1,239 research outputs found
Unbounded Predicate Inner Product Functional Encryption from Pairings
Predicate inner product functional encryption (P-IPFE) is essentially attribute-based IPFE (AB-IPFE) which additionally hides attributes associated to ciphertexts. In a P-IPFE, a message x is encrypted under an attribute w and a secret key is generated for a pair (y, v) such that recovery of ⟨ x, y⟩ requires the vectors w, v to satisfy a linear relation. We call a P-IPFE unbounded if it can encrypt unbounded length attributes and message vectors. ∙ zero predicate IPFE. We construct the first unbounded zero predicate IPFE (UZP-IPFE) which recovers ⟨ x, y⟩ if ⟨ w, v⟩ = 0 . This construction is inspired by the unbounded IPFE of Tomida and Takashima (ASIACRYPT 2018) and the unbounded zero inner product encryption of Okamoto and Takashima (ASIACRYPT 2012). The UZP-IPFE stands secure against general attackers capable of decrypting the challenge ciphertext. Concretely, it provides full attribute-hiding security in the indistinguishability-based semi-adaptive model under the standard symmetric external Diffie–Hellman assumption. ∙ non-zero predicate IPFE. We present the first unbounded non-zero predicate IPFE (UNP-IPFE) that successfully recovers ⟨ x, y⟩ if ⟨ w, v⟩ ≠0 . We generically transform an unbounded quadratic FE (UQFE) scheme to weak attribute-hiding UNP-IPFE in both public and secret key setting. Interestingly, our secret key simulation secure UNP-IPFE has succinct secret keys and is constructed from a novel succinct UQFE that we build in the random oracle model. We leave the problem of constructing a succinct public key UNP-IPFE or UQFE in the standard model as an important open problem
SoK: Privacy Preserving Machine Learning using Functional Encryption: Opportunities and Challenges
With the advent of functional encryption, new possibilities for computation
on encrypted data have arisen. Functional Encryption enables data owners to
grant third-party access to perform specified computations without disclosing
their inputs. It also provides computation results in plain, unlike Fully
Homomorphic Encryption. The ubiquitousness of machine learning has led to the
collection of massive private data in the cloud computing environment. This
raises potential privacy issues and the need for more private and secure
computing solutions. Numerous efforts have been made in privacy-preserving
machine learning (PPML) to address security and privacy concerns. There are
approaches based on fully homomorphic encryption (FHE), secure multiparty
computation (SMC), and, more recently, functional encryption (FE). However,
FE-based PPML is still in its infancy and has not yet gotten much attention
compared to FHE-based PPML approaches. In this paper, we provide a
systematization of PPML works based on FE summarizing state-of-the-art in the
literature. We focus on Inner-product-FE and Quadratic-FE-based machine
learning models for the PPML applications. We analyze the performance and
usability of the available FE libraries and their applications to PPML. We also
discuss potential directions for FE-based PPML approaches. To the best of our
knowledge, this is the first work to systematize FE-based PPML approaches
Ad Hoc Multi-Input Functional Encryption
Consider sources that supply sensitive data to an aggregator. Standard encryption only hides the data from eavesdroppers, but using specialized encryption one can hope to hide the data (to the extent possible) from the aggregator itself. For flexibility and security, we envision schemes that allow sources to supply encrypted data, such that at any point a dynamically-chosen subset of sources can allow an agreed-upon joint function of their data to be computed by the aggregator. A primitive called multi-input functional encryption (MIFE), due to Goldwasser et al. (EUROCRYPT 2014), comes close, but has two main limitations:
- it requires trust in a third party, who is able to decrypt all the data, and
- it requires function arity to be fixed at setup time and to be equal to the number of parties.
To drop these limitations, we introduce a new notion of ad hoc MIFE. In our setting, each source generates its own public key and issues individual, function-specific secret keys to an aggregator. For successful decryption, an aggregator must obtain a separate key from each source whose ciphertext is being computed upon. The aggregator could obtain multiple such secret-keys from a user corresponding to functions of varying arity. For this primitive, we obtain the following results:
- We show that standard MIFE for general functions can be bootstrapped to ad hoc MIFE for free, i.e. without making any additional assumption.
- We provide a direct construction of ad hoc MIFE for the inner product functionality based on the Learning with Errors (LWE) assumption. This yields the first construction of this natural primitive based on a standard assumption.
At a technical level, our results are obtained by combining standard MIFE schemes and two-round secure multiparty computation (MPC) protocols in novel ways highlighting an interesting interplay between MIFE and two-round MPC
Homomorphic Encryption and the Approximate GCD Problem
With the advent of cloud computing, everyone from Fortune 500 businesses to personal consumers to the US government is storing massive amounts of sensitive data in service centers that may not be trustworthy. It is of vital importance to leverage the benefits of storing data in the cloud while simultaneously ensuring the privacy of the data. Homomorphic encryption allows one to securely delegate the processing of private data. As such, it has managed to hit the sweet spot of academic interest and industry demand. Though the concept was proposed in the 1970s, no cryptosystem realizing this goal existed until Craig Gentry published his PhD thesis in 2009. In this thesis, we conduct a study of the two main methods for construction of homomorphic encryption schemes along with functional encryption and the hard problems upon which their security is based. These hard problems include the Approximate GCD problem (A-GCD), the Learning With Errors problem (LWE), and various lattice problems. In addition, we discuss many of the proposed and in some cases implemented practical applications of these cryptosystems. Finally, we focus on the Approximate GCD problem (A-GCD). This problem forms the basis for the security of Gentry\u27s original cryptosystem but has not yet been linked to more standard cryptographic primitives. After presenting several algorithms in the literature that attempt to solve the problem, we introduce some new algorithms to attack the problem
Recommended from our members
Affine Determinant Programs: A Framework for Obfuscation and Witness Encryption
An affine determinant program ADP: {0,1}^n → {0,1} is specified by a tuple (A,B_1,...,B_n) of square matrices over F_q and a function Eval: F_q → {0,1}, and evaluated on x \in {0,1}^n by computing Eval(det(A + sum_{i \in [n]} x_i B_i)).
In this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation.
As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation
A Distributed Security Architecture for Large Scale Systems
This thesis describes the research leading from the conception, through development, to the practical
implementation of a comprehensive security architecture for use within, and as a value-added enhancement
to, the ISO Open Systems Interconnection (OSI) model.
The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can
allow any of the ISO recommended security facilities to be provided at any layer of the model. It is
suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications.
For large scale, distributed processing operations, a network of security management centres (SMCs) is
suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided
in an efficient manner.
The background to the OSI standards are covered in detail, followed by an introduction to security in open
systems. A survey of existing techniques in formal analysis and verification is then presented. The
architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed
by an extension of the CSS concept to a large scale network controlled by SMCs.
A new approach to formal security analysis is described which is based on two main methodologies.
Firstly, every function within the system is built from layers of provably secure sequences of finite state
machines, using a recursive function to monitor and constrain the system to the desired state at all times.
Secondly, the correctness of the protocols generated by the sequences to exchange security information
and control data between agents in a distributed environment, is analysed in terms of a modified temporal
Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system
as a result of actions performed by entities within the system, including the notion of timeliness.
The two fundamental problems in number theory upon which the assumptions about the security of the
finite state machine model rest are described, together with a comprehensive survey of the very latest
progress in this area. Having assumed that the two problems will remain computationally intractable in
the foreseeable future, the method is then applied to the formal analysis of some of the components of the
Comprehensive Security System.
A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM
Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out
in Chapter 1. This implementation is described, and finally some comments are made on the possible
future of research into security aspects of distributed systems.IBM (United Kingdom) Laboratories
Hursley Park, Winchester, U
- …