extractable functions fiction or reality n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Extractable Functions Fiction or Reality? PowerPoint Presentation
Download Presentation
Extractable Functions Fiction or Reality?

Loading in 2 Seconds...

play fullscreen
1 / 68

Extractable Functions Fiction or Reality? - PowerPoint PPT Presentation


  • 179 Views
  • Uploaded on

Extractable Functions Fiction or Reality?. Nir Bitansky (TAU). Ran Canetti (BU & TAU). Omer Paneth (BU). Alon Rosen (IDC). Knowledge is Elusive (assuming ). Knowing isn’t like knowing. Knowing isn’t like knowing. Knowing how to prove isn’t like knowing.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Extractable Functions Fiction or Reality?


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Extractable FunctionsFiction or Reality? NirBitansky (TAU) Ran Canetti (BU & TAU) Omer Paneth (BU) Alon Rosen (IDC)

    2. Knowledge is Elusive (assuming ) Knowing isn’t like knowing Knowing isn’t like knowing Knowing how to prove isn’t like knowing

    3. ZK Proofs of KnowledgeGoldwasser-Micali-Rackoff, Feige-Shamir, Goldreich-Bellare efficient extractor

    4. Effective Knowledge=what can be efficiently extractedfrom the adversary

    5. Extraction is Essential to Cryptographic Analysis Input Independence in MPC Composition ZK simulation (the trapdoor paradigm)

    6. How is Knowledge Extracted?

    7. The Black-Box Tradition (aka Rewinding) extractor

    8. Black-Box (Turing) Reductions/Simulators reduction/simulator extractor

    9. Using The Adversary’s Code reduction/simulator A extractor

    10. The Black-Box Barrier O(1)-public-coin-ZK Goldreich-Krawczyk 3-ZK Goldreich-Krawczyk SNARGs for NP (Succinct Non-Interactive Arguments) Gentry-Wichs most of crypto as we know it! Black-Box Non-Black-Box

    11. Beyond the Barrier Barak -round public-coin ZK with non-black-box simulation

    12. Post Barak resettably-sound-ZK Barak-Goldreich-Goldwasser-Lindell O(1)-public-coin-ZK Barak simultaneously-resettable-ZK Deng-Goyal-Sahai O(1)-covert-MPC Goyal-Jain (uniform) O(1)-concurrent-ZK Chung-Lin-Pass interaction 3-ZK SNARGs

    13. Knowledge AssumptionsandExtractable Functions

    14. Damgård’sKnowledge of Exponent Assumption

    15. Damgård’sKnowledge of Exponent Assumption

    16. is -sparse

    17. Damgård’sKnowledge of Exponent Assumption efficient extractor

    18. Extractable FunctionsCanetti-Dakdouk

    19. Extractable FunctionsCanetti-Dakdouk CRH COM OWF efficient extractor

    20. Black-Box Extraction is Impossible

    21. Black-Box Extraction is Impossible efficient extractor black-box extractor must invert the one-way

    22. Extractable Functionsin Non-Interactive Applications EOWF KEA Canetti-Dakdouk Damgard 3-ZK B-Canetti-Chiesa- Goldwasser-Lin- Rubinstein-Tromer Hada-Tanaka, Micali-Lepinski*, Bellare-Palacio O(1)-concurrent ZK *assuming concurrent extraction Gupta-Sahai BCCGLRT

    23. Extractable Functionsin Non-Interactive Applications ECRH EOWF KEA Damgard BCCGLRT, Damgard- Faust-Hazay publicly verifiable privately verifiable 3-ZK SNARKs (NP) Groth,Lipmaa, B-Canetti-Chiesa-Tromer, Gennaro-Gentry-Parno- Raykiova, B-Chiesa-Ishai- Ostrovsky-Paneth Mie, DiCrescenzo -Lipmaa* BCCGLRT, DFH O(1)-concurrent ZK *assuming concurrent extraction

    24. Extractable Functionsin Non-Interactive Applications ECRH EOWF KEA publicly verifiable privately verifiable 3-ZK SNARKs (NP) O(1)-concurrent ZK *assuming concurrent extraction delegation succinct keys in functional enc/sig targeted-malleability proof-carrying data

    25. Example: 3-ZK

    26. The Feige-Shamir Protocol witness-hiding proof of knowing witness-indistinguishable proof of knowing

    27. The Feige-Shamir Protocol ``interactively-extractable” witness-indistinguishable proof of knowing

    28. 3-ZK from EOWFsB-Goldwasser-Canetti-Chiesa-Lin-Rubinstein-Tromer ``interactively-extractable” witness-indistinguishable proof of knowing

    29. 3-ZK from EOWFsB-Goldwasser-Canetti-Chiesa-Lin-Rubinstein-Tromer EOWF witness-indistinguishable proof of knowing

    30. Do Extractable Functions Really Exist?What’s Beyond Knowledge Assumptions?Can We Construct Explicit Extractors?

    31. Auxiliary Information

    32. Auxiliary Information efficient extractor

    33. A.I. EOWF witness-indistinguishable proof of knowing

    34. Common Auxiliary Information efficient extractor

    35. Common A.I. EOWFs vs obfuscationHada-Tanaka, Goldreich may be “obfuscated” efficient extractor

    36. Individual Auxiliary Information efficient extractor

    37. Individual Auxiliary Information … … … … … … … …

    38. Is Individual A.I. Enough? can’t fix in advance EOWF witness-indistinguishable proof of knowing

    39. Some Answers

    40. uniform EOWFs with noA.I. EOWFs with commonA.I. explicit efficient extractor efficient extractor open possible impossible indistinguishability obfuscation

    41. EOWFs with bounded A.I. EOWFs with commonA.I. explicit efficient extractor efficient extractor open possible impossible indistinguishability obfuscation

    42. EOWFs with bounded A.I. EOWFs with commonunboundedA.I. explicit efficient extractor efficient extractor open possible impossible indistinguishability obfuscation NIUA for (SNARGs for P, P-certificates Chung-Lin-Pass)

    43. privately-verifiable Generalized EOWFs with bounded A.I. EOWFs with commonunboundedA.I. efficient extractor efficient extractor open possible impossible indistinguishability obfuscation priv’-ver’ SNARGs for P Kalai-Raz-Rothblum: subexp-PIR (e.g., LWE)

    44. privately-verifiable Generalized EOWFs common (unbounded) A.I. privately-verifiable Generalized EOWFs with bounded A.I. efficient extractor efficient extractor open possible impossible indistinguishability obfuscation priv’-ver’ SNARGs for P Kalai-Raz-Rothblum: subexp-PIR (e.g., LWE)

    45. privately-verifiable Generalized EOWFs common (unbounded) A.I. privately-verifiable Generalized EOWFs with bounded A.I. 3-ZK ArgOK 2-ZK Arg bounded A.I. verifiers efficient extractor open possible impossible indistinguishability obfuscation priv’-ver’ SNARGs for P Kalai-Raz-Rothblum: subexp-PIR (e.g., LWE)

    46. EOWFs with (unbounded) individualA.I. efficient extractor efficient extractor efficient extractor open possible impossible

    47. Ideas

    48. Common A.I. Extractionvs.Indistinguishability Obfuscation

    49. The Universal Adversary efficient extractor

    50. The Universal Adversary Kd87x*$S49d6##nasdil&&KmwLPes6Vd#@,lLSfs03K(#talkem,;eHLSOL Kd87x*$S49d6##nasdil&&KmwLPes6Vd#@,lLSfs03K(#talkem,;eHLSOL may be “obfuscated” efficient extractor