Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.

Similar presentations

Presentation on theme: "Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen."— Presentation transcript:

1 Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen

2 Largest Known Prime 2 57,885,161 − 1 Electronic Frontier Foundation offers $250,000 prize for a prime with at least a billion digits

3 Knowledge Algorithm Knowledge Polynomial Time Extraction Procedure

4 Proofs of Knowledge Witness Extraction Hide the Witness Secrecy : Zero-Knowledge \ Witness indistinguishability Goal: Extract knowledge that is not publicly available

5 CCA Encryption Reduction To CPA Extraction

6 More Knowledge Zero-knowledge Proofs, Signatures, Non-malleable Commitments, Multi-party Computation, Obfuscation,… Reduction Extraction

7 How to Extract? Algorithm Knowledge Extraction?

8 Extraction by Interaction Or : Black-Box Extraction Adversary Extraction Public Parameters

9 Out of Reach Applications 3-Message Zero-Knowledge 2-Message Succinct Argument (SNARG)

10 Out of Reach Applications [Goldreich-Krawczyk][Gentry-Wichs] Black-Box Security Proof is Impossible

11 Knowledge of Exponent Adversary Extraction [Damgård 92] Non-Black-Box Extraction

12 Applications of KEA 3-Message Zero-Knowledge 2-Message Succinct Argument (SNARG) Knowledge of Exponent Assumption* (KEA) * and variants [HT98,BP04,Mie08,G10,L12,BCCT13,GGPR13,BCIOP13]

13 Extractable Functions Adversary Extraction [Canetti-Dakdouk 08]

14 Remarks on EF Adversary Extraction OWF, CRHF

15 Applications of EF 3-Message Zero-Knowledge 2-Message Succinct Argument (Privately Verifiable) Knowledge of Exponent Extractable One-Way Functions (EOWF) Extractable Collision-Resistant Hash Functions (ECRH) [BCCT12,GLR12,DFH12]

16 What is missing? Clean assumptions Candidates Strong applications

17 A Reduction Using EF Reduction

18 Do Extractable One-Way Functions with an Explicit Extractor Exist?

19 It depends on the Auxiliary Input.

20 Example: Zero-Knowledge Auxiliary input

21 Definition of EF with A.I.

22 Types of A.I. Individual \ Common Bounded \ Unbounded

23 What type of A.I. do we need?

24 Example: Zero-Knowledge

25 PossibleImpossibleOpen Subexp-LWEIndistinguishability Obfuscation Explicit Extractor Delegation for P from Subexp-PIR [Kalai-Raz-Rothblum13]

26 Generalized EOWF EOWF* = Privately-Verifiable Generalized EOWF 1.EOWF* suffices for applications of EOWF. 2.The impossibility results holds also for EOWF* 3.Can remove * assuming publicly-verifiable delegation for P (P-certificates)

27 Application 3-Message Zero-Knowledge EOWF 3-Message Zero-Knowledge For verifiers w. bounded A.I. EOWF with bounded A.I. EOWF* with bounded A.I. [BCCGLRT13]

28 Construction Survey Impossibility

29 Construction EOWF* with Bounded A.I from Privately-Verifiable Delegation for P EOWF with Bounded A.I from Publicly-Verifiable Delegation for P

30 First Attempt



33 Extraction

34 One-Wayness

35 Problem Solution: Delegation for P (following the protocols of [B01,BLV03])

36 Delegation for P

37 Final Construction

38 Extraction

39 One-Wayness

40 Generalized EOWF

41 Impossibility Assuming indistinguishability obfuscation, there is not EOWF with unbounded common auxiliary input

42 Intuition Adversary Non-Black-Box Extractor

43 Plan 1.Assuming virtual black-box obfuscation [Goldreich, Hada-Tanaka] 2.Assuming indistinguishability obfuscation

44 Common A.I.

45 Universal Extraction Universal Extractor Universal Adversary

46 Black-Box Extraction Universal Extractor Universal Adversary Black-box obfuscation

47 Black-Box Extraction Black-Box Extractor Adversary

48 Indistinguishability Obfuscation Compute the same function

49 Indistinguishability Obfuscation Extractor Adversary

50 Indistinguishability Obfuscation Extractor Alternative adversary

51 Alternative Adversary Using the Sahai-Waters puncturing technique

52 Indistinguishability Obfuscation Extractor

53 Back to the Construction?Construction

54 PossibleImpossibleOpen Extractable CRHF\COM\1-to-1 OWF

55  Thank You

Download ppt "Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen."

Similar presentations

Ads by Google