Spooky Encryption and Its Applications

Dodis, Yevgeniy; Halevi, Shai; Rothblum, Ron D.; Wichs, Daniel

doi:10.1007/978-3-662-53015-3_4

Cited by 89 publications

(72 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In PKC 2017, Canetti et al (2017) constructed a multikey IBFHE scheme from statistical trapdoor encryption, PIO, and puncturable PRF. Their key ideas are borrowed from works of Canetti et al (2015) and Dodis et al (2016). Firstly, they constructed a tag-puncturable additively homomorphic encryption scheme.…”

Section: Review Of Pio Based Multi-key Ibfhe Proposed By Canetti Et Amentioning

confidence: 99%

“…Firstly, they constructed a tag-puncturable additively homomorphic encryption scheme. For homomorphic computations, they use the method in (Dodis et al 2016). Concretely, assume C is an algebraic circuit with n input, they first split every ciphertext into n ciphertexts corresponding to n identities.…”

Section: Review Of Pio Based Multi-key Ibfhe Proposed By Canetti Et Amentioning

confidence: 99%

See 1 more Smart Citation

CCA1 secure FHE from PIO, revisited

Wang

Xue

2018

Cybersecur

View full text Add to dashboard Cite

Fully homomorphic encryption (FHE) is a powerful cryptographic primitive that allows anyone to compute on encrypted data using only public information. So far, most FHE schemes are CPA secure. In PKC 2017, Canetti et al. extended the generic transformation of Boneh, Canetti, Halevi and Katz to turn any multi-key identity-based FHE scheme into a CCA1-secure FHE scheme. Their main construction of multi-key identity-based FHE is from probabilistic indistinguishability obfuscation (PIO) and statistical trapdoor encryption. We show that the above multi-key identity-based FHE is not secure by giving an attack. Then we give a solution to avoid the attack and redesign a more succinct and efficient multi-key identity-based FHE scheme. Compared with the scheme of Canetti et al., ours has smaller secret key of one identity and more efficient homomorphic operations. Thus we obtain a more efficient CCA1 secure FHE scheme.

show abstract

Section: Review Of Pio Based Multi-key Ibfhe Proposed By Canetti Et Amentioning

confidence: 99%

Section: Review Of Pio Based Multi-key Ibfhe Proposed By Canetti Et Amentioning

confidence: 99%

CCA1 secure FHE from PIO, revisited

Wang

Xue

2018

Cybersecur

View full text Add to dashboard Cite

show abstract

“…The “holy grail” in this thread has been two-round protocols, as single-round MPC for a large set of functions cannot be achieved [ 43 ]. The first solutions to this problem were based on strong cryptographic assumptions (FHE [ 5 , 59 ], iO [ 34 ], witness encryption [ 42 ], and spooky encryption [ 26 ]), whereas more recent results showed how to build two-round MPC resilient to any number of active corruptions from standard assumptions, such as two-round oblivious transfer (OT) [ 9 , 10 , 33 ] or OT-correlation setup and one-way functions (OWF) [ 35 ] (we discuss the state of the art in Sect. 1.1 ).…”

Section: Introductionmentioning

confidence: 99%

“…Two-round MPC protocols in the malicious setting were first explored in [ 37 , 38 ], while recent years have witnessed exciting developments in two-round MPC [ 1 – 5 , 9 – 11 , 15 , 25 , 26 , 31 – 36 , 42 , 49 , 51 , 59 , 60 , 64 ]. The current state of the art can be summarized as follows: Garg and Srinivasan [ 33 ] and Benhamouda and Lin [ 9 ] showed how to balance between the optimal round complexity and minimal cryptographic assumptions for MPC in the broadcast model, by showing that every function can be computed with unanimous abort using two broadcast rounds, assuming two-round oblivious transfer (OT) and tolerating corruptions.…”

Section: Introductionmentioning

confidence: 99%

Broadcast-Optimal Two-Round MPC

Cohen

Garay

Zikas

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

An intensive effort by the cryptographic community to minimize the round complexity of secure multi-party computation (MPC) has recently led to optimal two-round protocols from minimal assumptions. Most of the proposed solutions, however, make use of a broadcast channel in every round, and it is unclear if the broadcast channel can be replaced by standard point-to-point communication in a round-preserving manner, and if so, at what cost on the resulting security. In this work, we provide a complete characterization of the trade-off between number of broadcast rounds and achievable security level for two-round MPC tolerating arbitrarily many active corruptions. Specifically, we consider all possible combinations of broadcast and point-to-point rounds against the three standard levels of security for maliciously secure MPC protocols, namely, security with identifiable, unanimous, and selective abort. For each of these notions and each combination of broadcast and point-to-point rounds, we provide either a tight feasibility or an infeasibility result of two-round MPC. Our feasibility results hold assuming two-round OT in the CRS model, whereas our impossibility results hold given any correlated randomness.

show abstract

“…On the high end, polynomial-time FSS schemes for arbitrary polynomial time functions are implied by indistinguishability obfuscation [7] and by variants of fully homomorphic encryption [7,14]. In the present work we mainly consider PRG-based FSS schemes, which have far better concrete efficiency and are powerful enough for the applications we describe next.…”

Section: Introductionmentioning

confidence: 99%

Function Secret Sharing

Boyle

Gilboa

Ishai

2016

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

230

View full text Add to dashboard Cite

Function Secret Sharing (FSS), introduced by Boyle et al. (Eurocrypt 2015), provides a way for additively secret-sharing a function from a given function family F. More concretely, an m-party FSS scheme splits a function f : {0, 1} n → G, for some abelian group G, into functions f1, . . . , fm, described by keys k1, . . . , km, such that f = f1 + . . . + fm and every strict subset of the keys hides f . A Distributed Point Function (DPF) is a special case where F is the family of point functions, namely functions f α,β that evaluate to β on the input α and to 0 on all other inputs.FSS schemes are useful for applications that involve privately reading from or writing to distributed databases while minimizing the amount of communication. These include different flavors of private information retrieval (PIR), as well as a recent application of DPF for large-scale anonymous messaging.We improve and extend previous results in several ways:• Simplified FSS constructions. We introduce a tensoring operation for FSS which is used to obtain a conceptually simpler derivation of previous constructions and present our new constructions.• Improved 2-party DPF. We reduce the key size of the PRG-based DPF scheme of Boyle et al. roughly by a factor of 4 and optimize its computational cost. The optimized DPF significantly improves the concrete costs of 2-server PIR and related primitives.• FSS for new function families. We present an efficient PRG-based 2-party FSS scheme for the family of decision trees, leaking only the topology of the tree and the internal node labels. We apply this towards FSS for multi-dimensional intervals. We also present a general technique for extending FSS schemes by increasing the number of parties.• Verifiable FSS. We present efficient protocols for verifying that keys (k * 1 , . . . , k * m ), obtained from a potentially malicious user, are consistent with some f ∈ F.

show abstract

Spooky Encryption and Its Applications

Cited by 89 publications

References 25 publications

CCA1 secure FHE from PIO, revisited

CCA1 secure FHE from PIO, revisited

Broadcast-Optimal Two-Round MPC

Function Secret Sharing

Contact Info

Product

Resources

About