1,843 research outputs found
HardIDX: Practical and Secure Index with SGX
Software-based approaches for search over encrypted data are still either
challenged by lack of proper, low-leakage encryption or slow performance.
Existing hardware-based approaches do not scale well due to hardware
limitations and software designs that are not specifically tailored to the
hardware architecture, and are rarely well analyzed for their security (e.g.,
the impact of side channels). Additionally, existing hardware-based solutions
often have a large code footprint in the trusted environment susceptible to
software compromises. In this paper we present HardIDX: a hardware-based
approach, leveraging Intel's SGX, for search over encrypted data. It implements
only the security critical core, i.e., the search functionality, in the trusted
environment and resorts to untrusted software for the remainder. HardIDX is
deployable as a highly performant encrypted database index: it is logarithmic
in the size of the index and searches are performed within a few milliseconds
rather than seconds. We formally model and prove the security of our scheme
showing that its leakage is equivalent to the best known searchable encryption
schemes. Our implementation has a very small code and memory footprint yet
still scales to virtually unlimited search index sizes, i.e., size is limited
only by the general - non-secure - hardware resources
Efficient algorithms for pairing-based cryptosystems
We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable
to that of RSA in larger characteristics.We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction
over Fpm, the latter technique being also useful in contexts other than that of pairing-based cryptography
Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits
We construct the first (key-policy) attribute-based encryption (ABE) system with short secret keys: the size of keys in our system depends only on the depth of the policy circuit, not its size. Our constructions extend naturally to arithmetic circuits with arbitrary fan-in gates thereby further reducing the circuit depth. Building on this ABE system we obtain the first reusable circuit garbling scheme that produces garbled circuits whose size is the same as the original circuit plus an additive poly(λ,d) bits, where λ is the security parameter and d is the circuit depth. All previous constructions incurred a multiplicative poly(λ) blowup.
We construct our ABE using a new mechanism we call fully key-homomorphic encryption, a public-key system that lets anyone translate a ciphertext encrypted under a public-key x into a ciphertext encrypted under the public-key (f(x),f) of the same plaintext, for any efficiently computable f. We show that this mechanism gives an ABE with short keys. Security of our construction relies on the subexponential hardness of the learning with errors problem.
We also present a second (key-policy) ABE, using multilinear maps, with short ciphertexts: an encryption to an attribute vector x is the size of x plus poly(λ,d) additional bits. This gives a reusable circuit garbling scheme where the garbled input is short.United States. Defense Advanced Research Projects Agency (Grant FA8750-11-2-0225)Alfred P. Sloan Foundation (Sloan Research Fellowship
Quantum Lightning Never Strikes the Same State Twice
Public key quantum money can be seen as a version of the quantum no-cloning
theorem that holds even when the quantum states can be verified by the
adversary. In this work, investigate quantum lightning, a formalization of
"collision-free quantum money" defined by Lutomirski et al. [ICS'10], where
no-cloning holds even when the adversary herself generates the quantum state to
be cloned. We then study quantum money and quantum lightning, showing the
following results:
- We demonstrate the usefulness of quantum lightning by showing several
potential applications, such as generating random strings with a proof of
entropy, to completely decentralized cryptocurrency without a block-chain,
where transactions is instant and local.
- We give win-win results for quantum money/lightning, showing that either
signatures/hash functions/commitment schemes meet very strong recently proposed
notions of security, or they yield quantum money or lightning.
- We construct quantum lightning under the assumed multi-collision resistance
of random degree-2 systems of polynomials.
- We show that instantiating the quantum money scheme of Aaronson and
Christiano [STOC'12] with indistinguishability obfuscation that is secure
against quantum computers yields a secure quantum money schem
Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps
{\em Verifiable computation} (VC) allows a computationally weak client to
outsource the evaluation of a function on many inputs to a powerful but
untrusted server. The client invests a large amount of off-line computation and
gives an encoding of its function to the server. The server returns both an
evaluation of the function on the client's input and a proof such that the
client can verify the evaluation using substantially less effort than doing the
evaluation on its own. We consider how to privately outsource computations
using {\em privacy preserving} VC schemes whose executions reveal no
information on the client's input or function to the server. We construct VC
schemes with {\em input privacy} for univariate polynomial evaluation and
matrix multiplication and then extend them such that the {\em function privacy}
is also achieved. Our tool is the recently developed {mutilinear maps}. The
proposed VC schemes can be used in outsourcing {private information retrieval
(PIR)}.Comment: 23 pages, A preliminary version appears in the 12th International
Conference on Cryptology and Network Security (CANS 2013
Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups
We develop an abstract framework that encompasses the key properties of bilinear groups of composite order that are required to construct secure pairing-based cryptosystems, and we show how to use prime-order elliptic curve groups to construct bilinear groups with the same properties. In particular, we define a generalized version of the subgroup decision problem and give explicit constructions of bilinear groups in which the generalized subgroup decision assumption follows from the decision Diffie-Hellman assumption, the decision linear assumption, and/or related assumptions in prime-order groups.
We apply our framework and our prime-order group constructions to create more efficient versions of cryptosystems that originally required composite-order groups. Specifically, we consider the Boneh-Goh-Nissim encryption scheme, the Boneh-Sahai-Waters traitor tracing system, and the Katz-Sahai-Waters attribute-based encryption scheme. We give a security theorem for the prime-order group instantiation of each system, using assumptions of comparable complexity to those used in the composite-order setting. Our conversion of the last two systems to prime-order groups answers a problem posed by Groth and Sahai
Puncturable Encryption: A Generic Construction from Delegatable Fully Key-Homomorphic Encryption
Puncturable encryption (PE), proposed by Green and Miers at IEEE S&P 2015, is
a kind of public key encryption that allows recipients to revoke individual
messages by repeatedly updating decryption keys without communicating with
senders. PE is an essential tool for constructing many interesting
applications, such as asynchronous messaging systems, forward-secret zero
round-trip time protocols, public-key watermarking schemes and forward-secret
proxy re-encryptions. This paper revisits PEs from the observation that the
puncturing property can be implemented as efficiently computable functions.
From this view, we propose a generic PE construction from the fully
key-homomorphic encryption, augmented with a key delegation mechanism (DFKHE)
from Boneh et al. at Eurocrypt 2014. We show that our PE construction enjoys
the selective security under chosen plaintext attacks (that can be converted
into the adaptive security with some efficiency loss) from that of DFKHE in the
standard model. Basing on the framework, we obtain the first post-quantum
secure PE instantiation that is based on the learning with errors problem,
selective secure under chosen plaintext attacks (CPA) in the standard model. We
also discuss about the ability of modification our framework to support the
unbounded number of ciphertext tags inspired from the work of Brakerski and
Vaikuntanathan at CRYPTO 2016
Quantum-secure message authentication via blind-unforgeability
Formulating and designing unforgeable authentication of classical messages in
the presence of quantum adversaries has been a challenge, as the familiar
classical notions of unforgeability do not directly translate into meaningful
notions in the quantum setting. A particular difficulty is how to fairly
capture the notion of "predicting an unqueried value" when the adversary can
query in quantum superposition. In this work, we uncover serious shortcomings
in existing approaches, and propose a new definition. We then support its
viability by a number of constructions and characterizations. Specifically, we
demonstrate a function which is secure according to the existing definition by
Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack,
whereby a query supported only on inputs that start with 0 divulges the value
of the function on an input that starts with 1. We then propose a new
definition, which we call "blind-unforgeability" (or BU.) This notion matches
"intuitive unpredictability" in all examples studied thus far. It defines a
function to be predictable if there exists an adversary which can use
"partially blinded" oracle access to predict values in the blinded region. Our
definition (BU) coincides with standard unpredictability (EUF-CMA) in the
classical-query setting. We show that quantum-secure pseudorandom functions are
BU-secure MACs. In addition, we show that BU satisfies a composition property
(Hash-and-MAC) using "Bernoulli-preserving" hash functions, a new notion which
may be of independent interest. Finally, we show that BU is amenable to
security reductions by giving a precise bound on the extent to which quantum
algorithms can deviate from their usual behavior due to the blinding in the BU
security experiment.Comment: 23+9 pages, v3: published version, with one theorem statement in the
summary of results correcte
Order-Revealing Encryption and the Hardness of Private Learning
An order-revealing encryption scheme gives a public procedure by which two
ciphertexts can be compared to reveal the ordering of their underlying
plaintexts. We show how to use order-revealing encryption to separate
computationally efficient PAC learning from efficient -differentially private PAC learning. That is, we construct a concept
class that is efficiently PAC learnable, but for which every efficient learner
fails to be differentially private. This answers a question of Kasiviswanathan
et al. (FOCS '08, SIAM J. Comput. '11).
To prove our result, we give a generic transformation from an order-revealing
encryption scheme into one with strongly correct comparison, which enables the
consistent comparison of ciphertexts that are not obtained as the valid
encryption of any message. We believe this construction may be of independent
interest.Comment: 28 page
Predicate Encryption for Circuits from LWE
In predicate encryption, a ciphertext is associated with descriptive attribute values x in addition to a plaintext Ό, and a secret key is associated with a predicate f. Decryption returns plaintext Ό if and only if f(x)=1. Moreover, security of predicate encryption guarantees that an adversary learns nothing about the attribute x or the plaintext Ό from a ciphertext, given arbitrary many secret keys that are not authorized to decrypt the ciphertext individually.
We construct a leveled predicate encryption scheme for all circuits, assuming the hardness of the subexponential learning with errors (LWE) problem. That is, for any polynomial function d=d(λ), we construct a predicate encryption scheme for the class of all circuits with depth bounded by d(λ), where λ is the security parameter.Microsoft Corporation (PhD Fellowship)Northrop Grumman Cybersecurity Research ConsortiumUnited States. Defense Advanced Research Projects Agency (Grant FA8750-11-2-0225)National Science Foundation (U.S.) (Awards CNS-1350619)National Science Foundation (U.S.) (Awards CNS-1413920)Alfred P. Sloan Foundation (Fellowship)Microsoft (Faculty Fellowship
- âŠ