197 research outputs found
POPE: Partial Order Preserving Encoding
Recently there has been much interest in performing search queries over
encrypted data to enable functionality while protecting sensitive data. One
particularly efficient mechanism for executing such queries is order-preserving
encryption/encoding (OPE) which results in ciphertexts that preserve the
relative order of the underlying plaintexts thus allowing range and comparison
queries to be performed directly on ciphertexts. In this paper, we propose an
alternative approach to range queries over encrypted data that is optimized to
support insert-heavy workloads as are common in "big data" applications while
still maintaining search functionality and achieving stronger security.
Specifically, we propose a new primitive called partial order preserving
encoding (POPE) that achieves ideal OPE security with frequency hiding and also
leaves a sizable fraction of the data pairwise incomparable. Using only O(1)
persistent and non-persistent client storage for
, our POPE scheme provides extremely fast batch insertion
consisting of a single round, and efficient search with O(1) amortized cost for
up to search queries. This improved security and
performance makes our scheme better suited for today's insert-heavy databases.Comment: Appears in ACM CCS 2016 Proceeding
ObliviSync: Practical Oblivious File Backup and Synchronization
Oblivious RAM (ORAM) protocols are powerful techniques that hide a client's
data as well as access patterns from untrusted service providers. We present an
oblivious cloud storage system, ObliviSync, that specifically targets one of
the most widely-used personal cloud storage paradigms: synchronization and
backup services, popular examples of which are Dropbox, iCloud Drive, and
Google Drive. This setting provides a unique opportunity because the above
privacy properties can be achieved with a simpler form of ORAM called
write-only ORAM, which allows for dramatically increased efficiency compared to
related work. Our solution is asymptotically optimal and practically efficient,
with a small constant overhead of approximately 4x compared with non-private
file storage, depending only on the total data size and parameters chosen
according to the usage rate, and not on the number or size of individual files.
Our construction also offers protection against timing-channel attacks, which
has not been previously considered in ORAM protocols. We built and evaluated a
full implementation of ObliviSync that supports multiple simultaneous read-only
clients and a single concurrent read/write client whose edits automatically and
seamlessly propagate to the readers. We show that our system functions under
high work loads, with realistic file size distributions, and with small
additional latency (as compared to a baseline encrypted file system) when
paired with Dropbox as the synchronization service.Comment: 15 pages. Accepted to NDSS 201
Fair Traceable Multi-Group Signatures
This paper presents fair traceable multi-group signatures (FTMGS), which have enhanced capabilities, compared to group and traceable signatures, that are important in real world scenarios combining accountability and anonymity. The main goal of the primitive is to allow multiple groups that are managed separately (managers are not even aware of the other ones), yet allowing users (in the spirit of the Identity 2.0 initiative) to manage what they reveal about their identity with respect to these groups by themselves. This new primitive incorporates the following additional features.
- While considering multiple groups it discourages users from sharing their private membership keys through two orthogonal and complementary approaches. In fact, it merges functionality similar to credential systems with anonymous type of signing with revocation.
- The group manager now mainly manages joining procedures, and new entities (called fairness authorities and consisting of various representatives, possibly) are involved in opening and revealing
procedures. In many systems scenario assuring fairness in anonymity revocation is required.
We specify the notion and implement it in the random oracle model
A Practical Oblivious Map Data Structure with Secure Deletion and History Independence
We present a new oblivious RAM that supports variable-sized storage blocks (vORAM), which is the first ORAM to allow varying block sizes without trivial padding. We also present a new history-independent data structure (a HIRB tree) that can be stored within a vORAM. Together, this construction provides an efficient and practical oblivious data structure (ODS) for a key/value map, and goes further to provide an additional privacy guarantee as compared to prior ODS maps: even upon client compromise, deleted data and the history of old operations remain hidden to the attacker.
We implement and measure the performance of our system using Amazon Web Services, and the single-operation time for a realistic database (up to entries) is less than 1 second. This represents a 100x speed-up compared to the current best oblivious map data structure (which provides neither secure deletion nor history independence) by Wang et al. (CCS 14)
Multi-Client Non-Interactive Verifiable Computation
Gennaro et al.\ (Crypto 2010) introduced the notion of \emph{non-interactive verifiable computation}, which allows a computationally weak client to outsource the computation of a function on a series of inputs to a more
powerful but untrusted server. Following a pre-processing phase (that is carried out only once), the client sends some representation of its current input to the server; the server returns an answer that allows the client to recover the correct result , accompanied by a proof of correctness that ensures the client does not accept an incorrect result. The crucial property is that the work done by the client in preparing its input and verifying the server\u27s proof is less than the time required for the client to compute~ on its own.
We extend this notion to the \emph{multi-client} setting, where computationally weak clients wish to outsource to an untrusted server the computation of a function over a series of {\em joint} inputs (x_1^{(1)}, \ldots, x_{\clients}^{(1)}), \ldots without interacting with each other. We present a construction for this setting by combining the scheme of Gennaro et al.\ with a primitive called proxy oblivious transfer
A Black-Box Construction of Non-Malleable Encryption from Semantically Secure Encryption
We show how to transform any semantically secure encryption scheme into a
non-malleable one, with a black-box construction that achieves a quasi-linear
blow-up in the size of the ciphertext.
This improves upon the previous non-black-box construction of Pass,
Shelat and Vaikuntanathan (Crypto \u2706). Our construction also
extends readily to guarantee non-malleability under a bounded-CCA2
attack, thereby simultaneously improving on both results in the work
of Cramer et al. (Asiacrypt \u2707).
Our construction departs from the oft-used paradigm of re-encrypting the same
message with different keys and then proving consistency of encryption.
Instead, we encrypt an encoding of the message; the encoding is based on an
error-correcting code with certain properties of reconstruction and secrecy
from partial views, satisfied, e.g., by a Reed-Solomon code
On the Security of the Free-XOR Technique
Yao\u27s garbled-circuit approach enables constant-round secure two-party computation for any boolean circuit. In Yao\u27s original construction, each gate in the circuit requires the parties to perform a constant number of encryptions/decryptions, and to send/receive a constant number of ciphertexts. Kolesnikov and Schneider (ICALP 2008) proposed an improvement that allows XOR gates in the circuit to be evaluated ``for free\u27\u27, i.e., incurring no cryptographic operations and zero communication. Their ``free-XOR\u27\u27 technique has proven very popular, and has been shown to improve performance of garbled-circuit protocols by up to a factor of~4.
Kolesnikov and Schneider proved security of their approach in the random oracle model, and claimed that (an unspecified variant of) correlation robustness would suffice; this claim has been repeated in subsequent work, and similar ideas have since been used (with the same claim about correlation robustness) in other contexts. We show that, in fact, the free-XOR technique cannot be proven secure based on
correlation robustness alone: somewhat surprisingly, some form of circular security is also required. We propose an appropriate notion of security for hash functions capturing the necessary requirements, and prove security of the free-XOR approach when instantiated with any hash function satisfying our definition.
Our results do not impact the security of the free-XOR technique in practice, or imply an error in the free-XOR work, but instead
pin down the assumptions needed to prove security
Improved, Black-Box, Non-Malleable Encryption from Semantic Security
We give a new black-box transformation from any semantically secure encryption scheme into a non-malleable one which has a better rate than the best previous work of Coretti et al. (TCC 2016-A). We achieve a better rate by departing from the âmatrix encodingâ methodology used by previous constructions, and working directly with a single codeword. We also use a Shamir secret-share packing technique to improve the rate of the underlying error-correcting code
Secure Multi-Party Computation of Boolean Circuits with Applications to Privacy in On-Line Marketplaces
Protocols for generic secure multi-party computation (MPC) come in two forms: they either represent the function being computed as a boolean circuit, or as an arithmetic circuit over a large field. Either type of protocol can be used for any function, but the choice of which type of protocol to use can have a significant impact on efficiency. The magnitude of the effect, however, has never been quantified.
With this in mind, we implement the MPC protocol of Goldreich, Micali, and Wigderson, which uses a boolean representation and is secure against a semi-honest adversary corrupting any number of parties. We then consider applications of secure MPC in on-line marketplaces, where customers select resources advertised by providers and it is desired to ensure privacy to the extent possible. Problems here are more naturally formulated in terms of boolean circuits, and we study the performance of our MPC implementation relative to existing ones that use an arithmetic-circuit representation. Our protocol easily handles tens of customers/providers and thousands of resources, and outperforms existing implementations including FairplayMP, VIFF, and SEPIA
(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens
We continue the line of work initiated by Katz (Eurocrypt 2007) on using tamper-proof hardware tokens for universally composable secure computation. As our main result, we show an oblivious-transfer (OT) protocol in which two parties each create and exchange a single, stateless token and can then run an unbounded number of OTs. We also show a more efficient protocol, based only on standard symmetric-key primitives (block ciphers and collision-resistant hash functions), that can be used if a bounded number of OTs suffice.
Motivated by this result, we investigate the number of stateless tokens needed for universally composable OT. We prove that our protocol is optimal in this regard for constructions making black-box use of the tokens (in a sense we define). We also show that nonblack-box techniques can be used to obtain a construction using only a single stateless token
- âŠ