Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),

Published byGarry Hunter Modified over 9 years ago

Similar presentations

Presentation on theme: "On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),"— Presentation transcript:

1 On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA), Abishek Kumarasubramaniam (Google), Manoj Prabhakaran (UIUC), Amit Sahai (UCLA) Shashank Agrawal (UIUC), Saikrishna Badrinarayanan (UCLA), Manoj Prabhakaran (UIUC) Shweta Agrawal (IIT Delhi), Abishek Kumarasubramaniam (Google), Amit Sahai (UCLA)

2 Functional Encryption

3 Important questions Can we hide the function? Learn only function’s output? Keys after ciphertexts?

4 Security definitions IndistinguishabilitySimulation distinguish encryptions simulate view using function values Adaptive vs non-adaptive One vs many

5 Standard model woes Indistinguishability Learn only function’s output? Can we hide the function? [BRS13a, BRS13b] [BSW11]

6 Standard model woes Simulation Many-AD-SIM1-NA-SIM Impossible for IBE [BSW11] Not possible for PRFs [AGVW13]

7 Tricky situation IndistinguishabilitySimulation Not good enough Too strong Should we be content with achieving a weaker notion of security?

8 Two approaches “In-between” IND and SIM address as many usage scenarios as we can but consider attacks that are practically feasible [AGVW13, BF13, AAP15]

9 This work Strong UC-style definition of security. Secure scheme for inner-product predicates. Concrete security analysis. Obfuscation for hyper-plane membership. Generic group model (GGM).

10 DEFINITIONS

11 Functional Encryption NameInputOutput Setupmpk, msk Encryption Key Generation Decryption

12 Real WorldIdeal World Environment MSK, MPK MPK Adversary System Admin Oracle Simulator Switch to PK mode

13 Highlights Clean and intuitive definition. Both public and private key settings. All the desirable features: Can we hide the function? Learn only function’s output? Keys after ciphertexts?

14 But, wait! Simulation based security impossible to achieve. Yes, but in standard model. Generic group model, captures a large class of real- world attacks.

15 GENERIC GROUP MODEL

16 Generic group model

17 Bypassing impossibility Adversary performs group operations via generic group oracle which simulator can control. Simulator keeps track of queries. Learn what adversary is doing. Carefully program the oracle to behave like the real world.

18 On the assumption

19 CONSTRUCTION

20 Inner-product Predicate [KSW08]

21 Dual Pairing Vector Spaces

22 Construction

23 Conclusion An FE scheme for inner-product predicates strongly secure under the generic group model. Use other meaningful abstractions like ROM. Design schemes for other functionalities like IBE, ABE, etc.

24 Thank you.

Download ppt "On the Practical Security of Inner Product Functional Encryption Shashank Agrawal (UIUC), Shweta Agrawal (IIT Delhi), Saikrishna Badrinarayanan (UCLA),"

Similar presentations

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.

Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption Allison Lewko Tatsuaki Okamoto Amit Sahai The.
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.

Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.

Simulation-sound NIZK Proofs for a Practical Language and Constant Size Group Signatures Jens Groth University of California Los Angeles Presenter: Eike.
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption

Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
EXPLICIT NON-MALLEABLE CODES RESISTANT TO PERMUTATIONS Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran.

EXPLICIT NON-MALLEABLE CODES RESISTANT TO PERMUTATIONS Shashank Agrawal (UIUC), Divya Gupta (UCLA), Hemanta Maji (UCLA), Omkant Pandey (UIUC), Manoj Prabhakaran.
Functional Encryption & Property Preserving Encryption

Functional Encryption & Property Preserving Encryption
Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter.

Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter.
Anonymity-preserving Public-Key Encryption Markulf Kohlweiss Ueli Maurer, Cristina Onete, Björn Tackmann, and Daniele Venturi PETS 2013.

Anonymity-preserving Public-Key Encryption Markulf Kohlweiss Ueli Maurer, Cristina Onete, Björn Tackmann, and Daniele Venturi PETS 2013.
Attribute-based Encryption

Attribute-based Encryption
Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.

Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions PKC 2010 May 27, 2010 Petros Mol, Scott Yilek 1 UC, San Diego.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.

Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
How to Use Indistinguishability Obfuscation

How to Use Indistinguishability Obfuscation
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
Dual System Encryption: Concept, History and Recent works Jongkil Kim.

Dual System Encryption: Concept, History and Recent works Jongkil Kim.
On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland.

On Minimal Assumptions for Sender-Deniable Public Key Encryption Dana Dachman-Soled University of Maryland.
Cryptography and Network Security CSL 759 Shweta Agrawal.

Cryptography and Network Security CSL 759 Shweta Agrawal.
Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.

Public-Key Encryption in the Bounded-Retrieval Model Joël Alwen, Yevgeniy Dodis, Moni Naor, Gil Segev, Shabsi Walfish, Daniel Wichs Earlier Today: Yevgeniy.
Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.

Dual System Encryption: Realizing IBE and HIBE from Simple Assumptions Brent Waters.

Similar presentations

Ads by Google