656 research outputs found
Indistinguishability Obfuscation from Well-Founded Assumptions
In this work, we show how to construct indistinguishability obfuscation from
subexponential hardness of four well-founded assumptions. We prove:
Let be arbitrary
constants. Assume sub-exponential security of the following assumptions, where
is a security parameter, and the parameters below are
large enough polynomials in :
- The SXDH assumption on asymmetric bilinear groups of a prime order ,
- The LWE assumption over with subexponential
modulus-to-noise ratio , where is the dimension of the LWE
secret,
- The LPN assumption over with polynomially many LPN samples
and error rate , where is the dimension of the LPN
secret,
- The existence of a Boolean PRG in with stretch
,
Then, (subexponentially secure) indistinguishability obfuscation for all
polynomial-size circuits exists
Cryptanalyses of Branching Program Obfuscations over GGH13 Multilinear Map from the NTRU Problem
In this paper, we propose cryptanalyses of all existing indistinguishability
obfuscation () candidates based on branching programs (BP) over GGH13
multilinear map for all recommended parameter settings.
To achieve this, we introduce two novel techniques, program converting using
NTRU-solver and matrix zeroizing, which can be applied to a wide range of
obfuscation constructions and BPs compared to previous attacks. We then prove
that, for the suggested parameters, the existing general-purpose BP
obfuscations over GGH13 do not have the desired security.
Especially, the first candidate indistinguishability obfuscation with
input-unpartitionable branching programs (FOCS 2013) and the recent BP
obfuscation (TCC 2016) are not secure against our attack when they use the
GGH13 with recommended parameters. Previously, there has been no known
polynomial time attack for these cases.
Our attack shows that the lattice dimension of GGH13 must be set much larger
than previous thought in order to maintain security. More precisely, the
underlying lattice dimension of GGH13 should be set to to rule out attacks from the subfield algorithm for NTRU
where is the multilinearity level and the security
parameter
Detecting web server take-over attacks through objective verification actions
Attacks targeting web servers pose a major security threat. Typically prone to a mix of infrastructure and application-level security vulnerabilities, they serve as the lowest hanging fruit for intruders wanting to gain unauthorized access to the entire host network. This is specifically the case for ‘server take- over’ attacks, whose immediate objective is to gain unauthorized remote access to the host server, for example through shell-spawning, backdooring or botnet joining.peer-reviewe
Android third-party library detection
Third-party library analysis research is important to many research fields like program analysis, clone-detection, security and privacy. There are many considerations taken when developing a third-party library analysis approach. The approach must be resilient to common obfuscation techniques and be able to determine similarity between two libraries with a high level of confidence. This paper explores this research and the problems that have been solved and reviews the improvements and shortcomings within the third-party library analysis field
On Necessary Padding with IO
We show that the common proof technique of padding a circuit before IO obfuscation is sometimes necessary. That is, assuming indistinguishability obfuscation (IO) and one-way functions exist, we define samplers Sam_0, which outputs (aux_0, C_0), and Sam_1, which outputs (aux_1, C_1) such that:
- The distributions (aux_0, iO(C_0)) and (aux_1, iO(C_1)) are perfectly distinguishable.
- For padding s = poly(lambda)$, the distributions (aux_0, iO(C_0||0^s)) and (aux_1, iO(C_1||0^s)) are computationally indistinguishable.
We note this refutes the recent Superfluous Padding Assumption of Brzuska and Mittelbach
- …