Access Control Encryption Enforcing Information Flow with Cryptography

Σχετικά έγγραφα
Electronic Analysis of CMOS Logic Gates

EE434 ASIC & Digital Systems Arithmetic Circuits

What happens when two or more waves overlap in a certain region of space at the same time?

Takeaki Yamazaki (Toyo Univ.) 山崎丈明 ( 東洋大学 ) Oct. 24, RIMS

Συστήματα Αυτομάτου Ελέγχου Ι

Ordinal Arithmetic: Addition, Multiplication, Exponentiation and Limit

ΓΡΑΜΜΙΚΑ ΜΟΝΤΕΛΑ ΚΑΙ ΣΧΕΔΙΑΣΜΟΙ ΕΡΓΑΣΤΗΡΙΑΚΗ ΑΣΚΗΣΗ I

k A = [k, k]( )[a 1, a 2 ] = [ka 1,ka 2 ] 4For the division of two intervals of confidence in R +

ΕΛΛΗΝΙΚΟ ΑΝΟΙΚΤΟ ΠΑΝΕΠΙΣΤΗΜΙΟ ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ & ΤΕΧΝΟΛΟΓΙΑΣ. ΠΡΟΓΡΑΜΜΑ ΣΠΟΥΔΩΝ ΠΕΡΙΒΑΛΛΟΝΤΙΚΟΣ ΣΧΕΔΙΑΣΜΟΣ ΕΡΓΩΝ ΥΠΟΔΟΜΗΣ (MSc)

The challenges of non-stable predicates

2 Composition. Invertible Mappings

CCA. Simple CCA-Secure Public Key Encryption from Any Non-Malleable ID-based Encryption

A. Two Planes Waves, Same Frequency Visible light

Προσομoίωση Απόκρισης Συστήματος στο MATLAB

Meta-Learning and Universality

EE512: Error Control Coding

Μαθηματικοί Διαγωνισμοί για Μαθητές Λυκείου Α ΤΕΥΧΟΣ ΑΛΓΕΒΡΑ

ΜΑΘΗΜΑΤΙΚΗ ΠΡΟΤΥΠΟΠΟΙΗΣΗ

Block Ciphers Modes. Ramki Thurimella

Affine Weyl Groups. Gabriele Nebe. Summerschool GRK 1632, September Lehrstuhl D für Mathematik

Abstract Storage Devices

Συστήματα Αυτομάτου Ελέγχου Ι

Other Test Constructions: Likelihood Ratio & Bayes Tests

Συστήματα Αυτομάτου Ελέγχου Ι

Matrices and Determinants

Finite Field Problems: Solutions

Approximation of distance between locations on earth given by latitude and longitude

Areas and Lengths in Polar Coordinates

PETROSKILLS COPYRIGHT

Overview. Transition Semantics. Configurations and the transition relation. Executions and computation

ST5224: Advanced Statistical Theory II

Απόκριση σε Μοναδιαία Ωστική Δύναμη (Unit Impulse) Απόκριση σε Δυνάμεις Αυθαίρετα Μεταβαλλόμενες με το Χρόνο. Απόστολος Σ.

Answers - Worksheet A ALGEBRA PMT. 1 a = 7 b = 11 c = 1 3. e = 0.1 f = 0.3 g = 2 h = 10 i = 3 j = d = k = 3 1. = 1 or 0.5 l =

Example Sheet 3 Solutions

F19MC2 Solutions 9 Complex Analysis

Απόκριση σε Αρμονική Διέγερση

ΕΥΦΥΗΣ ΕΛΕΓΧΟΣ. Ενότητα #13: Εξαγωγή Γνώσης από Δεδομένα. Αναστάσιος Ντούνης Τμήμα Μηχανικών Αυτοματισμού Τ.Ε.

Chap. 6 Pushdown Automata

Homework 8 Model Solution Section

Phys460.nb Solution for the t-dependent Schrodinger s equation How did we find the solution? (not required)

PARTIAL NOTES for 6.1 Trigonometric Identities

Fourier Series. MATH 211, Calculus II. J. Robert Buchanan. Spring Department of Mathematics

Practice Exam 2. Conceptual Questions. 1. State a Basic identity and then verify it. (a) Identity: Solution: One identity is csc(θ) = 1

Problem Set 3: Solutions

w o = R 1 p. (1) R = p =. = 1

Statistical Inference I Locally most powerful tests

Commutative Monoids in Intuitionistic Fuzzy Sets

Risk! " #$%&'() *!'+,'''## -. / # $

Εργαστήριο Ηλεκτρoακουστικής Άσκηση 2 - Σελίδα 1 ΗΛΕΚΤΡΟΑΚΟΥΣΤΙΚΗ ΑΣΚΗΣΗ 2

PETROSKILLS COPYRIGHT

Jesse Maassen and Mark Lundstrom Purdue University November 25, 2013

Nowhere-zero flows Let be a digraph, Abelian group. A Γ-circulation in is a mapping : such that, where, and : tail in X, head in

Solutions to Exercise Sheet 5

Congruence Classes of Invertible Matrices of Order 3 over F 2

ΟΜΟΣΠΟΝΔΙΑ ΕΚΠΑΙΔΕΥΤΙΚΩΝ ΦΡΟΝΤΙΣΤΩΝ ΕΛΛΑΔΟΣ (Ο.Ε.Φ.Ε.) ΕΠΑΝΑΛΗΠΤΙΚΑ ΘΕΜΑΤΑ ΕΠΑΝΑΛΗΠΤΙΚΑ ΘΕΜΑΤΑ 2019 Β ΦΑΣΗ

Models for Probabilistic Programs with an Adversary

Fractional Colorings and Zykov Products of graphs

Section 8.3 Trigonometric Equations

Areas and Lengths in Polar Coordinates

Math221: HW# 1 solutions

ΚΥΠΡΙΑΚΗ ΕΤΑΙΡΕΙΑ ΠΛΗΡΟΦΟΡΙΚΗΣ CYPRUS COMPUTER SOCIETY ΠΑΓΚΥΠΡΙΟΣ ΜΑΘΗΤΙΚΟΣ ΔΙΑΓΩΝΙΣΜΟΣ ΠΛΗΡΟΦΟΡΙΚΗΣ 24/3/2007

Μοντελοποίηση Μηχανικών - Ηλεκτρικών - Υδραυλικών Θερμικών Συστημάτων

Associate. Prof. M. Krokida School of Chemical Engineering National Technical University of Athens. ΑΠΟΡΡΟΦΗΣΗ ΑΕΡΙΩΝ Gas Absorption

HOMEWORK 4 = G. In order to plot the stress versus the stretch we define a normalized stretch:

C.S. 430 Assignment 6, Sample Solutions

Lecture 2. Soundness and completeness of propositional logic

4.6 Autoregressive Moving Average Model ARMA(1,1)

Από τις (1) και (2) έχουμε:

Section 7.6 Double and Half Angle Formulas

Τρίτο πακέτο ασκήσεων

Elements of Information Theory

The Simply Typed Lambda Calculus

Development of a Digital Offset Laser Lock

PETROSKILLS COPYRIGHT

Tridiagonal matrices. Gérard MEURANT. October, 2008

Main source: "Discrete-time systems and computer control" by Α. ΣΚΟΔΡΑΣ ΨΗΦΙΑΚΟΣ ΕΛΕΓΧΟΣ ΔΙΑΛΕΞΗ 4 ΔΙΑΦΑΝΕΙΑ 1

Λύση Παραδείγματος 1. Διάγραμμα ροής διεργασίας. Εκρόφηση χλωριούχου βινυλίου από νερό στους 25 C και 850 mmhg. Είσοδος υγρού.

Galatia SIL Keyboard Information

Λύσεις. ΘΕΜΑ Α A1. Απόδειξη σελ. 144 Α2. Α. ii. B. iv A3. Ορισμός σελ. 162 Α4. i. Λ ii. Σ iii. Λ iv. Σ v. Σ ΘΕΜΑ Β Β1. Διακρίνουμε τις περιπτώσεις:

ΚΥΠΡΙΑΚΗ ΕΤΑΙΡΕΙΑ ΠΛΗΡΟΦΟΡΙΚΗΣ CYPRUS COMPUTER SOCIETY ΠΑΓΚΥΠΡΙΟΣ ΜΑΘΗΤΙΚΟΣ ΔΙΑΓΩΝΙΣΜΟΣ ΠΛΗΡΟΦΟΡΙΚΗΣ 6/5/2006

TMA4115 Matematikk 3

Μελέτη συστήματος συμβολομετρικής ραδιομετρίας με δυνατότητα εστίασης σε άπειρη και πεπερασμένη απόσταση

Διακριτή Μοντελοποίηση Μηχανικών Συστημάτων

Φυσική IΙ. Ενότητα 12: To φως. Κουζούδης Δημήτρης Πολυτεχνική Σχολή Τμήμα Χημικών Μηχανικών

ΕΙΣΑΓΩΓΗ ΣΤΗ ΣΤΑΤΙΣΤΙΚΗ ΑΝΑΛΥΣΗ

Φυσική Ι. Ενότητα 10: Σύνθετη κίνηση. Κουζούδης Δημήτρης Πολυτεχνική Σχολή Τμήμα Χημικών Μηχανικών

Theoretical Question 2: Strong Resistive Electromagnets SOLUTION

CYTA Cloud Server Set Up Instructions

ΚΥΠΡΙΑΚΗ ΕΤΑΙΡΕΙΑ ΠΛΗΡΟΦΟΡΙΚΗΣ CYPRUS COMPUTER SOCIETY ΠΑΓΚΥΠΡΙΟΣ ΜΑΘΗΤΙΚΟΣ ΔΙΑΓΩΝΙΣΜΟΣ ΠΛΗΡΟΦΟΡΙΚΗΣ 19/5/2007

ΕΠΑΝΑΛΗΠΤΙΚΟ ΔΙΑΓΩΝΙΣΜΑ ΜΑΘΗΜΑΤΙΚΩΝ ΓΕΝΙΚΗΣ ΠΑΙΔΕΙΑΣ Γ ΛΥΕΙΟΥ

Distances in Sierpiński Triangle Graphs

Φυσική IΙ. Ενότητα 7: Ηλεκτρικό ρεύμα Νόμος του Ohm. Κουζούδης Δημήτρης Πολυτεχνική Σχολή Τμήμα Χημικών Μηχανικών

ΕΛΛΗΝΙΚΗ ΔΗΜΟΚΡΑΤΙΑ Ανώτατο Εκπαιδευτικό Ίδρυμα Πειραιά Τεχνολογικού Τομέα ΕΥΦΥΗΣ ΕΛΕΓΧΟΣ. Ενότητα #7: Σύστημα Ασαφούς Λογικής Μαθηματικές Εκφράσεις

A summation formula ramified with hypergeometric function and involving recurrence relation

Exercises 10. Find a fundamental matrix of the given system of equations. Also find the fundamental matrix Φ(t) satisfying Φ(0) = I. 1.

3.4 SUM AND DIFFERENCE FORMULAS. NOTE: cos(α+β) cos α + cos β cos(α-β) cos α -cos β

Section 9.2 Polar Equations and Graphs

Πρόβλημα 1: Αναζήτηση Ελάχιστης/Μέγιστης Τιμής

SCITECH Volume 13, Issue 2 RESEARCH ORGANISATION Published online: March 29, 2018

Η ΠΡΟΣΩΠΙΚΗ ΟΡΙΟΘΕΤΗΣΗ ΤΟΥ ΧΩΡΟΥ Η ΠΕΡΙΠΤΩΣΗ ΤΩΝ CHAT ROOMS

Transcript:

Access Control Encryption Enforcing Information Flow with Cryptography Ivan Damgård, Helene Haagh, and Claudio Orlandi http://eprint.iacr.org/2016/106

Outline Access Control Encryption Motivation Definition Polylog ACE from io Sanitizable Functional Encryption ACE construction from sanfe Security 2

Motivation S3 e3 R3 d3 S2 e 2 c San rk c R2 d2 S1 e1 R1 d1 3

Access Control Encryption Senders: Receivers: SS 1, SS 2,, SS nn RR 1, RR 2,, RR nn Predicate PP: nn nn 0,1 PP xx, yy = 1 : flow from SS xx to RR yy is allowed PP 0, yy = PP xx, 0 = 0 for all xx, yy PP XX, YY = 0 iff PP xx, yy = 0 for all xx XX, yy YY Sanitizer: Special party that routes trafic from senders to receivers Should learn as little as possible Assumed to be honest-but-curious San 4

Access Control Encryption SSSSSSSSSS PP (mmmmmm, pppp) GGGGGG GGGGGG mmmmmm, SSSSSS, xx eeee xx S3 e 3 R3 d 3 GGGGGG mmmmmm, RRRRRR, yy ddkk yy GGGGGG mmmmmm, SSSSSS rrrr S2 c San c R2 EEEEEE eeee xx, mm cc SSSSSS rrrr, cc ccc S1 e 2 e 1 rk R1 d 2 d 1 DDDDDD dddd yy, cc = mm iiii PP xx, yy = 1 5

Outline Access Control Encryption Motivation Definition Polylog ACE from io Sanitizable Functional Encryption ACE construction from sanfe Security 6

Sanitizable Functional Encryption SSSSSSSSSS 1 κ (mmmmmm, pppp) GGGGGG mmmmmm, ff SSSS ff EEEEEE pppp, mm cc SSSSSS pppp, cc ccc DDDDDD SSSS ff, cc = ff(mm) EEEEEE pppp, mm SSSSSS pppp, cc R2 SSSSff ff(mm) S pppp pppp R1 gg(mm) San SSSS gg 7

Sanitizable FE based on GGHRSW13 SSSSSSSSSS: pppp = pppp 1 PPPPPP, pppp 2 PPPPPP, mmmmmm = sskk 1 PPPPPP, sskk 2 PPPPPP GGGGGG mmmmmm, ff : SSSS ff = iiii FF EEEEEE pppp, mm : cc 1 PPPPPP. EEEEEE pppp PPPPPP 1, mm, cc 2 PPPPPP. EEEEEE pppp PPPPPP 2, mm π EE : proof that cc 1 and cc 2 encrypt the same message Output cc = cc 1, cc 2, π EE SSSSSS pppp, cc : If VVVVVVVVVVVV cc 1, cc 2, π EE = 1 cc 1 PPPPPP. SSSSSS pppp PPPPPP 1, cc 1, ccc 2 PPPPPP. SSSSSS pppp PPPPPP 2, cc 2 π SS : proof of proof Output ccc = ccc 1, ccc 2, π SS Correctness follows from the correctness of the io, PKE and SSS-NIZK schemes. DDDDDD SSSS ff, cc : Run the obfuscated program SSSS ff (cc ) Program F If VVVVVVVVVVVV cc 1, cc 2, π SS = 1 ff PPPPPP. DDDDDD sskk 1 PPPPPP, cc 1 8

Indistinguishability Security EEEEEE pppp, mm 0 EEEEEE pppp, mm 1 when given SSSS ff s.t ff mm 0 = ff(mm 1 ) Theorem. The sanfe construction is IND-CPA secure The proof follows closely the proof of the FE scheme presented by GGHRSW13 with a minor change. cc = cc 1, cc 2, π EE, SSSS ff = iiii FF ssss 1 Simulate the proof Change the message in the PKE encryption cc 2 Change SSSS ff to use the PKE secret key ssss 2 Change the message in the other PKE encryption Change SSSS ff to use the PKE secret key ssss 1 Create the proof honestly 9

Sanitation Property SSSSSS pppp, cc SSSSSS pppp, EEEEEE pppp, DDDDDD mmmmmm, cc where cc AA(pppp, mmmmmm) Theorem. The sanfe construction fulfils the sanitation property Proof Ideas. cc = cc 1, cc 2, ππ SS SSSSSS(pppp, cc) Need to be able to simlutate ππ SS Thus, need to know the adversarial chosen ciphertext cc when creating the system parameters Complexity leveraging Guess the message mm MM that cc encrypts Upon receiving cc from the adversary, check that DDDDDD mmmmmm, cc = mm, if not then abort. 10

Proof SSSSSS pppp, cc SSSSSS pppp, EEEEEE pppp, DDDDDD mmmmmm, cc Hybrid 0: pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc mm RR MM pppp, mmmmmm SSSSSSSSSS 1 κ Check DDDDDD mmmmmm, cc = mm cc SSSSSS(pppp, cc) Hybrid 1: = pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc Follows directly from the PKE sanitation property: rr, ss, rr sss s.t SSSSSS pppp, EEEEEE pppp, mm; rr ; ss = SSSSSS pppp, EEEEEE pppp, mm; rr ; ss mm RR MM pppp, mmmmmm SSSSSSSSSS 1 κ Check DDDDDD mmmmmm, cc = mm ccc ii = PPPPPP. EEEEEE(pppp ii, mm ) cc SSSSSS(pppp, (cc 1, cc 2, ππ EE )) 11

Proof SSSSSS pppp, cc SSSSSS pppp, EEEEEE pppp, DDDDDD mmmmmm, cc Hybrid 1: pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc mm RR MM pppp, mmmmmm SSSSSSSSSS 1 κ Check DDDDDD mmmmmm, cc = mm ccc ii = PPPPPP. EEEEEE(pppp ii, mm ) cc SSSSSS(pppp, (cc 1, cc 2, ππ EE )) Hybrid 2: pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc Computational Zero-Knowledge property of the Statistical Simulation-Sound NIZK mm RR MM cc ii = PPPPPP. SSSSSS pppp ii, PPPPPP. EEEEEE pppp ii, mm pppp, mmmmmm, ππ SS SSSSSSSSSSSSSSSS cc = (cc 1, cc 2, ππ SS ) Check DDDDDD mmmmmm, cc = mm 12

Proof SSSSSS pppp, cc SSSSSS pppp, EEEEEE pppp, DDDDDD mmmmmm, cc Hybrid 2: pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc mm RR MM cc ii = PPPPPP. SSSSSS pppp ii, PPPPPP. EEEEEE pppp ii, mm pppp, mmmmmm, ππ SS SSSSSSSSSSSSSSSS cc = (cc 1, cc 2, ππ SS ) Check DDDDDD mmmmmm, cc = mm Hybrid 3: pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc Computational Zero-Knowledge property of the Statistical Simulation-Sound NIZK mm RR MM pppp, mmmmmm SSSSSSSSSS 1 κ cc SSSSSS pppp, EEEEEE pppp, mm Check DDDDDD mmmmmm, cc = mm 13

Proof SSSSSS pppp, cc SSSSSS pppp, EEEEEE pppp, DDDDDD mmmmmm, cc Hybrid 3: Hybrid 4: pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc = pppp, mmmmmm cc = (cc 1, cc 2, ππ EE ) cc mm RR MM pppp, mmmmmm SSSSSSSSSS 1 κ cc = SSSSSS pppp, EEEEEE pppp, mm Check DDDDDD mmmmmm, cc = mm mm RR MM pppp, mmmmmm SSSSSSSSSS 1 κ Check DDDDDD mmmmmm, cc = mm cc = SSSSSS pppp, EEEEEE pppp, DDDDDD(mmmmmm, cc) 14

ACE from sanfe SSSSSSSSSS: pppp = pppp FFFF, mmmmmm = mmmmmm FFEE, KK GGGGGG: eeee ii FF KK ii Function: ff jj (mm, ii, tt) If P i, j = 1: output mm dddd jj FFFF. GGGGGG ff jj rrrr FFFF. GGGGGG(ff rrrr ) EEEEEE eeee ii, mm : cc FFFF. EEEEEE pppp FFFF, mm, ii, FF eeeeii mm SSSSSS rrrr, cc : cc FFFF. SSSSSS pppp FFFF, cc If FFFF. DDDDDD rrrr, cc = 1 output ccc Else output SSSSSS(rrrr, EEEEEE eeee 0, ) DDDDDD dddd jj, cc : mm FFFF. DDDDDD(dddd jj, cc ) Function: ff rrrr (mm, ii, tt) eeee ii FF KK (ii) If t = FF eeeeii mm : output 1 Else output 0 Correctness follows directly from the correctness of sanfe 15

No-Read Rule pppp xx eeee xx yy ddkk yy SSSSSS rrrr xx 0, mm 0, xx 1, mm 1 Chall cc EEEEEE eeee xxbb, mm bb Win if bb = and is not allowed to decrypt or is allowed and mm 0 = mm 1 (payload privacy) (anonymity) 16

No-Read Rule B pppp sanfe IND-CPA game pppp xx eeee xx eeee xx = FF KK (xx) ACE No-Read yy SSSSSS ddkk yy rrrr xx 0, mm 0, xx 1, mm 1 ff SSSS ff mmm 0 = mm 0, xx 0, FF eeeexxx mm 0 Chall mmm 1 = mm 1, xx 1, FF eeeexx1 mm 1 cc cc = FFFF. EEEEEE pppp, mm bb 17

No-Write Rule pppp xx eeee xx yy ddkk yy xx, cc SSSSSS(rrrr, cc )/SSSSSS(EEEEEE eeee xx, rr ) Chall Win if bb = bb and xx XX, and PP XX, YY = 0 18

No-Write Rule SSSSSS(rrrr, cc ) SSSSSS EEEEEE eeee xx, rr xx, cc AA XX,YY (pppp) xx XX, and PP XX, YY = 0 FFFF. SSSSSS cc mm, xx, tt DDDDDD mmmmmm, cc EEEEEE eeee xx, mm = FFFF. EEEEEE mm, xx, tt SSSSSS rrrr, cc = FFFF. SSSSSS cc if valid MAC sanfe sanitizable FFFF. SSSSSS EEEEEE mm, xx, tt sanfe IND-CPA FFFF. SSSSSS EEEEEE rr, xx, ttt MAC valid xx XX XX 19 MAC invalid MAC invalid FFFF. SSSSSS EEEEEE FFFF. SSSSSS EEEEEE MAC valid PRF security FFFF. SSSSSS EEEEEE FFFF. SSSSSS EEEEEE rr, xx, ttt Function: ff jj (mm, ii, tt) If P i, j = 1: output mm

2024 © DocPlayer.gr Πολιτική Απορρήτου | Όροι Χρήσης | Σχόλια