Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Lower Bounds on Anonymous Whistleblowing Kapitel lesen Erstes Kapitel lesen

2023 | OriginalPaper | Buchkapitel

Anonymous Permutation Routing

verfasst von : Paul Bunn, Eyal Kushilevitz, Rafail Ostrovsky

Erschienen in: Theory of Cryptography

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The Non-Interactive Anonymous Router (NIAR) model was introduced by Shi and Wu [SW21] as an alternative to conventional solutions to the anonymous routing problem, in which a set of senders wish to send messages to a set of receivers. In contrast to most known approaches to support anonymous routing (e.g. mix-nets, DC-nets, etc.), which rely on a network of routers communicating with users via interactive protocols, the NIAR model assumes a single router and is inherently non-interactive (after an initial setup phase). In addition to being non-interactive, the NIAR model is compelling due to the security it provides: instead of relying on the honesty of some subset of the routers, the NIAR model requires anonymity even if the router (as well as an arbitrary subset of senders/receivers) is corrupted by an honest-but-curious adversary.
In this paper, we present a protocol for the NIAR model that improves upon the results from [SW21] in two ways:
  • Improved computational efficiency (quadratic to near linear): Our protocol matches the communication complexity of [SW21] for each sender/receiver, while reducing the computational overhead for the router to polylog overhead instead of linear overhead.
  • Relaxation of assumptions: Security of the protocol in [SW21] relies on the Decisional Linear assumption in bilinear groups; while security for our protocol follows from the existence of any rate-1 oblivious transfer (OT) protocol (instantiations of which are known to exist under the DDH, QR and LWE assumptions [DGI+19, GHO20]).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Lower Bounds on Anonymous Whistleblowing
Nächstes Kapitel Non-Interactive Anonymous Router with Quasi-Linear Router Computation
Fußnoten
1
Our limitation to HBC adversaries is only needed to ensure Correctness of our protocol - that receivers get the correct messages. We note that requiring HBC for correctness is unavoidable, as a malicious router can, for example, not forward any message (like in PIR and other related primitives). In terms of Security (privacy of the senders-receivers permutation): so long as the one-time Setup is performed properly, then security of our protocol will hold in the Malicious adversary setting.
 
2
Router computation is not explicitly measured in the protocol of [SW21], our analysis of their protocol yields \(O(N^2)\) computation load on the router: their Multi-Client Functional Encryption (MCFE) protocol is invoked N times by the router, with each invocation processing N ciphertexts.
 
3
The sender keys \(\{pk_i\}\) are associated with the receiver keys \(\{sk_i\}\) via the permutation \(\sigma \); namely, secret key \(sk_{\sigma (i)}\) can decrypt messages encrypted under \(pk_i\).
 
4
Trusted setup is required for establishing public/secret key pairs for encryption and for instantiating ideal functionality \(\varPi _{ORG}(G,\widehat{c},r,l,\varPi _{1{-}PIR})\).
 
5
A colored butterfly network can be viewed as c disjoint butterfly networks overlaid on top of one another. Alternatively, we can view a colored butterfly network as a single (connected) graph by adding an extra input level (with level index \(-1\)) on the far left, consisting of N input nodes. Then there are c edges emanating from each input node, connecting it to each of the c colored nodes in level 0 of the corresponding row.
 
6
In the special case of the (1+\(b)^{th}\) block, the first \(\log N\) levels of this block are a reflected butterfly network, and the last level of the block is the final “output” level of the entire network.
 
7
Notice \(a_\lambda = 2\) if \(\lambda \le N/2\).
 
8
Notice that if \(\mu _i = \mu _{i'}\), then \(\varPi '_{i,i',j}\) is identical to \(\varPi \) (for all paths \(\{\mathcal {P}_i\}\)) on all blocks through j (including block j).
 
9
Swapping paths is only necessary for the sake of making sure the paths link up/connect between blocks (since output node \(\mu _i\) and \(\mu _{i'}\) were swapped in block j). However, as was noted in the Aside note following Definition 20, the details of what \(\varPi '_{i,i',j}\) does beyond block j will be irrelevant for the context of Lemmas 22 and 25.
 
10
Notice that these parameter values all match those in the hypothesis of Corollary 19.
 
11
This information is also available indirectly from what \(\mathcal {C}\) gives to \(\mathcal {A}\) in Step 5 a below.
 
Literatur
[AKS83]
Ajtai, M., Komlós, J., Szemerédi, E.: An o(n log n) sorting network. In: Proceedings of the 15th Annual ACM Symposium on Theory of Computing, 25–27 April 1983, pp. 1–9. ACM (1983)
[CGH+21]
[CGKS95]
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. In: 36th Annual Symposium on Foundations of Computer Science, Milwaukee, Wisconsin, USA, 23–25 October 1995, pp. 41–50. IEEE Computer Society (1995)
[COS10]
[DGI+19]
[FSSV22]
Fernando, R., Shi, E., Soni, P., Vanjani, N.: Non-interactive anonymous router with quasi-linear router computation. IACR Cryptology ePrint Archive, Paper 1395 (2022)
[GHO20]
[HOWW19]
[IKOS04]
Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Batch codes and their applications. In: Proceedings of the 36th Annual ACM Symposium on Theory of Computing, pp. 262–271. ACM (2004)
[IP07]
[KO97]
Kushilevitz, E., Ostrovsky, R.: Replication is NOT needed: SINGLE database, computationally-private information retrieval. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, 19–22 October 1997, pp. 364–373. IEEE Computer Society (1997)
[Lei84]
Leighton, F.T.: Tight bounds on the complexity of parallel sorting. In: Proceedings of the 16th Annual ACM Symposium on Theory of Computing, pp. 71–80. ACM (1984)
[LMW22]
Lin, W.-K., Mook, E., Wichs, D.: Doubly efficient private information retrieval and fully homomorphic RAM computation from ring LWE. IACR Cryptology ePrint Archive, Paper 1703 (2022)
[MS92]
Maggs, B.M., Sitaraman, R.K.: Simple algorithms for routing on butterfly networks with bounded queues (ext. abstract). In: 24th Annual ACM Symposium on Theory of Computing, pp. 150–161. ACM (1992)
[OS07]
[SW21]
[Upf89]
Upfal, E.: An o(log N) deterministic packet routing scheme (preliminary version). In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 241–250. ACM (1989)
Metadaten
Titel
Anonymous Permutation Routing
verfasst von
Paul Bunn
Eyal Kushilevitz
Rafail Ostrovsky
Copyright-Jahr
2023
Buch
Theory of Cryptography

Print ISBN: 978-3-031-48620-3

Electronic ISBN: 978-3-031-48621-0

Copyright-Jahr: 2023

DOI
https://doi.org/10.1007/978-3-031-48621-0_2

Premium Partner

    Bildnachweise