Allison Lewko

1 Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting
2 Types of Bilinear Groups
Prime Order: Composite Order:

3 Pros and Cons Composite Order Groups: Prime Order Groups:
Smaller group order Orthogonal Subgroups Faster pairings Coprime Orders Simple assumptions Large group order Lack of extra structure Slow pairings

4 Goal Composite Order Groups Prime Order Groups

5 Prior State of Affairs Ad Hoc Results General translation [F10] [OT10]
[BGN05] [LOSTW10] [KSW08] [BSW06] [W09] Ad Hoc Results General translation [F10]

6 Challenge Prime Order Groups Composite Order Groups Proof construction

7 What Features Do Proofs Need?
Orthogonal Subgroups: Expand/Contract With Computational Assumptions Hidden Parameters: Public Parameters V|PP - random variable - has some entropy Internal View V Simulator Attacker

8 Building Orthogonality in Prime Order

9 Progress So Far ?

10 Exploiting Coprimality
Chinese Remainder Theorem attacker simulator

11 Goal Replace coprimality, CRT Alternate mechanism
for hiding parameters

12 Tool: Dual Pairing Vector Spaces [OT08,09]

13 Orthogonal Subspaces with DPVS
Orthogonality across bases, not within!

14 Hidden Parameters with DPVS
Can’t detect change! Not Everything! What can be determined about hidden vectors?

15 Expanding/Contracting with DPVS

16 Demonstration: Boneh-Boyen IBE

17 Sketch of Proof Dual System Encryption Subspace Assumption Decryption
Failure! Dual System Encryption

18 Further Applications Lewko-Waters Unbounded HIBE
Natural prime order construction Security from DLIN Simpler proof

19 Summary Dual pairing vector spaces 1. orthogonality
2. parameter hiding Subspace assumption 1. simulated subgroup decision 2. implied by DLIN General tools for translating dual system encryption proofs

20 Thanks for your attention.

