Download presentation

Presentation is loading. Please wait.

Published byMervyn Wright Modified over 2 years ago

1
Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen

2
Largest Known Prime 2 57,885,161 − 1 Electronic Frontier Foundation offers $250,000 prize for a prime with at least a billion digits

3
Knowledge Algorithm Knowledge Polynomial Time Extraction Procedure

4
Proofs of Knowledge Witness Extraction Hide the Witness Secrecy : Zero-Knowledge \ Witness indistinguishability Goal: Extract knowledge that is not publicly available

5
CCA Encryption Reduction To CPA Extraction

6
More Knowledge Zero-knowledge Proofs, Signatures, Non-malleable Commitments, Multi-party Computation, Obfuscation,… Reduction Extraction

7
How to Extract? Algorithm Knowledge Extraction?

8
Extraction by Interaction Or : Black-Box Extraction Adversary Extraction Public Parameters

9
Out of Reach Applications 3-Message Zero-Knowledge 2-Message Succinct Argument (SNARG)

10
Out of Reach Applications [Goldreich-Krawczyk][Gentry-Wichs] Black-Box Security Proof is Impossible

11
Knowledge of Exponent Adversary Extraction [Damgård 92] Non-Black-Box Extraction

12
Applications of KEA 3-Message Zero-Knowledge 2-Message Succinct Argument (SNARG) Knowledge of Exponent Assumption* (KEA) * and variants [HT98,BP04,Mie08,G10,L12,BCCT13,GGPR13,BCIOP13]

13
Extractable Functions Adversary Extraction [Canetti-Dakdouk 08]

14
Remarks on EF Adversary Extraction OWF, CRHF

15
Applications of EF 3-Message Zero-Knowledge 2-Message Succinct Argument (Privately Verifiable) Knowledge of Exponent Extractable One-Way Functions (EOWF) Extractable Collision-Resistant Hash Functions (ECRH) [BCCT12,GLR12,DFH12]

16
What is missing? Clean assumptions Candidates Strong applications

17
A Reduction Using EF Reduction

18
Do Extractable One-Way Functions with an Explicit Extractor Exist?

19
It depends on the Auxiliary Input.

20
Example: Zero-Knowledge Auxiliary input

21
Definition of EF with A.I.

22
Types of A.I. Individual \ Common Bounded \ Unbounded

23
What type of A.I. do we need?

24
Example: Zero-Knowledge

25
PossibleImpossibleOpen Subexp-LWEIndistinguishability Obfuscation Explicit Extractor Delegation for P from Subexp-PIR [Kalai-Raz-Rothblum13]

26
Generalized EOWF EOWF* = Privately-Verifiable Generalized EOWF 1.EOWF* suffices for applications of EOWF. 2.The impossibility results holds also for EOWF* 3.Can remove * assuming publicly-verifiable delegation for P (P-certificates)

27
Application 3-Message Zero-Knowledge EOWF 3-Message Zero-Knowledge For verifiers w. bounded A.I. EOWF with bounded A.I. EOWF* with bounded A.I. [BCCGLRT13]

28
Construction Survey Impossibility

29
Construction EOWF* with Bounded A.I from Privately-Verifiable Delegation for P EOWF with Bounded A.I from Publicly-Verifiable Delegation for P

30
First Attempt

33
Extraction

34
One-Wayness

35
Problem Solution: Delegation for P (following the protocols of [B01,BLV03])

36
Delegation for P

37
Final Construction

38
Extraction

39
One-Wayness

40
Generalized EOWF

41
Impossibility Assuming indistinguishability obfuscation, there is not EOWF with unbounded common auxiliary input

42
Intuition Adversary Non-Black-Box Extractor

43
Plan 1.Assuming virtual black-box obfuscation [Goldreich, Hada-Tanaka] 2.Assuming indistinguishability obfuscation

44
Common A.I.

45
Universal Extraction Universal Extractor Universal Adversary

46
Black-Box Extraction Universal Extractor Universal Adversary Black-box obfuscation

47
Black-Box Extraction Black-Box Extractor Adversary

48
Indistinguishability Obfuscation Compute the same function

49
Indistinguishability Obfuscation Extractor Adversary

50
Indistinguishability Obfuscation Extractor Alternative adversary

51
Alternative Adversary Using the Sahai-Waters puncturing technique

52
Indistinguishability Obfuscation Extractor

53
Back to the Construction?Construction

54
PossibleImpossibleOpen Extractable CRHF\COM\1-to-1 OWF

55
Thank You

Similar presentations

OK

Client-Server Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity Ran Canetti, Abhishek Jain and Omer Paneth 1.

Client-Server Concurrent Zero Knowledge with Constant Rounds and Guaranteed Complexity Ran Canetti, Abhishek Jain and Omer Paneth 1.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on current account convertibility Human body systems for kids ppt on batteries Ppt on panel discussion moderator Ppt on indian railway system Ppt on council of ministers cambodia Ppt on ufos unidentified flying objects Ppt on holographic technology adopted Ppt on moles concept Ppt on deccan plateau of india Ppt on indian culture in hindi