On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland.

Slides:

Advertisements

Similar presentations

Quantum Software Copy-Protection Scott Aaronson (MIT) |

Advertisements

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.

A Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware (sPA1) Encryption Scheme Dana Dachman-Soled University of Maryland.

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Ran Canetti, Yael Tauman Kalai, Mayank Varia, Daniel Wichs.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.

REDUCTION-RESILIENT CRYPTOGRAPHY: PRIMITIVES THAT RESIST REDUCTIONS FROM ALL STANDARD ASSUMPTIONS Daniel Wichs (Charles River Crypto Day ‘12)

Semi-Honest to Malicious Oblivious-Transfer The Black-box Way Iftach Haitner Weizmann Institute of Science.

Muthuramakrishnan Venkitasubramaniam WORKSHOP: THEORY AND PRACTICE OF SECURE MULTIPARTY COMPUTATION Adaptive UC from New Notions of Non-Malleability Adaptive.

Simple, Black-Box Constructions of Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia University), Tal Malkin (Columbia University),

How to Use Indistinguishability Obfuscation

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

Nir Bitansky, Ran Canetti, Omer Paneth, Alon Rosen.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Optimistic Concurrent Zero-Knowledge Alon Rosen IDC Herzliya abhi shelat University of Virginia.

Nir Bitansky and Omer Paneth. Interactive Proofs.

On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),

S EMANTICALLY - SECURE FUNCTIONAL ENCRYPTION : P OSSIBILITY RESULTS, IMPOSSIBILITY RESULTS AND THE QUEST FOR A GENERAL DEFINITION Adam O’Neill, Georgetown.

On Virtual Grey-Box Obfuscation for General Circuits Nir Bitansky Ran Canetti Yael Tauman-Kalai Omer Paneth.

Impossibility Results for Concurrent Two-Party Computation Yehuda Lindell IBM T.J.Watson.

On the (Im)Possibility of Key Dependent Encryption Iftach Haitner Microsoft Research TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

1 Intro To Encryption Exercise 4. 2 Defining Pseudo-Random Permutation Let A be alg. with oracle to a function from {0,1} k to {0,1} k Notation: let A.

Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group

Non-interactive and Reusable Non-malleable Commitments Ivan Damgård, BRICS, Aarhus University Jens Groth, Cryptomathic A/S.

1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

Hybrid Signcryption with Outsider Security

ON THE PROVABLE SECURITY OF HOMOMORPHIC ENCRYPTION Andrej Bogdanov Chinese University of Hong Kong Bertinoro Summer School | July 2014 based on joint work.

Nir Bitansky Ran Canetti Henry Cohn Shafi Goldwasser Yael Tauman-Kalai

On the Implausibility of Differing-Inputs Obfuscation (and Extractable Witness Encryption) with Auxiliary Input Daniel Wichs (Northeastern U) with: Sanjam.

On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.

A Brief History of Provable Security and PKE Alex Dent Information Security Group Royal Holloway, University of London.

Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.

Standard Security Does Not Imply Security Against Selective-Opening Mihir Bellare, Rafael Dowsley, Brent Waters, Scott Yilek (UCSD, UCSD, UT Austin, U.

Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011

1 eill Adam O’Neill Georgetown University Joint work with Dana Dachman-Soled (Univ. of Maryland), Georg Fuchsbauer (IST Austria), and Payman Mohassel (Univ.

A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.

Improved Non-Committing Encryption with Application to Adaptively Secure Protocols joint work with Dana Dachman-Soled (Columbia Univ.), Tal Malkin (Columbia.

CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.

Nir Bitansky and Omer Paneth. Program Obfuscation.

Witness Encryption and Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption Craig Gentry IBM Allison Lewko Columbia Amit.

Chapter Integration of substitution and integration by parts of the definite integral.

Obfuscation of Probabilistic Circuits Ran Canetti, Huijia Lin Stefano Tessaro, Vinod Vaikuntanathan.

Universally Composable computation with any number of faults Ran Canetti IBM Research Joint works with Marc Fischlin, Yehuda Lindell, Rafi Ostrovsky, Tal.

Public Key Encryption with Keyword Search

Lower Bounds on Assumptions behind Indistinguishability Obfuscation

Tae-Joon Kim Jong yun Jun

Boaz Barak, Nir Bitansky, Ran Canetti, Yael Tauman Kalai, Omer Paneth, Amit Sahai.

1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.

Cryptography Lecture 6 Arpita Patra © Arpita Patra.

CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.

Deniable Functional Encryption PKC 2016 Academia Sinica, Taipei, TAIWAN March 6-9, 2016 Angelo de Caro 1, Vincenzo Iovino 2, Adam O’Neill 3 1 IBM Research,

Lower Bounds on Assumptions behind Indistinguishability Obfuscation

Adaptively Secure Multi-Party Computation from LWE (via Equivocal FHE)

Selective-opening security in the presence of randomness failures

Laconic Oblivious Transfer and its Applications

Modern symmetric-key Encryption

Secrecy of (fixed-length) stream ciphers

Verifiable Oblivious Storage

Risky Traitor Tracing and New Differential Privacy Negative Results

Topic 7: Pseudorandom Functions and CPA-Security

Cryptography for Quantum Computers

Rishab Goyal Venkata Koppula Brent Waters

Presentation transcript:

On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland

Deniable Public Key Encryption [Canetti, Dwork, Naor, Ostrovsky, 97] SenderReceiver

Sender-Deniable Public Key Encryption [Canetti, Dwork, Naor, Ostrovsky, 97] SenderReceiver Receiver Analogous definition for Receiver-Deniable Public Key Encryption Applications: incoercibility After the fact incoercibility Adaptive Adaptive security

What is known? Receiver-Deniable PKE and thus Deniable PKE is impossible [Bendlin, Nielsen, Nordholt, Orlandi, 11]. Sender-Deniable encryption with weak security from standard assumptions [Canetti, Dwork, Naor, Ostrovsky, 97]. Bi-Deniable encryption in the multi-distributional model constructed by [O’Neill, Peikert, Waters, 11] [Sahai, Waters 14] achieve Sender-Deniable public key encryption from indistinguishability obfuscation (IO). – Non-black box use of underlying primitives. – Requires strong assumptions (FHE + multilinear maps).

Our Goal Understand minimal assumptions necessary for sender-deniable public key encryption. Necessity of non-black-box techniques. sender- deniable public key encryption simulatable public key encryption Is there a black-box construction of sender- deniable public key encryption from simulatable public key encryption?

Underlying primitive we consider Simulatable Public Key Encryption honestly obliviously Intuition: Can generate a public key/ciphertext honestly and claim that it was generated obliviously. “Oblivious” Why this primitive? Simulatable PKE is sufficient for related primitives: Bi-deniable encryption in the multi-distributional model [OPW11] 1/poly-secure sender-deniable encryption [CDNO97] Non-committing encryption [CFGN96].

Weak Sender-Deniable PKEfrom Simulatable PKE Simplification of [CDNO97] construction: Problem: Cannot lie and claim that an obliviously generated ciphertext was generated non-obliviously. Only achieves O(k) security, where k is the number of queries made by encryption. Polynomial security: Real and Fake openings can be distinguished with 1/poly advantage Super-polynomial security: Real and Fake openings can only be distinguished with negligible advantage Obliv... k ciphertexts Obliv. Obliv To encrypt a 0, set odd number of ciphertexts to oblivious. To encrypt a 1, set an even number of ciphertexts to oblivious. To deny, lie and say that an honestly generated ciphertext was generated obliviously.

Our Results Theorem: There is no black-box construction of sender-deniable public key encryption with super-polynomial security from simulatable public key encryption.

Some Proof Intuition Oracle separation: Oracle relative to which Simulatable PKE exists, Sender-Deniable PKE does not exist. Our oracle:

Some Proof Intuition

A First Attempt

Problem To encrypt a 0: 12n encryptions Obliv

Problem Can claim an encryption of 0 is an encryption of 1: In the process will add an arbitrary query to set of intersection queries. Obliv

Some Proof Intuition

Open Problems Extend impossibility result to trapdoor permutations. Extend impossibility results to multiple round encryption schemes. Construct sender-deniable public key encryption without relying on IO?

Thank you!