1 / 28

Incremental Deterministic Public-Key Encryption

Ilya Mironov, Omkant Pandey, Omer Reingold, Gil Segev Microsoft Research. Incremental Deterministic Public-Key Encryption. Incremental Deterministic Public-Key Encryption. Deterministic Public-Key Encryption. -source adversary. min-entropy. min-entropy.

jatin
Download Presentation

Incremental Deterministic Public-Key Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ilya Mironov, Omkant Pandey, Omer Reingold, Gil Segev Microsoft Research Incremental Deterministic Public-Key Encryption

  2. Incremental Deterministic Public-Key Encryption

  3. Deterministic Public-Key Encryption

  4. -source adversary min-entropy min-entropy min-entropy : Probability of any output

  5. Deterministic Public-Key Encryption: PRIV1-IND Epk[ ] Epk[ ] min-entropy min-entropy and are independent of PK [Bellare, Boldyreva, O’Neill CRYPTO’07]

  6. Is It Secure? • search • de-duplication • deterministic KEM Secure Deterministic Encryption Computational assumptions Min-entropy of the source • Long, unpredictable plaintext: • digital photograph • MS Word document • entire database • full disk

  7. security Length of the plaintext efficiency

  8. Incrementality degree • Incrementality with access to plaintext: setting bit • Incrementality without access to plaintext: flipping bit

  9. Incremental Deterministic Public-Key Encryption

  10. Our results • Lower bound: • Two schemes • Generic Solution • DDH-based solution tight up to polylog factors incrementality Deterministic Encryption Incremental Deterministic Encryption min-entropy

  11. Naïve Generic Solution min-entropy ? … E E E E: deterministic encryption scheme

  12. Sample-then-extract min-entropy similar min-entropy rate [Nisan,Zuckerman’96] [Vadhan’04]

  13. Generic Solution min-entropy Partition input into random subsets PRIV-IND  PRIV1-IND with Incrementality

  14. Standard Model DDH  PRIV1-IND with Incrementality

  15. LossyTrapdoor Functions Injective mode: w/ trapdoor Lossy mode: [Peikert, Waters STOC’08]

  16. Smooth Trapdoor Functions Injective mode: w/ trapdoor Smooth mode: statisticallyclose min-entropy

  17. Smooth Trapdoor Functions  PRIV1-IND Security min-entropy min-entropy injective mode: smooth mode:

  18. Construction of PRIV1-IND Lossy Trapdoor Function Pairwise-independent permutation Smooth Trapdoor Function Deterministic Public-Key Encryption [Boldyreva, Fehr, O’Neill CRYPTO’08]

  19. Construction of PRIV1-IND Lossy Trapdoor Function Pairwise-independent permutation Smooth Trapdoor Function Incremental Deterministic Public-Key Encryption [Boldyreva, Fehr, O’Neill CRYPTO’08]

  20. Construction of Lossy TDF - group of order generated by • Sample • Outputand Key generation • Given output Encryption • Given compute • Output Decryption [Freeman, Goldreich, Kiltz, Rosen, Segev PKC’10] [Brakerski, Segev CRYPTO’11]

  21. Security Argument: Lossy TDF rank rank 1 — injective — bits

  22. Towards Incremental Smooth TDF rank sparse rank ℓ sparse — injective if has min-entropy , statistically close to the uniform over its range

  23. Towards Incremental Smooth TDF  Sample-then-extract + Leftover Hash Lemma

  24. Towards Incremental Smooth TDF

  25. Towards Incremental Smooth TDF

  26. Smooth vs Injective Mode rank full rank

  27. Incrementality

  28. Open Problems Incremental Deterministic Encryption: • Stronger security: PRIV-IND (multiple messages) • Length-preserving in the standard model Deterministic Encryption: • Relaxing the definition to allow dependency on the public key

More Related