513 research outputs found
Affine Determinant Programs: A Framework for Obfuscation and Witness Encryption
An affine determinant program ADP: {0,1}^n → {0,1} is specified by a tuple (A,B_1,...,B_n) of square matrices over F_q and a function Eval: F_q → {0,1}, and evaluated on x \in {0,1}^n by computing Eval(det(A + sum_{i \in [n]} x_i B_i)).
In this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation.
As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation
White-box implementation to advantage DRM
Digital Rights Management (DRM) is a popular approach for secure content distribution. Typically, DRM encrypts the content before delivers it. Most DRM applications use secure algorithms to protect content. However, executing these algorithms in an insecure environment may allow adversaries to compromise the system and obtain the key. To withstand such attack, algorithm implementation is modified in such a way to make the implementation unintelligible, namely obfuscation approach. White-box cryptography (WBC) is an obfuscation technique intended to protect secret keys from being disclosed in a software implementation using a fully transparent methodology. This mechanism is appropriate for DRM applications and able to enhance security for the content provider. However, DRM is required to provide a balanced protection for the content provider and users. We construct a protocol on implementing WBC to improve DRM system. The system does not only provide security for the content provider but also preserves privacy for users
ꡬλΆλΆκ°λ₯ν λλ νμ μνμ λΆμμ κ΄ν μ°κ΅¬
νμλ
Όλ¬Έ(λ°μ¬)--μμΈλνκ΅ λνμ :μμ°κ³Όνλν μ리과νλΆ,2020. 2. μ²μ ν¬.Indistinguishability obfuscation (iO) is a weak notion of the program obfuscation which requires that if two functionally equivalent circuits are given, their obfuscated programs are indistinguishable. The existence of iO implies numerous cryptographic primitives such as multilinear map, functional encryption, non interactive multi-party key exchange. In gen- eral, many iO schemes are based on branching programs, and candidates of multilinear maps represented by GGH13, CLT13 and GGH15.
In this thesis, we present cryptanalyses of branching program based iO over multilinear maps GGH13 and GGH15. First, we propose cryptanaly- ses of all existing branching program based iO schemes over GGH13 for all recommended parameter settings. To achieve this, we introduce two novel techniques, program converting using NTRU-solver and matrix zeroiz- ing, which can be applied to a wide range of obfuscation constructions. We then show that there exists polynomial time reduction from the NTRU problem to all known branching program based iO over GGH13.
Moreover, we propose a new attack on iO based on GGH15 which exploits statistical properties rather than algebraic approaches. We apply our attack to recent two obfuscations called CVW and BGMZ obfuscations. Thus, we break the CVW obfuscation under the current parameter setup, and show that algebraic security model of BGMZ obfuscation is not enough to achieve ideal security. We show that our attack is lying outside of the algebraic security model by presenting some parameters not captured by the proof of the model.κΈ°λ₯μ±μ΄ κ°μ λ νλ‘κ·Έλ¨κ³Ό, κ·Έ λλ
νλ νλ‘κ·Έλ¨λ€μ΄ μμ λ, λλ
νλ νλ‘κ·Έ λ¨λ€μ ꡬλΆν μ μλ€λ©΄ ꡬλΆλΆκ°λ₯ν λλ
νλΌκ³ νλ€. ꡬλΆλΆκ°λ₯ν λλ
νκ° μ‘΄μ¬νλ€λ©΄, λ€μ€μ νν¨μ, ν¨μμνΈ, λ€μκ° ν€κ΅ν λ± λ§μ μνΈνμ μΈ μμ©λ€μ΄ μ‘΄μ¬νκΈ° λλ¬Έμ, ꡬλΆλΆκ°λ₯ν λλ
νλ₯Ό μ€κ³νλ κ²μ λ§€μ° μ€μν λ¬Έμ μ€ νλ μ΄λ€. μΌλ°μ μΌλ‘, λ§μ ꡬλΆλΆκ°λ₯ν λλ
νλ€μ λ€μ€μ νν¨μ GGH13, CLT13, GGH15λ₯Ό κΈ°λ°μΌλ‘ νμ¬ μ€κ³λμλ€.
λ³Έ νμ λ
Όλ¬Έμμλ, λ€μ€μ νν¨μλ₯Ό κΈ°λ°μΌλ‘ νλ λλ
ν κΈ°μ λ€μ λν μ μ μ± λΆμμ μ§ννλ€. λ¨Όμ , GGH13 λ€μ€μ νν¨μλ₯Ό κΈ°λ°μΌλ‘ νλ λͺ¨λ λλ
ν κΈ°μ λ€μ νμ¬ νλΌλ―Έν° νμ μμ νμ§ μμμ 보μΈλ€. νλ‘κ·Έλ¨ λ³ν(program converting), νλ ¬ μ λ‘ν 곡격(matrix zeroizing attack)μ΄λΌλ λ κ°μ§ μλ‘μ΄ λ°© λ²μ μ μνμ¬ μμ μ±μ λΆμνμκ³ , κ·Έ κ²°κ³Ό, νμ‘΄νλ λͺ¨λ GGH13 λ€μ€μ νν¨μ κΈ°λ° λλ
ν κΈ°μ μ΄ λ€νμ μκ° λ΄μ NTRU λ¬Έμ λ‘ νμλ¨μ 보μΈλ€.
λν, GGH15 λ€μ€μ νν¨μλ₯Ό κΈ°λ°μΌλ‘ νλ λλ
ν κΈ°μ μ λν ν΅κ³μ μΈ κ³΅κ²©λ°©λ²μ μ μνλ€. ν΅κ³μ 곡격방λ²μ μ΅μ κΈ°μ μΈ CVW λλ
ν, BGMZ λλ
νμ μ μ©νμ¬, CVW λλ
νκ° νμ¬ νλΌλ―Έν°μμ μμ νμ§ μμμ 보μΈλ€. λν BGMZ λλ
νμμ μ μν λμμ μμ μ± λͺ¨λΈμ΄ μ΄μμ μΈ λλ
ν κΈ°μ μ μ€κ³ν λλ° μΆ©λΆνμ§ μλ€λ κ²μ 보μΈλ€. μ€μ λ‘, BGMZ λλ
νκ° μμ νμ§ μμ νΉμ΄ν νλΌλ―Έν°λ₯Ό μ μνμ¬, μ°λ¦¬ κ³΅κ²©μ΄ BGMZμμ μ μν μμ μ± λͺ¨λΈμ ν΄λΉνμ§ μ μμ 보μΈλ€.1. Introduction 1
1.1 Indistinguishability Obfuscation 1
1.2 Contributions 4
1.2.1 Mathematical Analysis of iO based on GGH13 4
1.2.2 Mathematical Analysis of iO based on GGH15 5
1.3 List of Papers 6
2 Preliminaries 7
2.1 Basic Notations 7
2.2 Indistinguishability Obfuscation 8
2.3 Cryptographic Multilinear Map 9
2.4 Matrix Branching Program 10
2.5 Tensor product and vectorization . 11
2.6 Background Lattices . 12
3 Mathematical Analysis of Indistinguishability Obfuscation based on the GGH13 Multilinear Map 13
3.1 Preliminaries 14
3.1.1 Notations 14
3.1.2 GGH13 Multilinear Map 14
3.2 Main Theorem 17
3.3 Attackable BP Obfuscations 18
3.3.1 Randomization for Attackable Obfuscation Model 20
3.3.2 Encoding by Multilinear Map 21
3.3.3 Linear Relationally Inequivalent Branching Programs 22
3.4 Program Converting Technique 23
3.4.1 Converting to R Program 24
3.4.2 Recovering and Converting to R/ Program 27
3.4.3 Analysis of the Converting Technique 28
3.5 Matrix Zeroizing Attack 29
3.5.1 Existing BP Obfuscations 31
3.5.2 Attackable BP Obfuscation, General Case 34
4 Mathematical Analysis of Indistinguishability Obfuscation based on the GGH15 Multilinear Map 37
4.1 Preliminaries 38
4.1.1 Notations 38
4.2 Statistical Zeroizing Attack . 39
4.2.1 Distinguishing Distributions using Sample Variance 42
4.3 Cryptanalysis of CVW Obfuscation 44
4.3.1 Construction of CVW Obfuscation 45
4.3.2 Cryptanalysis of CVW Obfuscation 48
4.4 Cryptanalysis of BGMZ Obfuscation 56
4.4.1 Construction of BGMZ Obfuscation 56
4.4.2 Cryptanalysis of BGMZ Obfuscation 59
5 Conclusions 65
6 Appendix 66
6.1 Appendix of Chapter 3 66
6.1.1 Extended Attackable Model 66
6.1.2 Examples of Matrix Zeroizing Attack 68
6.1.3 Examples of Linear Relationally Inequivalent BPs 70
6.1.4 Read-once BPs from NFA 70
6.1.5 Input-unpartitionable BPs from Barringtons Theorem 71
6.2 Appendix of Chapter 5 73
6.2.1 Simple GGH15 obfuscation 73
6.2.2 Modified CVW Obfuscation . 75
6.2.3 Transformation of Branching Programs 76
6.2.4 Modification of CVW Obfuscation 77
6.2.5 Assumptions of lattice preimage sampling 78
6.2.6 Useful Tools for Computing the Variances 79
6.2.7 Analysis of CVW Obfuscation 84
6.2.8 Analysis of BGMZ Obfuscation 97
Abstract (in Korean) 117Docto
- β¦