Ilya Mironov, Omkant Pandey, Omer Reingold, Gil Segev Microsoft Research.

Slides:



Advertisements
Similar presentations
A Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware (sPA1) Encryption Scheme Dana Dachman-Soled University of Maryland.
Advertisements

1. Breaking the Adaptivity Barrier for Deterministic Public-Key Encryption Ananth Raghunathan (joint work with Gil Segev and Salil Vadhan)
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
CIS 5371 Cryptography 3b. Pseudorandomness.
Encryption Public-Key, Identity-Based, Attribute-Based.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.
Topics in Cryptography Lecture 5 Topic: Chosen Ciphertext Security Lecturer: Moni Naor.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 456 Introduction to Cryptography
Foundations of Cryptography Lecture 5: Signatures and pseudo-random generators Lecturer: Moni Naor.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
A Designer’s Guide to KEMs Alex Dent
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Topics in Cryptography Lecture 4 Topic: Chosen Ciphertext Security Lecturer: Moni Naor.
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
1 Introduction to Information Security , Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.
Encryption Schemes Second Pass Brice Toth 21 November 2001.
Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011
1 eill Adam O’Neill Georgetown University Joint work with Dana Dachman-Soled (Univ. of Maryland), Georg Fuchsbauer (IST Austria), and Payman Mohassel (Univ.
XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions J. Buchmann, E. Dahmen, A. Hülsing | TU Darmstadt |
Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.
CIS 5371 Cryptography Introduction.
Dan Boneh Public key encryption from Diffie-Hellman The ElGamal Public-key System Online Cryptography Course Dan Boneh.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Cryptography Lecture 10 Arpita Patra. Quick Recall and Today’s Roadmap >> CPA & CPA-mult security >> Equivalence of CPA and CPA-mult security >> El Gamal.
A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.
Towards Automated Security Proof for Symmetric Encryption Modes Martin Gagné Joint work with Reihaneh Safavi-Naini, Pascal Lafourcade and Yassine Lakhnech.
Optimal Asymmetric Encryption based on a paper by Mihir Bellare and Phillip Rogaway Team Members  Chris Kellogg  Doug Wagers  Angela Johnston  Kris.
Definition and applications Lossy Trapdoor Functions 2.
Two New Online Ciphers Mridul Nandi National Institute of Standards and Technology, Gaithersburg, MD Indocrypt 2008, Kharagpur.
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Confidentiality Confidentiality is maintained so long as private keys are secure. Authenticity is possible via public-key encryption by encrypting messages.
Rennes, 02/10/2014 Cristina Onete Attacks on RSA. Safe modes.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 PUBLIC-KEY CRYPTOGRAPHY AND RSA – Chapter 9 Principles Applications Requirements RSA Algorithm Description.
DES Analysis and Attacks CSCI 5857: Encoding and Encryption.
Tae-Joon Kim Jong yun Jun
CS/COE 1501 Recitation Extended Euclidean Algorithm + Digital Signatures.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
1 CIS 5371 Cryptography 1.Introduction. 2 Prerequisites for this course  Basic Mathematics, in particular Number Theory  Basic Probability Theory 
Compact CCA-Secure Encryption for Messages of Arbitrary Length Presentation By: D. Vamsi Krishna CS09B006.
Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.
Dan Boneh Public Key Encryption from trapdoor permutations Constructions Online Cryptography Course Dan Boneh Goal: construct chosen-ciphertext secure.
1 Introduction to Information Security , Spring 2016 Lecture 4: Applied cryptography: asymmetric Zvi Ostfeld Slides credit: Eran Tromer.
Cryptography Resilient to Continual Memory Leakage Zvika Brakerski Weizmann Institute Yael Tauman Kalai Microsoft Jonathan Katz University of Maryland.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Packing Techniques for Homomorphic Encryption Schemes Scott Thompson CSCI-762 4/28/2016.
1 CIS 5371 Cryptography 1.Introduction. 2 Prerequisites for this course  Basic Mathematics, in particular Number Theory  Basic Probability Theory 
Modern symmetric-key Encryption
Digital Signature Schemes and the Random Oracle Model
Digital Signature Schemes and the Random Oracle Model
Block cipher and modes of encryptions
Introduction to Symmetric-key and Public-key Cryptography
Block Ciphers (Crypto 2)
Identity Based Encryption from the Diffie-Hellman Assumption
Cryptography Lecture 23.
Counter Mode, Output Feedback Mode
Presentation transcript:

Ilya Mironov, Omkant Pandey, Omer Reingold, Gil Segev Microsoft Research

Incremental Deterministic Public-Key Encryption

Deterministic Public-Key Encryption

Deterministic Public-Key Encryption: PRIV1-IND [Bellare, Boldyreva, O’Neill CRYPTO’07] E pk [ ]

Is It Secure? Computational assumptions Min-entropy of the source Secure Deterministic Encryption Long, unpredictable plaintext: -digital photograph -MS Word document -entire database -full disk -search -de-duplication -deterministic KEM

security efficiency Length of the plaintext

Incrementality -Incrementality with access to plaintext: setting bit -Incrementality without access to plaintext: flipping bit

Incremental Deterministic Public-Key Encryption

Our results  Two schemes 1. Generic Solution 2. DDH-based solution tight up to polylog factors incrementality min-entropy Deterministic Encryption Incremental Deterministic Encryption

Naïve Generic Solution min-entropy ? EEE … E: deterministic encryption scheme

Sample-then-extract [Nisan,Zuckerman’96][Vadhan’04] min-entropy similar min-entropy rate

Generic Solution min-entropy Partition input into random subsets PRIV-IND  PRIV1-IND with Incrementality

Standard Model DDH  PRIV1-IND with Incrementality

Lossy Trapdoor Functions [Peikert, Waters STOC’08] Injective mode: Lossy mode:

Smooth Trapdoor Functions Injective mode: Smooth mode: statistically close

Smooth Trapdoor Functions  PRIV1-IND Security injective mode: smooth mode:

Construction of PRIV1-IND Lossy Trapdoor FunctionPairwise-independent permutation Smooth Trapdoor Function [Boldyreva, Fehr, O’Neill CRYPTO’08] Deterministic Public-Key Encryption

Construction of PRIV1-IND Lossy Trapdoor FunctionPairwise-independent permutation Smooth Trapdoor Function [Boldyreva, Fehr, O’Neill CRYPTO’08] Deterministic Public-Key Encryption Incremental

Construction of Lossy TDF [Freeman, Goldreich, Kiltz, Rosen, Segev PKC’10] [Brakerski, Segev CRYPTO’11] Key generation Encryption Decryption

Security Argument: Lossy TDF rank 1

Towards Incremental Smooth TDF rank ℓ sparse

Towards Incremental Smooth TDF  Sample-then-extract + Leftover Hash Lemma

Towards Incremental Smooth TDF 

Smooth vs Injective Mode full rank

Incrementality 

Open Problems Incremental Deterministic Encryption:  Stronger security: PRIV-IND (multiple messages)  Length-preserving in the standard model Deterministic Encryption:  Relaxing the definition to allow dependency on the public key

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.