J. Wu Fast Software Encryption March,
Cryptography Lecture 6 Arpita Patra. Quick Recall and Today’s Roadmap >> MAC for fixed-length messages >> Domain Extension for MAC >> Authenticated Encryption:
EE611 Deterministic Systems Multiple-Input Multiple-Output (MIMO) Feedback Kevin D. Donohue Electrical and Computer Engineering University of Kentucky.
Bounded key-dependent message security
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Selective-opening security in the presence of randomness failures
B504/I538: Introduction to Cryptography
Verifiable Oblivious Storage
Introduction to Symmetric-key and Public-key Cryptography
Cryptography Lecture 25.
Cryptography Lecture 11.
Lossy Trapdoor Functions and Their Applications
Cryptography Lecture 10.
Cryptography Lecture 21.
Identity Based Encryption from the Diffie-Hellman Assumption
Matrix Algebra THE INVERSE OF A MATRIX © 2012 Pearson Education, Inc.
Cryptography Lecture 23.
Presentation transcript:

Definition and applications Lossy Trapdoor Functions 2

Definition [PW08] 3 Invertible Lossy

Lossy Trapdoor Functions Implications 4 LTDF [PW08] TDF IND-CPA Det. Enc.[BFO08] (New!) Hedged Enc.[BB+09] (New!) Others… [BKPW12] What about the IB setting?

Lossy Trapdoor Functions Constructing a primitive 5 SetupEncryptDecrypt Gen Eval pk Invert SetupEncryptDecrypt? Gen’ Eval pk’ Game 1 Game 2 Secure! C hides M! IND

Working towards a definition Identity-Based Lossy Trapdoor Function [BKPW12] 6

Identity-Based Lossy Trapdoor Functions IBE - Functionality 7 Constructed with an IB-LTDF uses: IBE [Sha84,BF01] consists of:

Identity-Based Lossy Trapdoor Functions Functional requirements 8 Invertible

Identity-Based Lossy Trapdoor Functions IBE – Security Game / Reduction 9 can try to invert. should be lossy Using IB-LTDF

Identity-Based Lossy Trapdoor Functions Towards defining sec. requirements 10 Sec. Requirement? Invertible Lossy

Identity-Based Lossy Trapdoor Functions [BKPW12] limitations 11 LTDF [PW08] IB-LTDF (S) [BKPW12] TDF (New!) IND-CPA Det. Enc.[BFO08] (New!) Hedged Enc.[BB+09] (New!) Others…hopefully

Identity-Based Lossy Trapdoor Functions [BKPW12] limitations 12 LTDF [PW08] IB-LTDF (S) [BKPW12] IB-LTDF (A) [BKPW12] TDF (New!) IND-CPA ? Det. Enc.[BFO08] (New!) ? Hedged Enc.[BB+09] (New!) ? Others…hopefully?

New Definition and Hierarchical Extension Identity-Based Lossy Trapdoor Function 13

Identity-Based Lossy Trapdoor Functions Our definition (I) 14 Real Experiment I L has small range has full range Lossy Experiment

Identity-Based Lossy Trapdoor Functions Our definition (II) 15 Extra Cond. #1: big enough Extra Cond. #2: indep. from guess

Identity-Based Lossy Trapdoor Functions [EHLR14] implications 16 LTDF [PW08] IB-LTDF (S) [EHLR14] IB-LTDF (A) [EHLR14] TDF IND-CPA Det. Enc.[BFO08] (New!) (New!)* Hedged Enc. [BB+09] (New!) (New!) Others…hopefully *Also in [XXZ12]

Identity-Based Lossy Trapdoor Functions [EHLR14] implications 17 LTDF [PW08] IB-LTDF (S) [EHLR14] IB-LTDF (A) [EHLR14] HIB-LTDF (S,A) [EHLR14] TDF (New!) IND-CPA Det. Enc.[BFO08] (New!) (New!)* (New!) Hedged Enc. [BB+09] (New!) (New!) Others…hopefully Using [CHK03]… [EHLR14]  Forward Secure Det. Enc. (New!) [EHLR14]  Forward Secure Hedged Enc. (New!)

Construction Identity-Based Lossy Trapdoor Function 18

Identity-Based Lossy Trapdoor Functions Construction similar to [PW08] o Matrix-vector paradigm Building block: a new Hierarchical Predicate Encryption o Hidden Predicate defines Injective or Lossy To evaluate the function for an identity: 1.Homomorphically evaluate the Predicate for the Identity 2.Obtain a matrix of HIBE ciphertexts 3.Compute the matrix-vector product in the exponent Our construction 19

Conclusion Identity-Based Lossy Trapdoor Function 20

Identity-Based Lossy Trapdoor Functions We give a new definition We give a hierarchical extension of the definition Our definition implies new primitives with adaptive security: o One-way HIB Trapdoor Functions o HIB Deterministic Encryption o HIB Hedged Encryption o Forward Secure Deterministic Encryption o Forward Secure Hedged Encryption We give a construction which satisfies the extended definition Our contributions 21

THANK YOU!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.