Presentation on theme: "Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting Allison Lewko TexPoint fonts used in EMF. Read the TexPoint."— Presentation transcript:
Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting Allison Lewko TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA A A A A
Types of Bilinear Groups Prime Order: Composite Order:
Pros and Cons Prime Order Groups:Composite Order Groups: Orthogonal Subgroups Coprime Orders Large group order Slow pairings Simple assumptions Smaller group order Faster pairings Lack of extra structure
Composite Order Groups Composite Order Groups Prime Order Groups Prime Order Groups Goal
Prior State of Affairs Ad Hoc Results [LOSTW10] [OT10] [W09] [BGN05] [BSW06] [KSW08] General translation [F10]
Challenge Proof construction Composite Order Groups Composite Order Groups Prime Order Groups Prime Order Groups
What Features Do Proofs Need? Orthogonal Subgroups: Hidden Parameters: Simulator Public Parameters Internal View V Attacker V|PP - random variable - has some entropy Expand/Contract With Computational Assumptions
Building Orthogonality in Prime Order
Progress So Far ?
Exploiting Coprimality attacker simulator Chinese Remainder Theorem
Goal Replace coprimality, CRT Alternate mechanism for hiding parameters
Tool: Dual Pairing Vector Spaces [OT08,09]
Orthogonal Subspaces with DPVS orthogonal Orthogonality across bases, not within!
Hidden Parameters with DPVS What can be determined about hidden vectors? Not Everything! Cant detect change!
Expanding/Contracting with DPVS
Demonstration: Boneh-Boyen IBE
Sketch of Proof Decryption Failure! Dual System Encryption Subspace Assumption
Further Applications Lewko-Waters Unbounded HIBE -Natural prime order construction -Security from DLIN -Simpler proof
Summary Dual pairing vector spaces 1. orthogonality 2. parameter hiding Subspace assumption 1. simulated subgroup decision 2. implied by DLIN General tools for translating dual system encryption proofs