29 research outputs found
An NP-Complete Problem in Grid Coloring
A c-coloring of G(n,m)=n x m is a mapping of G(n,m) into {1,...,c} such that
no four corners forming a rectangle have the same color. In 2009 a challenge
was proposed via the internet to find a 4-coloring of G(17,17). This attracted
considerable attention from the popular mathematics community. A coloring was
produced; however, finding it proved to be difficult. The question arises: is
the problem of grid coloring is difficult in general? We present three results
that support this conjecture, (1) an NP completeness result, (2) a lower bound
on Tree-resolution, (3) a lower bound on Tree-CP proofs. Note that items (2)
and (3) yield statements from Ramsey Theory which are of size polynomial in
their parameters and require exponential size in various proof systems.Comment: 25 page
POPE: Partial Order Preserving Encoding
Recently there has been much interest in performing search queries over
encrypted data to enable functionality while protecting sensitive data. One
particularly efficient mechanism for executing such queries is order-preserving
encryption/encoding (OPE) which results in ciphertexts that preserve the
relative order of the underlying plaintexts thus allowing range and comparison
queries to be performed directly on ciphertexts. In this paper, we propose an
alternative approach to range queries over encrypted data that is optimized to
support insert-heavy workloads as are common in "big data" applications while
still maintaining search functionality and achieving stronger security.
Specifically, we propose a new primitive called partial order preserving
encoding (POPE) that achieves ideal OPE security with frequency hiding and also
leaves a sizable fraction of the data pairwise incomparable. Using only O(1)
persistent and non-persistent client storage for
, our POPE scheme provides extremely fast batch insertion
consisting of a single round, and efficient search with O(1) amortized cost for
up to search queries. This improved security and
performance makes our scheme better suited for today's insert-heavy databases.Comment: Appears in ACM CCS 2016 Proceeding
Frontiers in Lattice Cryptography and Program Obfuscation
In this dissertation, we explore the frontiers of theory of cryptography along two lines. In the first direction, we explore Lattice Cryptography, which is the primary sub-area of post-quantum cryptographic research.
Our first contribution is the construction of a deniable attribute-based encryption scheme from lattices. A deniable encryption scheme is secure against
not only eavesdropping attacks as required by semantic security, but also stronger coercion attacks performed after the fact. An attribute-based encryption
scheme allows ``fine-grained'' access to ciphertexts, allowing for a decryption access policy to be embedded in ciphertexts and keys. We achieve both properties
simultaneously for the first time from lattices.
Our second contribution is the construction of a digital signature scheme that enjoys both short signatures and a completely tight security reduction from lattices. As a matter of independent interest, we give an improved method of randomized inversion of the G gadget matrix, which reduces the noise growth rate in homomorphic evaluations performed in a large number of lattice-based cryptographic schemes, without incurring the high cost of sampling discrete Gaussians.
In the second direction, we explore Cryptographic Program Obfuscation. A program obfuscator is a type of cryptographic software compiler that outputs executable code with the guarantee that ``whatever can be hidden about the internal workings of program code, is hidden.'' Indeed, program obfuscation can be viewed as a ``universal and cryptographically-complete'' tool.
Our third contribution is the first, full-scale implementation of secure program obfuscation in software. Our toolchain takes code written in a C-like programming
language, specialized for cryptography, and produces secure, obfuscated software.
Our fourth contribution is a new cryptanalytic attack against a variety of ``early'' program obfuscation candidates. We provide a general, efficiently-testable
property for any two branching programs, called partial inequivalence, which we show is sufficient for launching an ``annihilation attack'' against
several obfuscation candidates based on Garg-Gentry-Halevi multilinear maps
On the Complexity of Grid Coloring
This thesis studies problems at the intersection of Ramsey-theoretic mathematics, computational complexity, and communication complexity. The prototypical example of such a problem is Monochromatic-Rectangle-Free Grid Coloring. In an instance of Monochromatic-Rectangle-Free Grid Coloring, we are given a chessboard-like grid graph of dimensions n and m, where the vertices of the graph correspond to squares in the chessboard, and a number of allowed colors, c. The goal is to assign one of the allowed colors to each vertex of the grid graph so that no four vertices arranged in an axis-parallel rectangle are colored monochromatically. Our results include: 1. A conditional, graph-theoretic proof that deciding Monochromatic-Rectangle-Free Grid Coloring requires time superpolynomial in the input size. 2. A natural interpretation of Monochromatic-Rectangle-Free Grid Coloring as a lower bound on the communication complexity of a cluster of related predicates. 3. Original, best-yet, monochromatic-square-free grid colorings: a 2-coloring of the 13 x 13 grid, and a 3-coloring of the 39 x 39 grid. 4. An empirically-validated computational plan to decide a particular instance of Monochromatic-Rectangle-Free Grid Coloring that has been heavily studied by the broader theory community, but remains unsolved: whether the 17 x 17 grid can be 4-colored without monochromatic rectangles. Our plan is based in high-performance computing and is expected to take one year to complete
Weak is Better: Tightly Secure Short Signatures from Weak PRFs
The Boyen-Li signature scheme [Asiacrypt\u2716] is a major theoretical breakthrough. Via a clever homomorphic evaluation of a pseudorandom function over their verification key, they achieve a reduction loss in security linear in the underlying security parameter and entirely independent of the number of message queries made, while still maintaining short signatures (consisting of a single short lattice vector). All previous schemes with such an independent reduction loss in security required a linear number of such lattice vectors, and even in the classical world, the only schemes achieving short signatures relied on non-standard assumptions.
We improve on their result, providing a verification key smaller by a linear factor, a significantly tighter reduction with only a constant loss, and signing and verification algorithms that could plausibly run in about 1 second. Our main idea is to change the scheme in a manner that allows us to replace the pseudorandom function evaluation with an evaluation of a much more efficient weak pseudorandom function.
As a matter of independent interest, we give an improved method of randomized inversion of the G gadget matrix [MP12], which reduces the noise growth rate in homomorphic evaluations performed in a large number of lattice-based cryptographic schemes, without incurring the high cost of sampling discrete Gaussians
Dimension-Preserving Reductions from LWE to LWR
The Learning with Rounding (LWR) problem was first introduced by Banerjee, Peikert, and Rosen (Eurocrypt 2012) as a \emph{derandomized} form of the standard Learning with Errors (LWE) problem. The original motivation of LWR was as a building block for constructing efficient, low-depth pseudorandom functions on lattices. It has since been used to construct reusable computational extractors, lossy trapdoor functions, and deterministic encryption.
In this work we show two (incomparable) dimension-preserving reductions from LWE to LWR in the case of a \emph{polynomial-size modulus}. Prior works either required a superpolynomial modulus , or lost at least a factor in the dimension of the reduction. A direct consequence of our improved reductions is an improvement in parameters (i.e. security and efficiency) for each of the known applications of poly-modulus LWR.
Our results directly generalize to the ring setting. Indeed, our formal analysis is performed over ``module lattices,\u27\u27 as defined by Langlois and Stehlé (DCC 2015), which generalize both the general lattice setting of LWE and the ideal lattice setting of RLWE as the single notion M-LWE. We hope that taking this broader perspective will lead to further insights of independent interest
Vector Encoding over Lattices and Its Applications
In this work, we design a new lattice encoding structure for vectors. Our encoding can be used to achieve a packed FHE scheme that allows some SIMD operations and can be used to improve all the prior IBE schemes and signatures in the series. In particular, with respect to FHE setting, our method improves over the prior packed GSW structure of Hiromasa et al. (PKC \u2715), as we do not rely on a circular assumption as required in their work. Moreover, we can use the packing and unpacking method to extract each single element, so that the homomorphic operation supports element-wise and cross-element-wise computation as well. In the IBE scenario, we improves over previous constructions supporting -bit length identity from lattices substantially, such as Yamada (Eurocrypt \u2716), Katsumata, Yamada (Asiacrypt \u2716) and Yamada (Crypto \u2717), by shrinking the master public key to three matrices from standard Learning With Errors assumption. Additionally, our techniques from IBE can be adapted to construct a compact digital signature scheme, which achieves existential unforgeability under the standard Short Integer Solution (SIS) assumption with small polynomial parameters
Compact Identity Based Encryption from LWE
We construct an identity-based encryption (IBE) scheme from the standard Learning with Errors (LWE) assumption that has \emph{compact} public-key and achieves adaptive security in the standard model. In particular, our scheme only needs 2 public matrices to support O(\log^2 \secparam)-bit length identity, and O(\secparam / \log^2 \secparam) public matrices to support \secparam-bit length identity. This improves over previous IBE schemes from lattices substantially.
Additionally, our techniques from IBE can be adapted to construct a compact digital signature scheme, which achieves existential unforgeability under the standard Short Integer Solution (SIS) assumption with small polynomial parameters