5 research outputs found
Robust Combiner for Obfuscators
Practical software hardening schemes are heuristic and are not proven to be secure. One technique to enhance security is {\em robust combiners}.
An algorithm is a robust combiner for specification , e.g., privacy, if for any two implementations and , of a cryptographic scheme, the combined scheme satisfies provided {\em either} {\em or} satisfy .
We present the first robust combiner for software hardening, specifically for obfuscation \cite{barak:obfuscation}. Obfuscators are software hardening techniques that are employed to protect execution of programs in remote, hostile environment. Obfuscators protect the code (and secret data) of the program that is sent to the remote host for execution.
Robust combiners are particularly important for software hardening, where there is no standard whose security is established. In addition, robust combiners for software hardening are interesting from software engineering perspective since they introduce new techniques of software only fault tolerance
Compression from Collisions, or Why CRHF Combiners Have a Long Output
A black-box combiner for collision resistant hash functions (CRHF)
is a construction which given black-box access to two hash functions is
collision resistant if at least one of the components is
collision resistant.
In this paper we prove a lower bound on the output length of black-box
combiners for CRHFs. The bound we prove is basically tight as it is
achieved by a recent construction of Canetti et al [CRYPTO'07]. The
best previously known lower bounds only ruled out a very restricted
class of combiners having a very strong security reduction: the
reduction was required to output collisions for both underlying
candidate hash-functions given a single collision for the combiner
(Canetti et al [CRYPTO'07] building on Boneh and Boyen [CRYPTO'06] and
Pietrzak [EUROCRYPT'07]).
Our proof uses a lemma similar to the elegant ``reconstruction lemma''
of Gennaro and Trevisan [FOCS'00], which states that any function
which is not one-way is compressible (and thus uniformly random
function must be one-way). In a similar vein we show that a function
which is not collision resistant is compressible. We also borrow
ideas from recent work by Haitner et al. [FOCS'07], who show that one
can prove the reconstruction lemma even relative to some very powerful
oracles (in our case this will be an exponential time
collision-finding oracle)
Robust Combiners for Software Hardening
All practical software hardening schemes, as well as practical encryption schemes, e.g., AES, were not proven to be secure. One technique to enhance security is {\em robust combiners}.
An algorithm is a robust combiner for specification , e.g., privacy, if for any two implementations and , of a cryptographic scheme, the combined scheme satisfies provided {\em either} {\em or} satisfy .
We present the first robust combiners for software hardening, specifically for obfuscation \cite{barak:obfuscation}, and for White-Box Remote Program Execution (\w) \cite{herzberg2009towards}. WBRPE and obfuscators are software hardening techniques that are employed to protect execution of programs in remote, hostile environment. \w\ provides a software only platform allowing secure execution of programs on untrusted, remote hosts, ensuring privacy of the program, and of the inputs to the program, as well as privacy and integrity of the result of the computation. Obfuscators protect the code (and secret data) of the program that is sent to the remote host for execution.
Robust combiners are particularly important for software hardening, where there is no standard whose security is established. In addition, robust combiners for software hardening are interesting from software engineering perspective since they introduce new techniques of reductions and code manipulation
On robust combiners for private information retrieval and other primitives
Abstract. Let A and B denote cryptographic primitives. A (k, m)robust A-to-B combiner is a construction, which takes m implementations of primitive A as input, and yields an implementation of primitive B, which is guaranteed to be secure as long as at least k input implementations are secure. The main motivation for such constructions is the tolerance against wrong assumptions on which the security of implementations is based. For example, a (1,2)-robust A-to-B combiner yields a secure implementation of B even if an assumption underlying one of the input implementations of A turns out to be wrong. In this work we study robust combiners for private information retrieval (PIR), oblivious transfer (OT), and bit commitment (BC). We propose a (1,2)-robust PIR-to-PIR combiner, and describe various optimizations based on properties of existing PIR protocols. The existence of simple PIR-to-PIR combiners is somewhat surprising, since OT, a very closely related primitive, seems difficult to combine (Harnik et al., Eurocrypt’05). Furthermore, we present (1,2)-robust PIR-to-OT and PIR-to-BC combiners. To the best of our knowledge these are the first constructions of A-to-B combiners with A = B. Such combiners, in addition to being interesting in their own right, offer insights into relationships between cryptographic primitives. In particular, our PIR-to-OT combiner together with the impossibility result for OT-combiners of Harnik et al. rule out certain types of reductions of PIR to OT. Finally, we suggest a more fine-grained approach to construction of robust combiners, which may lead to more efficient and practical combiners in many scenarios