Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Cash (UCSD) Dennis Hofheinz (KIT) Eike Kiltz (CWI) Chris Peikert (GA)

Published byClara Samantha Barker Modified over 9 years ago

Similar presentations

Presentation on theme: "David Cash (UCSD) Dennis Hofheinz (KIT) Eike Kiltz (CWI) Chris Peikert (GA)"— Presentation transcript:

1 David Cash (UCSD) Dennis Hofheinz (KIT) Eike Kiltz (CWI) Chris Peikert (GA)

2 This work: crypto from lattices 1.Bonsai trees for lattices/basis delegation 2.Applications: new lattice primitives – Hash-and-sign signatures (standard model) – IBE (standard model) – Hierarchical IBE (random oracle model) – Hierarchical IBE (standard model) Independently discovered by [AB09]!

3 PairingsLattices BF01: IBE ROM BF01: IBE ROM GS02: HIBE ROM GS02: HIBE ROM CHK03: HIBE Selective secure, bit-by-bit CHK03: HIBE Selective secure, bit-by-bit BB04: HIBE Selective secure, Identity at once BB04: HIBE Selective secure, Identity at once Waters05: HIBE Fully secure Waters09: HIBE Fully secure, poly depth Waters09: HIBE Fully secure, poly depth GPV08: IBE ROM GPV08: IBE ROM NEW: HIBE ROM NEW: HIBE ROM HEW: HIBE Selective secure, bit-by-bit HEW: HIBE Selective secure, bit-by-bit ABB10: HIBE Selective secure, Identity at once ABB10: HIBE Selective secure, Identity at once B10/ABB10 HIBE Fully secure You??? HIBE Fully secure, poly depth You??? HIBE Fully secure, poly depth Basis delegation Random oracle model Standard model

4

5 Integer lattices A A m  2n  lg(q) n (q,0) (0,q)

6 Random basis for A Integer lattices A A Non-short basis for L  (A)

7 Short basis for A Integer lattices A A Short basis for L  (A) [Ajtai96]

8 A A Encryption from lattices [Regev05, GPV08] A A Secret Key: Short basis for L  (A) Encrypt/decrypt: via “trapdoor function” f A associated to matrix A Security: Learning with errors Encrypt/decrypt: via “trapdoor function” f A associated to matrix A Security: Learning with errors

9

10 Bonsai Trees Ancient art of bonsai Techniques for selective control of a tree by arborist Cryptographic bonsai Tree = hierarchy of trapdoor functions Arborist= setup/simulator controls 2 types of growth 1.Undirected growth: no privileged information 2.Controlled growth: privileged information Property: extending control down hierarchy (not up) A A A A

11 Central new technique: lattice basis delegation A1A1 A1A1 A 1, A 2, short basis for L  (A 1 ) A2A2 A2A2 Basis delegation Short basis for (any) higher- dim. super-lattice L  (A 12 ) A 12 A2A2 A1A1 hard A3A3 A3A3 A2A2 A1A1 A3A3 A 312

12 Bonsai trees: hierarchy of trapdoor functions

13 f A 1256 fA1fA1 fA1fA1 f A 125 f A 1234 f A 12 f A 123 Hierarchy of trapdoor functions A1A1 A1A1 A 12 A 123 A 1234 m-dim lattice L  (A 1 ) 2m-dim lattice L  (A 12 ) 4m-dim lattice L  (A 1234 ) A1A1 A1A1 A2A2 A2A2 A3A3 A3A3 A5A5 A5A5 A4A4 A4A4 A6A6 A6A6 A 1256 3m-dim lattice L  (A 113 ) A1A1 A1A1 4m-dim lattice L  (A 1256 )

14 f A 1256 fA1fA1 fA1fA1 f A 125 f A 1234 f A 12 f A 123 A1A1 A1A1 A2A2 A2A2 A3A3 A3A3 A5A5 A5A5 A4A4 A4A4 A6A6 A6A6 fA1fA1 fA1fA1 f A 12 f A 1256 f A 125 f A 1234 f A 123 f A 12 f A 1234 f A 123 A1A1 A1A1 A2A2 A2A2 A1A1 A1A1 A2A2 A2A2 A3A3 A3A3 A4A4 A4A4 A5A5 A5A5 Short basis delegation to any higher-dim super-lattice A1A1 A1A1 A 12 A 123 A 125 A 12 A 123 A 1234 A 125 A1A1 A1A1 no trapdoor trapdoor undirected growth controlled growth A 1256 A2A2 A5A5 Hierarchy of trapdoor functions

15 Application 1: Hierarchical IBE (random oracles)

16 A A Hierarchical ID-based encryption (ROM) Master Secret Key: Short basis for L  (A) … A ID A A H(ID 1 ) A A Encrypt to ID: Use TDF f A ID associated to matrix A ID A ID Secret Key for ID: Short basis for L  (A ID ) A ID’ H(ID 1,..,ID k ) H(ID 1,…,ID k ) Encrypt to hierarchical identities ID=(ID 1,…,ID k )  IDSpace k Secret key delegation ID’  ID: “controlled growth” A

17 Application 2: IBE (standard model)

18 ID-based encryption (standard model) Master Secret Key: Short basis for L  (A 10 ) and L  (A 11 ) A 10 A 11 A 20 A 21 A k1 A k0 … A 10 A 11 A 10 A 20 A k0 ID 0 =0 ID 1 =1 ID k =0 … … A 11 A 21 A k1 … Encrypt to ID  {0,1} k : Use TDF f A ID associated to matrix A ID Secret Key for ID’: Short basis for L  (A ID’ ) A ID A 10 A k0 A ID’ A 21 A 10 A 11 A 20 A 21 A k1 A k0 … Security reduction (selective-ID security) A 10 A 11 A 20 A 21 A k1 A k0 … Master Secret Key: all-but-one setup ID=challenge ID  ID Remarks: Extends to Hierarchical IBE (standard model) Full security (constant depth) using [BB04b] Remarks: Extends to Hierarchical IBE (standard model) Full security (constant depth) using [BB04b]

19 Hash and sign signatures (standard model) Master Secret Key: Short basis for L  (A 10 ) and L  (A 11 ) A 10 A 11 A 20 A 21 A k1 A k0 … A 10 A 11 Sign M  {0,1} k : Invert TDF f A M associated to matrix A M with short basis for L  (A M ) A 10 A k0 AMAM AMAM A 21 Full UF-CMA security: Add chameleon hash Proof adapts “prefix- simulation” technique [HW09] Full UF-CMA security: Add chameleon hash Proof adapts “prefix- simulation” technique [HW09]

20 Conclusions Bonsai trees/basis delegation Applications: HIBE/signatures Follow-up work: Improved efficiency of HIBE/sigs [ABB10, B10] Alternative basis delegation [ABB10b] More crypto primitives [R10, WB10, …]

21

Download ppt "David Cash (UCSD) Dennis Hofheinz (KIT) Eike Kiltz (CWI) Chris Peikert (GA)"

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.

Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption

Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems Benny Applebaum, David Cash, Chris Peikert, Amit Sahai Princeton.

Fast Cryptographic Primitives & Circular-Secure Encryption Based on Hard Learning Problems Benny Applebaum, David Cash, Chris Peikert, Amit Sahai Princeton.
A Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware (sPA1) Encryption Scheme Dana Dachman-Soled University of Maryland.

A Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware (sPA1) Encryption Scheme Dana Dachman-Soled University of Maryland.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Lattices, Cryptography and Computing with Encrypted Data

Lattices, Cryptography and Computing with Encrypted Data
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.

Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
See you at the next conference! Hope you like our slides Hello everybody!

See you at the next conference! Hope you like our slides Hello everybody!
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
Advanced Security Constructions and Key Management Class 16.

Advanced Security Constructions and Key Management Class 16.
Enumerative Lattice Algorithms in any Norm via M-Ellipsoid Coverings Daniel Dadush (CWI) Joint with Chris Peikert and Santosh Vempala.

Enumerative Lattice Algorithms in any Norm via M-Ellipsoid Coverings Daniel Dadush (CWI) Joint with Chris Peikert and Santosh Vempala.
Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.

Dan Boneh Public key encryption from Diffie-Hellman ElGamal Variants With Better Security Online Cryptography Course Dan Boneh.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Dual System Encryption: Concept, History and Recent works Jongkil Kim.

Dual System Encryption: Concept, History and Recent works Jongkil Kim.
The Learning With Errors Problem Oded Regev Tel Aviv University (for more details, see the survey paper in the proceedings) Cambridge, 2010/6/11.

The Learning With Errors Problem Oded Regev Tel Aviv University (for more details, see the survey paper in the proceedings) Cambridge, 2010/6/11.
Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Similar presentations

Ads by Google