Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Impossibility of VBB Obfuscation with Ideal Constant-Degree Graded Encodings Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

Output-Compressing Randomized Encodings and Applications

verfasst von : Huijia Lin, Rafael Pass, Karn Seth, Sidharth Telang

Erschienen in: Theory of Cryptography

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

We consider randomized encodings (RE) that enable encoding a Turing machine \(\varPi \) and input x into its “randomized encoding” \(\hat{\varPi }(x)\) in sublinear, or even polylogarithmic, time in the running-time of \(\varPi (x)\), independent of its output length. We refer to the former as sublinear RE and the latter as compact RE. For such efficient RE, the standard simulation-based notion of security is impossible, and we thus consider a weaker (distributional) indistinguishability-based notion of security: Roughly speaking, we require indistinguishability of \(\hat{\varPi }_0(x_0)\) and \(\hat{\varPi }_0(x_1)\) as long as \(\varPi _0,x_0\) and \(\varPi _1,x_1\) are sampled from some distributions such that \(\varPi _0(x_0),\mathsf{Time}({\varPi _0}(x_0))\) and \(\varPi _1(x_1),\mathsf{Time}({\varPi _1}(x_1))\) are indistinguishable.
We show the following:
  • Impossibility in the Plain Model: Assuming the existence of subexponentially secure one-way functions, subexponentially-secure sublinear RE does not exists. (If additionally assuming subexponentially-secure \(\mathbf{iO } \) for circuits we can also rule out polynomially-secure sublinear RE.) As a consequence, we rule out also puncturable \(\mathbf{iO } \) for Turing machines (even those without inputs).
  • Feasibility in the CRS model and Applications to iO for circuits: Subexponentially-secure sublinear RE in the CRS model and one-way functions imply \(\mathbf{iO } \) for circuits through a simple construction generalizing GGM’s PRF construction. Additionally, any compact (even with sublinear compactness) functional encryption essentially directly yields a sublinear RE in the CRS model, and as such we get an alternative, modular, and simpler proof of the results of [AJ15, BV15] showing that subexponentially-secure sublinearly compact FE implies iO. We further show other ways of instantiating sublinear RE in the CRS model (and thus also iO): under the subexponential LWE assumption, it suffices to have a subexponentially secure FE schemes with just sublinear ciphertext (as opposed to having sublinear encryption time).
  • Applications to iO for Unbounded-input Turing machines: Subexponentially-secure compact RE for natural restricted classes of distributions over programs and inputs (which are not ruled out by our impossibility result, and for which we can give candidate constructions) imply \(\mathbf{iO } \) for unbounded-input Turing machines. This yields the first construction of \(\mathbf{iO } \) for unbounded-input Turing machines that does not rely on (public-coin) differing-input obfuscation.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Indistinguishability Obfuscation: From Approximate to Exact
Nächstes Kapitel Functional Encryption for Turing Machines
Fußnoten
1
The one-way function assumption can be weakened to assume just that \(\mathsf {NP} \not \subseteq io\mathsf {BPP} \) [KMN+14].
 
2
To see this, consider a hybrid program \(\varPi ^y(x)\) that runs \(\varPi (x)\) if \(x \ne x^*\) and otherwise (i.e., if \(x = x^*\) outputs y). By the \(\mathbf{iO } \) property we have that for every \(\varPi ,\varPi _0,\varPi _1\) in the support of D, \(\mathcal {O} (\varPi ^{\varPi _b(x^*)})\) is indistinguishable from \(\mathcal {O} (\varPi _b)\). Thus, if \(\mathcal {O} (\varPi _0)\), \(\mathcal {O} (\varPi _1)\) are distinguishable, so are \(\mathcal {O} (\varPi ^{\varPi _0(x^*)})\), \(\mathcal {O} (\varPi ^{\varPi _1(x^*)})\), which contradicts indistinguishability of \((\varPi ,\varPi _0(x^*))\) and \((\varPi ,\varPi _1(x^*))\).
 
3
This result was established after hearing that Bitansky and Paneth had ruled out compact RE assuming public-coin differing-input obfuscation for Turing Machines and collision-resistant hashfunctions. We are very grateful to them for informing us of their result.
 
4
To enable this, we require \(\mathbf{iO } \) for bounded-input Turing machines, whereas Theorem 1 only gives us \(\mathbf{iO } \) for circuits. However, by the results of [BGL+15, CHJV14, KLW14] we can go from \(\mathbf{iO } \) for circuits to \(\mathbf{iO } \) for bounded-inputs Turing machines.
 
5
Proving security becomes slightly more problematic since there is no longer a polynomial bound on the depth of the tree (recall that we required \({{\mathrm{poly}}}(2^n)\)-indistinguishable RE to deal with inputs of length n). Thus issue, however, can be dealt with by using larger and larger security parameters for RE that are deeper down in the tree.
 
6
Encoding \(\hat{\varPi }_x\) can be viewed as the combination of the program encoding \(\hat{\varPi }\) and the input encoding \(\hat{x} \) of Definition 13.
 
7
We note that for succinct RE, we first apply the transformation from succinct FE to get succinct RE with 1-bit output, and to encode Turing Machines with multi-bit outputs, we generate one such RE for each output bit.
 
Literatur
[ABG+13]
Ananth, P., Boneh, D., Garg, S., Sahai, A., Zhandry, M.: Differing-inputs obfuscation and applications. IACR Cryptology ePrint Archive 2013:689 (2013)
[ABSV14]
Ananth, P., Brakerski, Z., Segev, G., Vaikuntanathan,V.: The trojan method in functional encryption: From selective to adaptive security. Technical report, generically. Cryptology ePrint Archive, Report 2014/917 (2014)
[AIK04]
Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in nc\(^{\text{0 }}\). In: FOCS, pp. 166–175 (2004)
[AIK06]
Applebaum, B., Ishai, Y., Kushilevitz, E.: Computationally private randomizing polynomials and their applications. Comput. Complex. 15(2), 115–162 (2006)MathSciNetCrossRefMATH
[AJ15]
Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. IACR Cryptology ePrint Archive 2015:173 (2015)
[App11]
Applebaum, B.: Randomly encoding functions: a new cryptographic paradigm. In: Fehr, S. (ed.) ICITS 2011. LNCS, vol. 6673, pp. 25–31. Springer, Heidelberg (2011)CrossRef
[Bar01]
Barak, B.: How to go beyond the black-box simulation barrier. In: FOCS, pp. 106–115 (2001)
[BCP14]
Boyle, E., Chung, K.-M., Pass, R.: On extractability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 52–73. Springer, Heidelberg (2014)CrossRef
[BCPR13]
Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: Indistinguishability obfuscation vs. auxiliary-input extractable functions: One must fall. IACR Cryptology ePrint Archive, 2013:641 (2013)
[BGI+01]
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRef
[BGL+15]
Bitansky, N., Garg, S., Lin, H., Pass, R., Telang, S.: Succinct randomized encodings and their applications. IACR Cryptology ePrint Archive, 2015:356 (2015)
[BKS15]
Brakerski, Z., Komargodski, I., Segev, G.: From single-input to multi-input functional encryption in the private-key setting. IACR Cryptology ePrint Archive, 2015:158 (2015)
[BP15]
Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 401–427. Springer, Heidelberg (2015)CrossRef
[BSW11]
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011)CrossRef
[BV15]
Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. IACR Cryptology ePrint Archive, 2015:163 (2015)
[CHJV14]
Canetti, R., Holmgren, J., Jain, A., Vaikuntanathan, V.: Indistinguishability obfuscation of iterated circuits and RAM programs. IACR Cryptology ePrint Archive, 2014:769 (2014)
[GGH+13]
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Proceedings of FOCS 2013 (2013)
[GGHW13]
Garg, S., Gentry, C., Halevi, S., Wichs, D.: On the implausibility of differing-inputs obfuscation and extractable witness encryption with auxiliary input. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 518–535. Springer, Heidelberg (2014)CrossRef
[GGM86]
[GKP+13a]
Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, June 1–4, 2013, pp. 555–564 (2013)
[GMR89]
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)MathSciNetCrossRefMATH
[GVW13]
Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, June 1–4, 2013, pp. 545–554 (2013)
[IK00]
Ishai, Y., Kushilevitz, E.: Randomizing polynomials: A new representation with applications to round-efficient secure computation. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, 12–14 November 2000, Redondo Beach, California, USA, pp. 294–304 (2000)
[IK02a]
Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Widmayer, P., Triguero, F., Morales, R., Hennessy, M., Eidenbenz, S., Conejo, R. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 244–256. Springer, Heidelberg (2002)CrossRef
[IPS15]
Ishai, Y., Pandey, O., Sahai, A.: Public-coin differing-inputs obfuscation and its applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 668–697. Springer, Heidelberg (2015)CrossRef
[KLW14]
Koppula, V., Lewko, A.B., Waters, B.: Indistinguishability obfuscation for turing machines with unbounded memory. Technical report, Cryptology ePrint Archive, Report 2014/925 (2014). http://​eprint.​iacr.​org
[KMN+14]
Komargodski, I., Moran, T., Naor, M., Pass, R., Rosen, A., Yogev, E.: One-way functions and (im)perfect obfuscation (2014)
[LPST15]
[SW14]
Sahai, A., Waters, B.: How to use indistinguishability obfuscation:Deniable encryption, and more. In: Proceedings of STOC 2014 (2014)
[Yao82]
Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, 3–5 November 1982, pp. 160–164 (1982)
Metadaten
Titel
Output-Compressing Randomized Encodings and Applications
verfasst von
Huijia Lin
Rafael Pass
Karn Seth
Sidharth Telang
Copyright-Jahr
2016
Verlag
Springer Berlin Heidelberg
Buch
Theory of Cryptography

Print ISBN: 978-3-662-49095-2

Electronic ISBN: 978-3-662-49096-9

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-3-662-49096-9_5