313 research outputs found
HardIDX: Practical and Secure Index with SGX
Software-based approaches for search over encrypted data are still either
challenged by lack of proper, low-leakage encryption or slow performance.
Existing hardware-based approaches do not scale well due to hardware
limitations and software designs that are not specifically tailored to the
hardware architecture, and are rarely well analyzed for their security (e.g.,
the impact of side channels). Additionally, existing hardware-based solutions
often have a large code footprint in the trusted environment susceptible to
software compromises. In this paper we present HardIDX: a hardware-based
approach, leveraging Intel's SGX, for search over encrypted data. It implements
only the security critical core, i.e., the search functionality, in the trusted
environment and resorts to untrusted software for the remainder. HardIDX is
deployable as a highly performant encrypted database index: it is logarithmic
in the size of the index and searches are performed within a few milliseconds
rather than seconds. We formally model and prove the security of our scheme
showing that its leakage is equivalent to the best known searchable encryption
schemes. Our implementation has a very small code and memory footprint yet
still scales to virtually unlimited search index sizes, i.e., size is limited
only by the general - non-secure - hardware resources
One-Wayness in Quantum Cryptography
The existence of one-way functions is one of the most fundamental assumptions
in classical cryptography. In the quantum world, on the other hand, there are
evidences that some cryptographic primitives can exist even if one-way
functions do not exist. We therefore have the following important open problem
in quantum cryptography: What is the most fundamental element in quantum
cryptography? In this direction, Brakerski, Canetti, and Qian recently defined
a notion called EFI pairs, which are pairs of efficiently generatable states
that are statistically distinguishable but computationally indistinguishable,
and showed its equivalence with some cryptographic primitives including
commitments, oblivious transfer, and general multi-party computations. However,
their work focuses on decision-type primitives and does not cover search-type
primitives like quantum money and digital signatures. In this paper, we study
properties of one-way state generators (OWSGs), which are a quantum analogue of
one-way functions. We first revisit the definition of OWSGs and generalize it
by allowing mixed output states. Then we show the following results. (1) We
define a weaker version of OWSGs, weak OWSGs, and show that they are equivalent
to OWSGs. (2) Quantum digital signatures are equivalent to OWSGs. (3)
Private-key quantum money schemes (with pure money states) imply OWSGs. (4)
Quantum pseudo one-time pad schemes imply both OWSGs and EFI pairs. (5) We
introduce an incomparable variant of OWSGs, which we call secretly-verifiable
and statistically-invertible OWSGs, and show that they are equivalent to EFI
pairs.Comment: 39 pages, 1 figur
On Cryptographic Building Blocks and Transformations
Cryptographic building blocks play a central role in cryptography, e.g., encryption or digital signatures with their security notions. Further, cryptographic building blocks might be constructed modularly, i.e., emerge out of other cryptographic building blocks. Essentially, one cryptographically transforms the underlying block(s) and their (security) properties into the emerged block and its properties. This thesis considers cryptographic building blocks and new cryptographic transformations
Learning with stochastic inputs and adversarial outputs
International audienceMost of the research in online learning is focused either on the problem of adversarial classification (i.e., both inputs and labels are arbitrarily chosen by an adversary) or on the traditional supervised learning problem in which samples are independent and identically distributed according to a stationary probability distribution. Nonetheless, in a number of domains the relationship between inputs and outputs may be adversarial, whereas input instances are i.i.d. from a stationary distribution (e.g., user preferences). This scenario can be formalized as a learning problem with stochastic inputs and adversarial outputs. In this paper, we introduce this novel stochastic-adversarial learning setting and we analyze its learnability. In particular, we show that in a binary classification problem over an horizon of rounds, given a hypothesis space with finite VC-dimension, it is possible to design an algorithm that incrementally builds a suitable finite set of hypotheses from used as input for an exponentially weighted forecaster and achieves a cumulative regret of order O(\sqrt{n VC\mathscr{H} log n})$ with overwhelming probability. This result shows that whenever inputs are i.i.d. it is possible to solve any binary classification problem using a finite VC-dimension hypothesis space with a sub-linear regret independently from the way labels are generated (either stochastic or adversarial). We also discuss extensions to multi-class classification, regression, learning from experts and bandit settings with stochastic side information, and application to games
Commitments from Quantum One-Wayness
One-way functions are central to classical cryptography. They are both
necessary for the existence of non-trivial classical cryptosystems, and
sufficient to realize meaningful primitives including commitments, pseudorandom
generators and digital signatures. At the same time, a mounting body of
evidence suggests that assumptions even weaker than one-way functions may
suffice for many cryptographic tasks of interest in a quantum world, including
bit commitments and secure multi-party computation. This work studies one-way
state generators [Morimae-Yamakawa, CRYPTO 2022], a natural quantum relaxation
of one-way functions. Given a secret key, a one-way state generator outputs a
hard to invert quantum state. A fundamental question is whether this type of
quantum one-wayness suffices to realize quantum cryptography. We obtain an
affirmative answer to this question, by proving that one-way state generators
with pure state outputs imply quantum bit commitments and secure multiparty
computation. Along the way, we build an intermediate primitive with classical
outputs, which we call a (quantum) one-way puzzle. Our main technical
contribution is a proof that one-way puzzles imply quantum bit commitments.Comment: 68 page
Adaptive Oblivious Transfer and Generalization
International audienceOblivious Transfer (OT) protocols were introduced in the seminal paper of Rabin, and allow a user to retrieve a given number of lines (usually one) in a database, without revealing which ones to the server. The server is ensured that only this given number of lines can be accessed per interaction, and so the others are protected; while the user is ensured that the server does not learn the numbers of the lines required. This primitive has a huge interest in practice, for example in secure multi-party computation, and directly echoes to Symmetrically Private Information Retrieval (SPIR). Recent Oblivious Transfer instantiations secure in the UC framework suf- fer from a drastic fallback. After the first query, there is no improvement on the global scheme complexity and so subsequent queries each have a global complexity of O(|DB|) meaning that there is no gain compared to running completely independent queries. In this paper, we propose a new protocol solving this issue, and allowing to have subsequent queries with a complexity of O(log(|DB|)), and prove the protocol security in the UC framework with adaptive corruptions and reliable erasures. As a second contribution, we show that the techniques we use for Obliv- ious Transfer can be generalized to a new framework we call Oblivi- ous Language-Based Envelope (OLBE). It is of practical interest since it seems more and more unrealistic to consider a database with uncontrolled access in access control scenarii. Our approach generalizes Oblivious Signature-Based Envelope, to handle more expressive credentials and requests from the user. Naturally, OLBE encompasses both OT and OSBE, but it also allows to achieve Oblivious Transfer with fine grain access over each line. For example, a user can access a line if and only if he possesses a certificate granting him access to such line. We show how to generically and efficiently instantiate such primitive, and prove them secure in the Universal Composability framework, with adaptive corruptions assuming reliable erasures. We provide the new UC ideal functionalities when needed, or we show that the existing ones fit in our new framework. The security of such designs allows to preserve both the secrecy of the database values and the user credentials. This symmetry allows to view our new approach as a generalization of the notion of Symmetrically PIR
On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations
We ask whether an Identity Based Encryption (IBE) sys-tem can be built from simpler public-key primitives. We show that there is no black-box construction of IBE from Trapdoor Permutations (TDP) or even from Chosen Ci-phertext Secure Public Key Encryption (CCA-PKE). These black-box separation results are based on an essential prop-erty of IBE, namely that an IBE system is able to compress exponentially many public-keys into a short public parame-ters string. 1
- …