513 research outputs found

    Affine Determinant Programs: A Framework for Obfuscation and Witness Encryption

    Get PDF
    An affine determinant program ADP: {0,1}^n → {0,1} is specified by a tuple (A,B_1,...,B_n) of square matrices over F_q and a function Eval: F_q → {0,1}, and evaluated on x \in {0,1}^n by computing Eval(det(A + sum_{i \in [n]} x_i B_i)). In this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation. As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation

    White-box implementation to advantage DRM

    Get PDF
    Digital Rights Management (DRM) is a popular approach for secure content distribution. Typically, DRM encrypts the content before delivers it. Most DRM applications use secure algorithms to protect content. However, executing these algorithms in an insecure environment may allow adversaries to compromise the system and obtain the key. To withstand such attack, algorithm implementation is modified in such a way to make the implementation unintelligible, namely obfuscation approach. White-box cryptography (WBC) is an obfuscation technique intended to protect secret keys from being disclosed in a software implementation using a fully transparent methodology. This mechanism is appropriate for DRM applications and able to enhance security for the content provider. However, DRM is required to provide a balanced protection for the content provider and users. We construct a protocol on implementing WBC to improve DRM system. The system does not only provide security for the content provider but also preserves privacy for users

    κ΅¬λΆ„λΆˆκ°€λŠ₯ν•œ λ‚œλ…ν™”μ˜ μˆ˜ν•™μ λΆ„μ„μ— κ΄€ν•œ 연ꡬ

    Get PDF
    ν•™μœ„λ…Όλ¬Έ(박사)--μ„œμšΈλŒ€ν•™κ΅ λŒ€ν•™μ› :μžμ—°κ³Όν•™λŒ€ν•™ μˆ˜λ¦¬κ³Όν•™λΆ€,2020. 2. μ²œμ •ν¬.Indistinguishability obfuscation (iO) is a weak notion of the program obfuscation which requires that if two functionally equivalent circuits are given, their obfuscated programs are indistinguishable. The existence of iO implies numerous cryptographic primitives such as multilinear map, functional encryption, non interactive multi-party key exchange. In gen- eral, many iO schemes are based on branching programs, and candidates of multilinear maps represented by GGH13, CLT13 and GGH15. In this thesis, we present cryptanalyses of branching program based iO over multilinear maps GGH13 and GGH15. First, we propose cryptanaly- ses of all existing branching program based iO schemes over GGH13 for all recommended parameter settings. To achieve this, we introduce two novel techniques, program converting using NTRU-solver and matrix zeroiz- ing, which can be applied to a wide range of obfuscation constructions. We then show that there exists polynomial time reduction from the NTRU problem to all known branching program based iO over GGH13. Moreover, we propose a new attack on iO based on GGH15 which exploits statistical properties rather than algebraic approaches. We apply our attack to recent two obfuscations called CVW and BGMZ obfuscations. Thus, we break the CVW obfuscation under the current parameter setup, and show that algebraic security model of BGMZ obfuscation is not enough to achieve ideal security. We show that our attack is lying outside of the algebraic security model by presenting some parameters not captured by the proof of the model.κΈ°λŠ₯성이 같은 두 ν”„λ‘œκ·Έλž¨κ³Ό, κ·Έ λ‚œλ…ν™”λœ ν”„λ‘œκ·Έλž¨λ“€μ΄ μžˆμ„ λ•Œ, λ‚œλ…ν™”λœ ν”„λ‘œκ·Έ λž¨λ“€μ„ ꡬ뢄할 수 μ—†λ‹€λ©΄ κ΅¬λΆ„λΆˆκ°€λŠ₯ν•œ λ‚œλ…ν™”λΌκ³  ν•œλ‹€. κ΅¬λΆ„λΆˆκ°€λŠ₯ν•œ λ‚œλ…ν™”κ°€ μ‘΄μž¬ν•œλ‹€λ©΄, λ‹€μ€‘μ„ ν˜•ν•¨μˆ˜, ν•¨μˆ˜μ•”ν˜Έ, λ‹€μžκ°„ ν‚€κ΅ν™˜ λ“± λ§Žμ€ μ•”ν˜Έν•™μ μΈ μ‘μš©λ“€μ΄ μ‘΄μž¬ν•˜κΈ° λ•Œλ¬Έμ—, κ΅¬λΆ„λΆˆκ°€λŠ₯ν•œ λ‚œλ…ν™”λ₯Ό μ„€κ³„ν•˜λŠ” 것은 맀우 μ€‘μš”ν•œ 문제 쀑 ν•˜λ‚˜ 이닀. 일반적으둜, λ§Žμ€ κ΅¬λΆ„λΆˆκ°€λŠ₯ν•œ λ‚œλ…ν™”λ“€μ€ λ‹€μ€‘μ„ ν˜•ν•¨μˆ˜ GGH13, CLT13, GGH15λ₯Ό 기반으둜 ν•˜μ—¬ μ„€κ³„λ˜μ—ˆλ‹€. λ³Έ ν•™μœ„ λ…Όλ¬Έμ—μ„œλŠ”, λ‹€μ€‘μ„ ν˜•ν•¨μˆ˜λ₯Ό 기반으둜 ν•˜λŠ” λ‚œλ…ν™” κΈ°μˆ λ“€μ— λŒ€ν•œ μ•ˆ μ „μ„± 뢄석을 μ§„ν–‰ν•œλ‹€. λ¨Όμ €, GGH13 λ‹€μ€‘μ„ ν˜•ν•¨μˆ˜λ₯Ό 기반으둜 ν•˜λŠ” λͺ¨λ“  λ‚œλ…ν™” κΈ°μˆ λ“€μ€ ν˜„μž¬ νŒŒλΌλ―Έν„° ν•˜μ— μ•ˆμ „ν•˜μ§€ μ•ŠμŒμ„ 보인닀. ν”„λ‘œκ·Έλž¨ λ³€ν™˜(program converting), ν–‰λ ¬ μ œλ‘œν™” 곡격(matrix zeroizing attack)μ΄λΌλŠ” 두 가지 μƒˆλ‘œμš΄ λ°© 법을 μ œμ•ˆν•˜μ—¬ μ•ˆμ „μ„±μ„ λΆ„μ„ν•˜μ˜€κ³ , κ·Έ κ²°κ³Ό, ν˜„μ‘΄ν•˜λŠ” λͺ¨λ“  GGH13 λ‹€μ€‘μ„ ν˜•ν•¨μˆ˜ 기반 λ‚œλ…ν™” 기술이 닀항식 μ‹œκ°„ 내에 NTRU 문제둜 ν™˜μ›λ¨μ„ 보인닀. λ˜ν•œ, GGH15 λ‹€μ€‘μ„ ν˜•ν•¨μˆ˜λ₯Ό 기반으둜 ν•˜λŠ” λ‚œλ…ν™” κΈ°μˆ μ— λŒ€ν•œ 톡계적인 곡격방법을 μ œμ•ˆν•œλ‹€. 톡계적 곡격방법을 μ΅œμ‹  기술인 CVW λ‚œλ…ν™”, BGMZ λ‚œλ… 화에 μ μš©ν•˜μ—¬, CVW λ‚œλ…ν™”κ°€ ν˜„μž¬ νŒŒλΌλ―Έν„°μ—μ„œ μ•ˆμ „ν•˜μ§€ μ•ŠμŒμ„ 보인닀. λ˜ν•œ BGMZ λ‚œλ…ν™”μ—μ„œ μ œμ•ˆν•œ λŒ€μˆ˜μ  μ•ˆμ „μ„± λͺ¨λΈμ΄ 이상적인 λ‚œλ…ν™” κΈ°μˆ μ„ μ„€κ³„ν•˜ λŠ”λ° μΆ©λΆ„ν•˜μ§€ μ•Šλ‹€λŠ” 것을 보인닀. μ‹€μ œλ‘œ, BGMZ λ‚œλ…ν™”κ°€ μ•ˆμ „ν•˜μ§€ μ•Šμ€ νŠΉμ΄ν•œ νŒŒλΌλ―Έν„°λ₯Ό μ œμ•ˆν•˜μ—¬, 우리 곡격이 BGMZμ—μ„œ μ œμ•ˆν•œ μ•ˆμ „μ„± λͺ¨λΈμ— ν•΄λ‹Ήν•˜μ§€ μ•Š μŒμ„ 보인닀.1. Introduction 1 1.1 Indistinguishability Obfuscation 1 1.2 Contributions 4 1.2.1 Mathematical Analysis of iO based on GGH13 4 1.2.2 Mathematical Analysis of iO based on GGH15 5 1.3 List of Papers 6 2 Preliminaries 7 2.1 Basic Notations 7 2.2 Indistinguishability Obfuscation 8 2.3 Cryptographic Multilinear Map 9 2.4 Matrix Branching Program 10 2.5 Tensor product and vectorization . 11 2.6 Background Lattices . 12 3 Mathematical Analysis of Indistinguishability Obfuscation based on the GGH13 Multilinear Map 13 3.1 Preliminaries 14 3.1.1 Notations 14 3.1.2 GGH13 Multilinear Map 14 3.2 Main Theorem 17 3.3 Attackable BP Obfuscations 18 3.3.1 Randomization for Attackable Obfuscation Model 20 3.3.2 Encoding by Multilinear Map 21 3.3.3 Linear Relationally Inequivalent Branching Programs 22 3.4 Program Converting Technique 23 3.4.1 Converting to R Program 24 3.4.2 Recovering and Converting to R/ Program 27 3.4.3 Analysis of the Converting Technique 28 3.5 Matrix Zeroizing Attack 29 3.5.1 Existing BP Obfuscations 31 3.5.2 Attackable BP Obfuscation, General Case 34 4 Mathematical Analysis of Indistinguishability Obfuscation based on the GGH15 Multilinear Map 37 4.1 Preliminaries 38 4.1.1 Notations 38 4.2 Statistical Zeroizing Attack . 39 4.2.1 Distinguishing Distributions using Sample Variance 42 4.3 Cryptanalysis of CVW Obfuscation 44 4.3.1 Construction of CVW Obfuscation 45 4.3.2 Cryptanalysis of CVW Obfuscation 48 4.4 Cryptanalysis of BGMZ Obfuscation 56 4.4.1 Construction of BGMZ Obfuscation 56 4.4.2 Cryptanalysis of BGMZ Obfuscation 59 5 Conclusions 65 6 Appendix 66 6.1 Appendix of Chapter 3 66 6.1.1 Extended Attackable Model 66 6.1.2 Examples of Matrix Zeroizing Attack 68 6.1.3 Examples of Linear Relationally Inequivalent BPs 70 6.1.4 Read-once BPs from NFA 70 6.1.5 Input-unpartitionable BPs from Barringtons Theorem 71 6.2 Appendix of Chapter 5 73 6.2.1 Simple GGH15 obfuscation 73 6.2.2 Modified CVW Obfuscation . 75 6.2.3 Transformation of Branching Programs 76 6.2.4 Modification of CVW Obfuscation 77 6.2.5 Assumptions of lattice preimage sampling 78 6.2.6 Useful Tools for Computing the Variances 79 6.2.7 Analysis of CVW Obfuscation 84 6.2.8 Analysis of BGMZ Obfuscation 97 Abstract (in Korean) 117Docto
    • …
    corecore