40 research outputs found
Multi-Client Functional Encryption for Separable Functions
In this work, we provide a compiler that transforms a single-input functional encryption scheme for the class of polynomially bounded circuits into a multi-client functional encryption (MCFE) scheme for the class of separable functions. An n-input function f is called separable if it can be described as a list of polynomially bounded circuits f^1, ... , f^n s.t. f(x_1, ... , x_n)= f^1(x_1)+ ... + f^n(x_n) for all x_1 ,... , x_n.
Our compiler extends the works of Brakerski et al. [Eurocrypt 2016] and of Komargodski et al. [Eurocrypt 2017] in which a generic compiler is proposed to obtain multi-input functional encryption (MIFE) from single-input functional encryption. Our construction achieves the stronger notion of MCFE but for the less generic class of separable functions. Prior to our work, a long line of results has been proposed in the setting of MCFE for the inner-product functionality, which is a special case of a separable function.
We also propose a modified version of the notion of decentralized MCFE introduced by Chotard et al. [Asiacrypt 2018] that we call outsourceable mulit-client functional encryption (OMCFE). Intuitively, the notion of OMCFE makes it possible to distribute the load of the decryption procedure among at most n different entities, which will return decryption shares that can be combined (e.g., additively) thus obtaining the output of the computation. This notion is especially useful in the case of a very resource consuming decryption procedure, while the combine algorithm is non-time consuming. We also show how to extend the presented MCFE protocol to obtain an OMCFE scheme for the same functionality class
Recommended from our members
Understanding circulations of dominant gender discourse in development interventions: the case study of Zimbabwean agricultural extension services
Social inequalities between women and men, found throughout the globe, have recently
started to narrow, yet critical gaps remain. These persistent, multi-dimensional gender
disparitieslie at the heart of global inequalities and poverty, directly limiting development
interventions due to income, opportunity, access, and agency inconsistencies. The lack of
progress on dealing with structural issues that underpin gender inequality are noted as a
primary obstacle in achieving the fifth Sustainable Development Goal. This is particularly
evident in developing nations undergoing multiple structural challenges that perpetuate
poverty such as in the focus country of this study: Zimbabwe. Zimbabwe is a highly
patriarchal society, struggling to develop for a myriad of systemic issues including political,
economic, and societal problems. Widespread gender inequality hinders overcoming the
extensive poverty levels throughout the country, particularly in the highly gendered
agricultural sector of which 70% of the population rely on.
One of the main reasons that gender inequalities persist is that norms or expectations
based on gender (commonly referred to as the dominant gender norms) are continually
circulated through and reinforced by social structures and institutions implying a need to
examine them in a holistic manner. To sustainably alter the course of gender disparities
and improve the effectiveness of development interventions, there is a need to be able
to identify dominant gender narratives across society. An integrated examination of the
role that communication plays in enabling and sustaining gender norms is essential to
successfully examine this phenomenon.
Rooted in the conceptual understandings behind the phenomenon of the circulation of
dominant gender discourses, this study presents a novel framework called the Dominant
Gender Discourse Deconstruction Framework (DGDDF) which embraces conceptual
understanding and transforms it into an applied methodology. The DGDDF has been
designed to enable contextually positioned institutional analysis that systematically
identifies and evaluates the interconnected nature of gender and communication
approaches being implemented, and the effect that these approaches have on their target
audiences. By engaging in the structural context, the institutional functionality and the
effects of this on institutional target audiences, the DGDDF exposes how and why
dominant gender discourse is being reinforced throughout society.
Given this, the application of the DGDDF on the Zimbabwean agricultural extension
institutions supports vital research to improve gender equality in the agricultural arena,
and generates findings that add to development theory, practice and policy in rural
iv
communication and wider agricultural development – a fundamental pathway to
sustainable development.
Working alongside research participants affiliated with three case study institutions,
primary qualitative data was collected via a mixed methodological approach and analyzed
using discourse analysis. The findings from this show that the DGDDF successfully
identifies the gender and communication approaches used by agricultural extension
institutions enabling a systematic evaluation of these on gendered access and
engagement. This evaluation presents nuances between different intervention
approaches, illustrating how dominant gender discourses remain largely unchallenged by
current development institutional arrangements, thereby directly affecting information
access and experience for male and female farmers. It also demonstrates that the
framework exposes the complex, interconnected cycles of dominant gender discourse
throughout different levels of societal structures and that these directly dictate
institutional gender and communication structures. Finally, the study shows that
agricultural extension institutions are in a primary position to alter the course of dominant
gender discourses by incorporating a more complex understanding of gender structures
and actively challenging dominant gender discourses which are hindering effective
development.
The findings presented in this study add to national Zimbabwean policy
recommendations, but also to wider discussions about the effectiveness of development
interventions which provide a starting point for opening discussions about how to make
meaningful changes to deal with the persistent gender inequalities found throughout the
globe
A Transform for NIZK Almost as Efficient and General as the Fiat-Shamir Transform Without Programmable Random Oracles
The Fiat-Shamir (FS) transform is a popular technique for obtaining practical zero-knowledge argument systems. The FS transform uses a hash function to generate, without any further overhead, non-interactive zero-knowledge (NIZK) argument systems from public-coin honest-verifier zero-knowledge (public-coin HVZK) proof systems. In the proof of zero knowledge, the hash function is modeled as a programmable random oracle (PRO).
In TCC 2015, Lindell embarked on the challenging task of obtaining a similar transform with improved heuristic security. Lindell showed that, for several interesting and practical languages, there exists an efficient transform in the non-programmable random oracle (NPRO) model that also uses a common reference string (CRS). A major contribution of Lindell’s transform is that zero knowledge is proved without random oracles and this is an important step towards achieving efficient NIZK arguments in the CRS model without random oracles.
In this work, we analyze the efficiency and generality of Lindell’s transform and notice a significant gap when compared with the FS transform. We then propose a new transform that aims at filling this gap. Indeed our transform is almost as efficient as the FS transform and can be applied to a broad class of public-coin HVZK proof systems. Our transform requires a CRS and an NPRO in the proof of soundness, similarly to Lindell’s transform
Concurrent Non-Malleable Commitments (and More) in 3 Rounds
The round complexity of commitment schemes secure against man-in-the-middle attacks has been the focus of extensive research for about 25 years. The recent breakthrough of Goyal et al. [22] showed that 3 rounds are sufficient for (one-left, one-right) non-malleable commitments. This result matches a lower bound of [41]. The state of affairs leaves still open the intriguing problem of constructing 3-round concurrent non-malleable commitment schemes. In this paper we solve the above open problem by showing how to transform any 3-round (one-left one-right) non-malleable commitment scheme (with some extractability property) in a 3-round concurrent nonmalleable commitment scheme. Our transform makes use of complexity leveraging and when instantiated with the construction of [22] gives a 3-round concurrent non-malleable commitment scheme from one-way permutations secure w.r.t. subexponential-time adversaries. We also show a 3-round arguments of knowledge and a 3-round identification scheme secure against concurrent man-in-the-middle attacks
Round-Optimal Multi-party Computation with Identifiable Abort
Secure multi-party computation (MPC) protocols that are resilient to a dishonest majority allow the adversary to get the output of the computation while, at the same time, forcing the honest parties to abort. Aumann and Lindell introduced the enhanced notion of security with identifiable abort, which still allows the adversary to trigger an abort but, at the same time, it enables the honest parties to agree on the identity of the party that led to the abort. More recently, in Eurocrypt 2016, Garg et al. showed that, assuming access to a simultaneous message exchange channel for all the parties, at least four rounds of communication are required to securely realize non-trivial functionalities in the plain model.
Following Garg et al., a sequence of works has matched this lower bound, but none of them achieved security with identifiable abort. In this work, we close this gap and show that four rounds of communication are also sufficient to securely realize any functionality with identifiable abort using standard and generic polynomial-time assumptions. To achieve this result we introduce the new notion of bounded-rewind secure MPC that guarantees security even against an adversary that performs a mild form of reset attacks. We show how to instantiate this primitive starting from any MPC protocol and by assuming trapdoor-permutations.
The notion of bounded-rewind secure MPC allows for easier parallel composition of MPC protocols with other (interactive) cryptographic primitives. Therefore, we believe that this primitive can be useful in other contexts in which it is crucial to combine multiple primitives with MPC protocols while keeping the round complexity of the final protocol low
Delayed-Input Non-Malleable Zero Knowledge and Multi-Party Coin Tossing in Four Rounds
In this work we start from the following two results in the state-of-the art: 1.4-round non-malleable zero knowledge (NMZK): Goyal et al. in FOCS 2014 showed the first 4-round one-one NMZK argument from one-way functions (OWFs). Their construction requires the prover to know the instance and the witness already at the 2nd round.2.4-round multi-party coin tossing (MPCT): Garg et al. in Eurocrypt 2016 showed the first 4-round protocol for MPCT. Their result crucially relies on 3-round 3-robust parallel non-malleable commitments. So far there is no candidate construction for such a commitment scheme under standard polynomial-time hardness assumptions. We improve the state-of-the art on NMZK and MPCT by presenting the following two results: 1.a delayed-input 4-round one-many NMZK argument IINMZKfrom OWFs; moreover IINMZKis also a delayed-input many-many synchronous NMZK argument.2.a 4-round MPCT protocol IIMPCTfrom one-to-one OWFs; IIMPCTuses IINMZKas subprotocol and exploits the special properties (e.g., delayed input, many-many synchronous) of IINMZK. Both IINMZKand IIMPCTmake use of a special proof of knowledge that offers additional security guarantees when played in parallel with other protocols. The new technique behind such a proof of knowledge is an additional contribution of this work and is of independent interest
Improved OR-Composition of Sigma-Protocols
In [CDS94] Cramer, Damg̊ard and Schoenmakers (CDS) devise an OR-composition technique for Σ-protocols that allows to construct highly-efficient proofs for compound statements. Since then, such technique has found countless applications as building block for designing efficient protocols. Unfortunately, the CDS OR-composition technique works only if both statements are fixed before the proof starts. This limitation restricts its usability in those protocols where the theorems to be proved are defined at different stages of the protocol, but, in order to save rounds of communication, the proof must start even if not all theorems are available. Many round-optimal protocols ([KO04, DPV04, YZ07, SV12]) crucially need such property to achieve round-optimality, and, due to the inapplicability of CDS’s technique, are currently implemented using proof systems that requires expensive NP reductions, but that allow the proof to start even if no statement is defined (a.k.a., LS proofs from Lapidot-Shamir [LS90]). In this paper we show an improved OR-composition technique for Σ-protocols, that requires only one statement to be fixed when the proof starts, while the other statement can be define
Four-Round Black-Box Non-Malleable Commitments from One-Way Permutations
We construct the first four-round non-malleable commitment scheme based solely on the black-box use of one-to-one one-way functions. Prior to our work, all non-malleable commitment schemes based on black-box use of polynomial-time cryptographic primitives require more than rounds of interaction.
A key tool for our construction is a proof system that satisfies a new definition of security that we call non-malleable zero-knowledge with respect to commitments. In a nutshell, such a proof system can be safely run in parallel with a (potentially interactive) commitment scheme. We provide an instantiation of this tool using the MPC-in-the-Head approach in combination with BMR