Incremental Deterministic Public-Key Encryption
Post on 07-Jan-2016
35 Views
Preview:
DESCRIPTION
Transcript
INCREMENTAL DETERMINISTIC PUBLIC-
KEY ENCRYPTIONIlya Mironov, Omkant Pandey,
Omer Reingold, Gil Segev
Microsoft Research
Incremental Deterministic Public-Key Encryption
Deterministic Public-Key Encryption
-source adversary
π π
min-entropy min-entropy
min-entropy : Probability of any output
Deterministic Public-Key Encryption: PRIV1-IND
π π
[Bellare, Boldyreva, OβNeill CRYPTOβ07]
min-entropy min-entropy
Epk[ ] Epk[ ]π
and are independent of PK
Is It Secure?
Computational assumptions
Min-entropy of the source
Secure Deterministic Encryption
Long, unpredictable plaintext:- digital photograph- MS Word document- entire database- full disk
- search- de-duplication- deterministic KEM
security
efficiencyLength of the plaintext
Incrementality
- Incrementality with access to plaintext: setting bit- Incrementality without access to plaintext: flipping bit
degree
Incremental Deterministic Public-Key Encryption
Our results Lower bound: Two schemes
1. Generic Solution
2. DDH-based solution
tight up to polylog factors
incrementality
min-entropy
Deterministic Encryption
Incremental Deterministic Encryption
NaΓ―ve Generic Solutionmin-entropy
?
E E Eβ¦
E: deterministic encryption scheme
Sample-then-extract
[Nisan,Zuckermanβ96] [Vadhanβ04]
min-entropy
similar min-entropy rate
Generic Solutionmin-entropy
Partition input into random subsets
PRIV-IND PRIV1-IND with Incrementality
Standard Model
DDH PRIV1-IND with Incrementality
Lossy Trapdoor Functions
[Peikert, Waters STOCβ08]
π w/ trapdoor
π
Injective mode:
Lossy mode:
π
Smooth Trapdoor Functions
π w/ trapdoor
π
Injective mode:
Smooth mode:
π statisticallyclose
min-entropy
Smooth Trapdoor Functions PRIV1-IND
Security
π (π ) π (π )injective mode:
π (π ) π (π )smooth mode:
π π
min-entropy min-entropy
Construction of PRIV1-IND
π βπ
Lossy Trapdoor Function Pairwise-independent permutation
Smooth Trapdoor Function
[Boldyreva, Fehr, OβNeill CRYPTOβ08]
Deterministic Public-Key Encryption
Construction of PRIV1-IND
π βπ
Lossy Trapdoor Function Pairwise-independent permutation
Smooth Trapdoor Function
[Boldyreva, Fehr, OβNeill CRYPTOβ08]
Deterministic Public-Key EncryptionIncremental
Construction of Lossy TDF
[Freeman, Goldreich, Kiltz, Rosen, Segev PKCβ10] [Brakerski, Segev CRYPTOβ11]
Given output
Given compute Output
Sample Output and
(ππ΄ ) ππ=(ππππ )Key generation
Encryption
Decryption
- group of order generated by
Security Argument: Lossy TDF
ππ΄βπππ΅
rank rank 1
β injective β bits
Towards Incremental Smooth TDF
ππ΄βπππ΅
rank sparse
rank βsparse
β injective if has min-entropy , statistically close to the uniform over its range
Towards Incremental Smooth TDF
π11Γπ12Γπ13Γ
π21Γπ22Γπ23Γ
Sample-then-extract + Leftover Hash Lemma
β
Towards Incremental Smooth TDF
π11Γπ12Γπ13Γ
π21Γπ22Γπ23Γ
Towards Incremental Smooth TDF
π11Γπ12Γπ13Γ
π21Γπ22Γπ23Γ
Smooth vs Injective Mode
π
rank full rank
π π
π11Γπ12Γπ13Γ
π21Γπ22Γπ23Γ
Incrementality
π11Γπ12Γπ13Γ
π21Γπ22Γπ23Γ
Open Problems
Incremental Deterministic Encryption: Stronger security: PRIV-IND (multiple
messages) Length-preserving in the standard model
Deterministic Encryption: Relaxing the definition to allow dependency
on the public key
top related