213 research outputs found
Hiding secrets in public random functions
Constructing advanced cryptographic applications often requires the ability of privately embedding messages or functions in the code of a program. As an example, consider the task of building a searchable encryption scheme, which allows the users to search over the encrypted data and learn nothing other than the search result. Such a task is achievable if it is possible to embed the secret key of an encryption scheme into the code of a program that performs the "decrypt-then-search" functionality, and guarantee that the code hides everything except its functionality.
This thesis studies two cryptographic primitives that facilitate the capability of hiding secrets in the program of random functions.
1. We first study the notion of a private constrained pseudorandom function (PCPRF). A PCPRF allows the PRF master secret key holder to derive a public constrained key that changes the functionality of the original key without revealing the constraint description. Such a notion closely captures the goal of privately embedding functions in the code of a random function.
Our main contribution is in constructing single-key secure PCPRFs for NC^1 circuit constraints based on the learning with errors assumption. Single-key secure PCPRFs were known to support a wide range of cryptographic applications, such as private-key deniable encryption and watermarking. In addition, we build reusable garbled circuits from PCPRFs.
2. We then study how to construct cryptographic hash functions that satisfy strong random oracle-like properties. In particular, we focus on the notion of correlation intractability, which requires that given the description of a function, it should be hard to find an input-output pair that satisfies any sparse relations.
Correlation intractability captures the security properties required for, e.g., the soundness of the Fiat-Shamir heuristic, where the Fiat-Shamir transformation is a practical method of building signature schemes from interactive proof protocols. However, correlation intractability was shown to be impossible to achieve for certain length parameters, and was widely considered to be unobtainable.
Our contribution is in building correlation intractable functions from various cryptographic assumptions. The security analyses of the constructions use the techniques of secretly embedding constraints in the code of random functions
Impossibility of Quantum Virtual Black-Box Obfuscation of Classical Circuits
Virtual black-box obfuscation is a strong cryptographic primitive: it
encrypts a circuit while maintaining its full input/output functionality. A
remarkable result by Barak et al. (Crypto 2001) shows that a general obfuscator
that obfuscates classical circuits into classical circuits cannot exist. A
promising direction that circumvents this impossibility result is to obfuscate
classical circuits into quantum states, which would potentially be better
capable of hiding information about the obfuscated circuit. We show that, under
the assumption that learning-with-errors (LWE) is hard for quantum computers,
this quantum variant of virtual black-box obfuscation of classical circuits is
generally impossible. On the way, we show that under the presence of dependent
classical auxiliary input, even the small class of classical point functions
cannot be quantum virtual black-box obfuscated.Comment: v2: Add the notion of decomposable public keys, which allows our
impossibility to hold without assuming circular security for QFHE. We also
fix an auxiliary lemma (2.9 in v2) where a square root was missing (this does
not influence the main result
Predictable arguments of knowledge
We initiate a formal investigation on the power of predictability for argument of knowledge systems for NP. Specifically, we consider private-coin argument systems where the answer of the prover can be predicted, given the private randomness of the verifier; we call such protocols Predictable Arguments of Knowledge (PAoK).
Our study encompasses a full characterization of PAoK, showing that such arguments can be made extremely laconic, with the prover sending a single bit, and assumed to have only one round (i.e., two messages) of communication without loss of generality.
We additionally explore PAoK satisfying additional properties (including zero-knowledge and the possibility of re-using the same challenge across multiple executions with the prover), present several constructions of PAoK relying on different cryptographic tools, and discuss applications to cryptography
Candidate Differing-Inputs Obfuscation from Indistinguishability Obfuscation and Auxiliary-Input Point Obfuscation
Differing-inputs obfuscation (diO), first proposed by Barak et. al. [4], provides stronger security than that provided by indistinguishability obfuscation (iO). An iO scheme provides indistinguishability between the obfuscations of two programs that are equivalent and have the same length of description. A diO scheme ensures that the obfuscations of two efficiently generated programs with the same description length are indistinguishable if it is hard to find an input on which their outputs differ. Ananth et. al. [1], provides stronger security than that provided by indistinguishability obfuscation (iO). An iO scheme provides indistinguishability between the obfuscations of two programs that are equivalent and have the same length of description. A diO scheme ensures that the obfuscations of two efficiently generated programs with the same description length are indistinguishable if it is hard to find an input on which their outputs differ. Ananth et. al. [1 showed the definition of diO with respect to arbitrary auxiliary inputs. However, Garg et al. [19] showed that the existence of this kind of diO contradicts a certain “special-purpose obfuscation” conjecture. Ishai, Pandey and Sahai [23] suggested a diO variant called public-coin diO, which requires the auxiliary input to be a public random string and given as input to all relevant algorithms. They gave a construction of public-coin diO by assuming the existence of public-coin differing-inputs obfuscator for NC^1 circuits.
In this paper, we use a slightly different definition, called public-coin-dependent diO. It allows the obfuscation algorithm to additionally take as input the random coins used to sample the circuit pair (including the circuit to be obfuscated) and thus the obfuscation algorithm can use the property of the circuit pair. We first construct a public-coin differing-inputs obfuscator for a class of new defined function with iO and point obfuscation with auxiliary input (AIPO). And then we use it to complete the public-coin-dependent diO for any pair of circuits that are hard to be found an input on which their outputs differ. The constructions are based on secure iO schemes for NC^1, fully homomorphic encryption scheme, and the existence of AIPO. Besides, we show the applications of our constructions
Rethinking Location Privacy for Unknown Mobility Behaviors
Location Privacy-Preserving Mechanisms (LPPMs) in the literature largely
consider that users' data available for training wholly characterizes their
mobility patterns. Thus, they hardwire this information in their designs and
evaluate their privacy properties with these same data. In this paper, we aim
to understand the impact of this decision on the level of privacy these LPPMs
may offer in real life when the users' mobility data may be different from the
data used in the design phase. Our results show that, in many cases, training
data does not capture users' behavior accurately and, thus, the level of
privacy provided by the LPPM is often overestimated. To address this gap
between theory and practice, we propose to use blank-slate models for LPPM
design. Contrary to the hardwired approach, that assumes known users' behavior,
blank-slate models learn the users' behavior from the queries to the service
provider. We leverage this blank-slate approach to develop a new family of
LPPMs, that we call Profile Estimation-Based LPPMs. Using real data, we
empirically show that our proposal outperforms optimal state-of-the-art
mechanisms designed on sporadic hardwired models. On non-sporadic location
privacy scenarios, our method is only better if the usage of the location
privacy service is not continuous. It is our hope that eliminating the need to
bootstrap the mechanisms with training data and ensuring that the mechanisms
are lightweight and easy to compute help fostering the integration of location
privacy protections in deployed systems
Universal Computational Extractors and the Superfluous Padding Assumption for Indistinguishability Obfuscation
Universal Computational Extractors (UCEs), introduced by Bellare, Hoang and Keelveedhi (CRYPTO 2013), are a framework of assumptions on hash functions that allow to instantiate random oracles in a large variety of settings. Brzuska, Farshim and Mittelbach (CRYPTO 2014) showed that a large class of UCE assumptions with \emph{computationally} unpredictable sources cannot be achieved, if indistinguishability obfuscation exists. In the process of circumventing obfuscation-based attacks, new UCE notions emerged, most notably UCEs with respect to \emph{statistically} unpredictable sources that suffice for a large class of applications. However, the only standard model constructions of UCEs are for a small subclass considering only -query sources which are \emph{strongly statistically} unpredictable (Brzuska, Mittelbach; Asiacrypt 2014).
The contributions of this paper are threefold:
1) We show a surprising equivalence for the notions of strong unpredictability and (plain) unpredictability thereby lifting the construction from Brzuska and Mittelbach to achieve -query UCEs for statistically unpredictable sources. This yields standard model instantiations for various (-query) primitives including, deterministic public-key encryption, message-locked encryption, multi-bit point obfuscation, CCA-secure encryption, and more. For some of these, our construction yields the first standard model candidate.
2) We study the blow-up that occurs in indistinguishability obfuscation proof techniques due to puncturing and state the \emph{Superfluous Padding Assumption} for indistinguishability obfuscation which allows us to lift the -query restriction of our construction. We validate the assumption by showing that it holds for virtual black-box obfuscation.
3) Brzuska and Mittelbach require a strong form of point obfuscation secure in the presence of auxiliary input for their construction of UCEs. We show that this assumption is indeed necessary for the construction of injective UCEs
On Foundations of Protecting Computations
Information technology systems have become indispensable to uphold our
way of living, our economy and our safety. Failure of these systems can have
devastating effects. Consequently, securing these systems against malicious
intentions deserves our utmost attention.
Cryptography provides the necessary foundations for that purpose. In
particular, it provides a set of building blocks which allow to secure larger
information systems. Furthermore, cryptography develops concepts and tech-
niques towards realizing these building blocks. The protection of computations
is one invaluable concept for cryptography which paves the way towards
realizing a multitude of cryptographic tools. In this thesis, we contribute to
this concept of protecting computations in several ways.
Protecting computations of probabilistic programs. An indis-
tinguishability obfuscator (IO) compiles (deterministic) code such that it
becomes provably unintelligible. This can be viewed as the ultimate way
to protect (deterministic) computations. Due to very recent research, such
obfuscators enjoy plausible candidate constructions.
In certain settings, however, it is necessary to protect probabilistic com-
putations. The only known construction of an obfuscator for probabilistic
programs is due to Canetti, Lin, Tessaro, and Vaikuntanathan, TCC, 2015 and
requires an indistinguishability obfuscator which satisfies extreme security
guarantees. We improve this construction and thereby reduce the require-
ments on the security of the underlying indistinguishability obfuscator.
(Agrikola, Couteau, and Hofheinz, PKC, 2020)
Protecting computations in cryptographic groups. To facilitate
the analysis of building blocks which are based on cryptographic groups,
these groups are often overidealized such that computations in the group
are protected from the outside. Using such overidealizations allows to prove
building blocks secure which are sometimes beyond the reach of standard
model techniques. However, these overidealizations are subject to certain
impossibility results. Recently, Fuchsbauer, Kiltz, and Loss, CRYPTO, 2018
introduced the algebraic group model (AGM) as a relaxation which is closer
to the standard model but in several aspects preserves the power of said
overidealizations. However, their model still suffers from implausibilities.
We develop a framework which allows to transport several security proofs
from the AGM into the standard model, thereby evading the above implausi-
bility results, and instantiate this framework using an indistinguishability
obfuscator.
(Agrikola, Hofheinz, and Kastner, EUROCRYPT, 2020)
Protecting computations using compression. Perfect compression
algorithms admit the property that the compressed distribution is truly
random leaving no room for any further compression. This property is
invaluable for several cryptographic applications such as “honey encryption”
or password-authenticated key exchange. However, perfect compression
algorithms only exist for a very small number of distributions. We relax the
notion of compression and rigorously study the resulting notion which we
call “pseudorandom encodings”. As a result, we identify various surprising
connections between seemingly unrelated areas of cryptography. Particularly,
we derive novel results for adaptively secure multi-party computation which
allows for protecting computations in distributed settings. Furthermore, we
instantiate the weakest version of pseudorandom encodings which suffices
for adaptively secure multi-party computation using an indistinguishability
obfuscator.
(Agrikola, Couteau, Ishai, Jarecki, and Sahai, TCC, 2020
Impossibility of Strong KDM Security with Auxiliary Input
In this note, we show that a strong notion of KDM security cannot be obtained by any encryption scheme in the auxiliary input setting, assuming Learning With Errors (LWE) and one-way permutations. The notion of security we deal with guarantees that for any (possibly inefficient) function , it is computationally hard to distinguish between an encryption of 0s and an encryption of f(pk, z), where pk is the public key and z is the auxiliary input. Furthermore, we show that this holds even when restricted to bounded-length auxiliary input where z is much shorter than pk under the additional assumption that (non-leveled) fully homomorphic encryption exists
Recommended from our members
Cryptography
The Oberwolfach workshop Cryptography brought together scientists from cryptography with mathematicians specializing in the algorithmic problems underlying cryptographic security. The goal of the workshop was to stimulate interaction and collaboration that enables a holistic approach to designing cryptography from the mathematical foundations to practical applications. The workshop covered basic computational problems such as factoring and computing discrete logarithms and short vectors. It addressed fundamental research results leading to innovative cryptography for protecting security and privacy in cloud applications. It also covered some practical applications
- …