51 research outputs found
Verifiable Encodings for Secure Homomorphic Analytics
Homomorphic encryption, which enables the execution of arithmetic operations
directly on ciphertexts, is a promising solution for protecting privacy of
cloud-delegated computations on sensitive data. However, the correctness of the
computation result is not ensured. We propose two error detection encodings and
build authenticators that enable practical client-verification of cloud-based
homomorphic computations under different trade-offs and without compromising on
the features of the encryption algorithm. Our authenticators operate on top of
trending ring learning with errors based fully homomorphic encryption schemes
over the integers. We implement our solution in VERITAS, a ready-to-use system
for verification of outsourced computations executed over encrypted data. We
show that contrary to prior work VERITAS supports verification of any
homomorphic operation and we demonstrate its practicality for various
applications, such as ride-hailing, genomic-data analysis, encrypted search,
and machine-learning training and inference.Comment: update authors, typos corrected, scheme update
Information-Theoretic Privacy in Verifiable Outsourced Computation
Today, it is common practice to outsource time-consuming computations to the cloud.
Using the cloud allows anyone to process large quantities of data without having to invest in the necessary hardware,
significantly lowering cost requirements.
In this thesis we will consider the following work flow for outsourced computations:
A data owner uploads data to a server.
The server then computes some function on the data and sends the result to a third entity, which we call verifier.
In this scenario, two fundamental security challenges arise.
A malicious server may not perform the computation correctly, leading to an incorrect result.
Verifiability allows for the detection of such results.
In order for this to be practical, the verification procedure needs to be efficient.
The other major challenge is privacy.
If sensitive data, for example medical data is processed it is important to prevent unauthorized access to such sensitive information.
Particularly sensitive data has to be kept confidential even in the long term.
The field of verifiable computing provides solutions for the first challenge.
In this scenario, the verifier can check that the result that was given was computed correctly.
However, simultaneously addressing privacy leads to new challenges.
In the scenario of outsourced computation, privacy comes in different flavors.
One is privacy with respect to the server, where the goal is to prevent the server from learning about the data processed.
The other is privacy with respect to the verifier.
Without using verifiable computation the verifier obviously has less information about the original data than the data owner - it only knows the output of the computation but not the input to the computation.
If this third party verifier however, is given additional cryptographic data to verify the result of the computation, it might use this additional information to learn information about the inputs.
To prevent that a different privacy property we call privacy with respect to the verifier is required.
Finally, particularly sensitive data has to be kept confidential even in the long term, when computational privacy is not suitable any more.
Thus, information-theoretic measures are required.
These measures offer protection even against computationally unbounded adversaries.
Two well-known approaches to these challenges are homomorphic commitments and homomorphic authenticators.
Homomorphic commitments can provide even information-theoretic privacy, thus addressing long-term security, but verification is computationally expensive.
Homomorphic authenticators on the other hand can provide efficient verification, but do not provide information-theoretic privacy.
This thesis provides solutions to these research challenges -- efficient verifiability, input-output privacy and in particular information-theoretic privacy.
We introduce a new classification for privacy properties in verifiable computing.
We propose function-dependent commitment, a novel framework which combines the advantages of homomorphic commitments and authenticators with respect to verifiability and privacy.
We present several novel homomorphic signature schemes that can be used to solve verifiability and already address privacy with respect to the verifier.
In particular we construct one such scheme fine-tailored towards multivariate polynomials of degree two
as well as another fine-tailored towards linear functions over multi-sourced data.
The latter solution provides efficient verifiability even for computations over data authenticated by different cryptographic keys.
Furthermore, we provide transformations for homomorphic signatures that add privacy.
We first show how to add computational privacy and later on even information-theoretic privacy.
In this way, we turn homomorphic signatures into function-dependent commitments.
By applying this transformation to our homomorphic signature schemes we construct verifiable computing schemes with information-theoretic privacy
Bounded Fully Homomorphic Signature Schemes
Homomorphic signatures enable anyone to publicly perform computations on signed data and produce a compact tag to authenticate the results.
In this paper, we construct two bounded fully homomorphic signature schemes, as follows.
\begin{itemize}
\item For any two polynomials , where is the security parameter.
Our first scheme is able to evaluate any circuit on the signatures, as long as the depth and size of the circuit are bounded by and , respectively.
The construction relies on indistinguishability obfuscation and injective (or polynomially bounded pre-image size) one-way functions.
\medskip
\item The second scheme, removing the restriction on the size of the circuits, is an extension of the first one,
with succinct verification and evaluation keys.
More specifically, for an a-prior polynomial , the scheme allows to evaluate any circuit on the signatures, as long as the depth of the circuit is bounded by .
This scheme is based on differing-inputs obfuscation and collision-resistant hash functions and
relies on a technique called recording hash of circuits.
\end{itemize}
Both schemes enjoy the composition property.
Namely, outputs of previously derived signatures can be re-used as inputs for new computations.
The length of derived signatures in both schemes is independent of the size of the data set.
Moreover, both constructions satisfy a strong privacy notion, we call {\em semi-strong context hiding}, which requires that
the derived signatures of evaluating any circuit on the signatures of two data sets are {\em identical} as long as the evaluations of the circuit on these two data sets are the same
A practical validation of Homomorphic Message Authentication schemes
Dissertação de mestrado em Engenharia InformáticaCurrently, cloud computing is very appealing because it allows the user to outsource his data so it
can later be accessed from multiple devices. The user can also delegate to the cloud computing service
provider some, possibly complex, operations on the outsourced data. Since this service provider
may not always be trusted, it is necessary to not only preserve the privacy but also to enforce the authenticity
of the outsourced data. Lately, a lot of work was put on solving the first problem, specially
after the introduction of the first Fully Homomorphic Encryption scheme. In this work we will focus
on the latter, namely on the use of Homomorphic Message Authentication primitives. We will evaluate
the current available solutions, their functionality and their security. Finally, we will provide an
implementation of one of these schemes in order to verify if they are indeed practical
On the Security Notions for Homomorphic Signatures
Homomorphic signature schemes allow anyone to perform computation on signed data in such a way that the correctness of computation’s results is publicly certified. In this work we analyze the security notions for this powerful primitive considered in previous work, with a special focus on adaptive security. Motivated by the complications of existing security models in the adaptive setting, we consider a simpler and (at the same time) stronger security definition inspired to that proposed by Gennaro and Wichs (ASIACRYPT’13) for homomorphic MACs. In addition to strength and simplicity, this definition has the advantage to enable the adoption of homomorphic signatures in dynamic data outsourcing scenarios, such as delegation of computation on data streams. Then, since no existing homomorphic signature satisfies this stronger notion, our main technical contribution are general compilers which turn a homomorphic signature scheme secure under a weak definition into one secure under the new stronger notion. Our compilers are totally generic with respect to the underlying scheme. Moreover, they preserve two important properties of homomorphic signatures: context-hiding (i.e. signatures on computation’s output do not reveal information about the input) and efficient verification (i.e. verifying a signature against a program P can be made faster, in an amortized, asymptotic sense, than recomputing P from scratch)
ADSNARK: Nearly practical and privacy-preserving proofs on authenticated data
We study the problem of privacy-preserving proofs on authenticated data, where a party receives data from a trusted source and is requested to prove computations over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is still assured that the claimed proof is valid. Our work particularly focuses on the challenging requirement that the third party should be able to verify the validity with respect to the specific data authenticated by the source — even without having access to that source. This problem is motivated by various scenarios emerging from several application areas such as wearable computing, smart metering, or general business-to-business interactions. Furthermore, these applications also demand any meaningful solution to satisfy additional properties related to usability and scalability. In this paper, we formalize the above three-party model, discuss concrete application scenarios, and then we design, build, and evaluate ADSNARK, a nearly practical system for proving arbitrary computations over authenticated data in a privacy-preserving manner. ADSNARK improves significantly over state-of-the-art solutions for this model. For instance, compared to corresponding solutions based on Pinocchio (Oakland’13), ADSNARK achieves up to 25× improvement in proof-computation time and a 20× reduction in prover storage space
A framework for implementing outsourcing schemes
En esta tesis se aborda el problema de la externalización segura de servicios de datos
y computación. El escenario de interés es aquel en el que el usuario posee datos y
quiere subcontratar un servidor en la nube (“Cloud”). Además, el usuario puede
querer también delegar el cálculo de un subconjunto de sus datos al servidor. Se
presentan dos aspectos de seguridad relacionados con este escenario, en concreto,
la integridad y la privacidad y se analizan las posibles soluciones a dichas cuestiones,
aprovechando herramientas criptográficas avanzadas, como el Autentificador
de Mensajes Homomórfico (“Homomorphic Message Authenticators”) y el Cifrado
Totalmente Homomórfico (“Fully Homomorphic Encryption”).
La contribución de este trabajo es tanto teórica como práctica. Desde el punto de
vista de la contribución teórica, se define un nuevo esquema de externalización (en
lo siguiente, denominado con su término inglés Outsourcing), usando como punto
de partida los artículos de [3] y [12], con el objetivo de realizar un modelo muy
genérico y flexible que podría emplearse para representar varios esquemas de ”outsourcing”
seguro. Dicho modelo puede utilizarse para representar esquemas de “outsourcing”
seguro proporcionando únicamente integridad, únicamente privacidad o,
curiosamente, integridad con privacidad. Utilizando este nuevo modelo también se
redefine un esquema altamente eficiente, construido en [12] y que se ha denominado
Outsourcinglin. Este esquema permite calcular polinomios multivariados de grado
1 sobre el anillo Z2k . Desde el punto de vista de la contribución práctica, se ha
construido una infraestructura marco (“Framework”) para aplicar el esquema de
“outsourcing”. Seguidamente, se ha testado dicho “Framework” con varias implementaciones,
en concreto la implementación del criptosistema Joye-Libert ([18]) y
la implementación del esquema propio Outsourcinglin.
En el contexto de este trabajo práctico, la tesis también ha dado lugar a algunas
contribuciones innovadoras:
el diseño y la implementación de un nuevo algoritmo de descifrado para el
esquema de cifrado Joye-Libert, en colaboración con Darío Fiore. Presenta un
mejor comportamiento frente a los algoritmos propuestos por los autores de
[18];la implementación de la función eficiente pseudo-aleatoria de forma amortizada
cerrada (“amortized-closed-form efficient pseudorandom function”) de
[12]. Esta función no se había implementado con anterioridad y no supone
un problema trivial, por lo que este trabajo puede llegar a ser útil en otros
contextos.
Finalmente se han usado las implementaciones durante varias pruebas para medir
tiempos de ejecución de los principales algoritmos.---ABSTRACT---In this thesis we tackle the problem of secure outsourcing of data and computation.
The scenario we are interested in is that in which a user owns some data and wants to
“outsource” it to a Cloud server. Furthermore, the user may want also to delegate
the computation over a subset of its data to the server. We present the security
issues related to this scenario, namely integrity and privacy and we analyse some
possible solutions to these two issues, exploiting advanced cryptographic tools, such
as Homomorphic Message Authenticators and Fully Homomorphic Encryption.
Our contribution is both theoretical and practical. Considering our theoretical
contribution, using as starting points the articles of [3] and [12], we introduce a new
cryptographic primitive, called Outsourcing with the aim of realizing a very generic
and flexible model that might be employed to represent several secure outsourcing
schemes. Such model can be used to represent secure outsourcing schemes that provide
only integrity, only privacy or, interestingly, integrity with privacy. Using our
new model we also re-define an highly efficient scheme constructed in [12], that we
called Outsourcinglin and that is a scheme for computing multi-variate polynomials
of degree 1 over the ring Z2k. Considering our practical contribution, we build a
Framework to implement the Outsourcing scheme. Then, we test such Framework to
realize several implementations, specifically the implementation of the Joye-Libert
cryptosystem ([18]) and the implementation of our Outsourcinglin scheme.
In the context of this practical work, the thesis also led to some novel contributions:
the design and the implementation, in collaboration with Dario Fiore, of a new
decryption algorithm for the Joye-Libert encryption scheme, that performs
better than the algorithms proposed by the authors in [18];
the implementation of the amortized-closed-form efficient pseudorandom function
of [12]. There was no prior implementation of this function and it represented
a non trivial work, which can become useful in other contexts.
Finally we test the implementations to execute several experiments for measuring
the timing performances of the main algorithms
Homomorphic Proxy Re-Authenticators and Applications to Verifiable Multi-User Data Aggregation
We introduce the notion of homomorphic proxy re-authenticators, a tool that adds security and verifiability guarantees to multi-user data aggregation scenarios. It allows distinct sources to authenticate their data under their own keys, and a proxy can transform these single signatures or message authentication codes (MACs) to a MAC under a receiver\u27s key without having access to it. In addition, the proxy can evaluate arithmetic circuits (functions) on the inputs so that the resulting MAC corresponds to the evaluation of the respective function. As the messages authenticated by the sources may represent sensitive information, we also consider hiding them from the proxy and other parties in the system, except from the receiver.
We provide a general model and two modular constructions of our novel primitive, supporting the class of linear functions. On our way, we establish various novel building blocks. Most interestingly, we formally define the notion and present a construction of homomorphic proxy re-encryption, which may be of independent interest. The latter allows users to encrypt messages under their own public keys, and a proxy can re-encrypt them to a receiver\u27s public key (without knowing any secret key), while also being able to evaluate functions on the ciphertexts. The resulting re-encrypted ciphertext then holds an evaluation of the function on the input messages
- …