Results 1 
4 of
4
Separations in Circular Security for Arbitrary Length Key Cycles
"... While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is ncircular security, where ciphertexts Enc(pk 1, sk2), Enc(pk 2, sk3),..., Enc(pk n, sk1) should be indistinguishable from encr ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is ncircular security, where ciphertexts Enc(pk 1, sk2), Enc(pk 2, sk3),..., Enc(pk n, sk1) should be indistinguishable from encryptions of zero. In this work we prove the following results for ncircular security: • For any n there exists an encryption scheme that is INDCPA secure but not ncircular secure. • There exists a bit encryption scheme that is INDCPA secure, but not 1circular secure. • If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles. Our first two results apply a novel utilization of indistinguishability obfuscation. The last result is generic and applies to any such cryptosystem.
Obfuscationbased Nonblackbox Simulation and Four Message Concurrent Zero Knowledge for NP
, 2013
"... As recent studies show, the notions of program obfuscation and zero knowledge are intimately connected. In this work, we explore this connection further, and prove the following general result. If there exists differing input obfuscation (diO) for the class of all polynomial time Turing machines, th ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
As recent studies show, the notions of program obfuscation and zero knowledge are intimately connected. In this work, we explore this connection further, and prove the following general result. If there exists differing input obfuscation (diO) for the class of all polynomial time Turing machines, then there exists a four message, fully concurrent zeroknowledge proof system for all languages inNP with negligible soundness error. This result is constructive: given diO, our reduction yields an explicit protocol along with an explicit simulator that is “straight line” and runs in strict polynomial time. Our reduction relies on a new nonblackbox simulation technique which does not use the PCP theorem. In addition to assuming diO, our reduction also assumes (standard and polynomial time) cryptographic assumptions such as collisionresistant hash functions. The round complexity of our protocol also sheds new light on the exact round complexity of concurrent zeroknowledge. It shows, for the first time, that in the realm of nonblackbox simulation, concurrent zeroknowledge may not necessarily require more rounds than stand alone zeroknowledge!
Optimizing Obfuscation: Avoiding Barrington’s Theorem
"... In this work, we seek to optimize the efficiency of secure generalpurpose obfuscation schemes. We focus on the problem of optimizing the obfuscation of general Boolean formulas – this corresponds to optimizing the “core obfuscator ” from the work of Garg, Gentry, Halevi, Raykova, Sahai, and Waters ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
In this work, we seek to optimize the efficiency of secure generalpurpose obfuscation schemes. We focus on the problem of optimizing the obfuscation of general Boolean formulas – this corresponds to optimizing the “core obfuscator ” from the work of Garg, Gentry, Halevi, Raykova, Sahai, and Waters (FOCS 2013), and all subsequent works constructing generalpurpose obfuscators. This core obfuscator builds upon approximate multilinear maps, where efficiency in proposed instantiations is closely tied to the maximum number of “levels ” of multilinearity required. The most efficient previous construction of a core obfuscator, due to Barak, Garg, Kalai, Paneth, and Sahai (Eurocrypt 2014), required the maximum number of levels of multilinearity to be Θ(`s3.64), where s is the size of the Boolean formula to be obfuscated, and ` is the number of input bits to the formula. In contrast, our construction only requires the maximum number of levels of multilinearity to be Θ(`s). This results in significant improvements in both the total size of the obfuscation, as well as the running time of evaluating an obfuscated formula. Our efficiency improvement is obtained by generalizing the class of branching programs that
Protecting obfuscation against arithmetic attacks
, 2014
"... Recently, the work of Garg et al. (FOCS 2013) gave the first candidate generalpurpose obfuscator. This construction is built upon multilinear maps, also called a graded encoding scheme. Several subsequent works have shown that variants of this obfuscator achieves the highest notion of security (VB ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Recently, the work of Garg et al. (FOCS 2013) gave the first candidate generalpurpose obfuscator. This construction is built upon multilinear maps, also called a graded encoding scheme. Several subsequent works have shown that variants of this obfuscator achieves the highest notion of security (VBB security) against “purely algebraic ” attacks, namely attacks that respect the restrictions of the graded encoding scheme. While important, the scope of these works is somewhat limited due to the strong restrictions imposed on the adversary. We propose and analyze another variant of the Garg et al. obfuscator in a setting that imposes fewer restrictions on the adversary that we call the arithmetic setting. This setting captures a broader class of algebraic attacks than considered in previous works. Most notably, it allows for unlimited additions across different “levels ” of the encoding. In this setting, we present two results: • First, in the arithmetic setting where the adversary is limited to creating only multilinear polynomials, we obtain an unconditional proof of VBB security. • Second, in the arithmetic setting where the adversary can create polynomials of arbitrary degree, we prove VBB security under an assumption that is closely related to the Bounded Speedup Hypothesis of Brakerski and Rothblum (TCC 2014). We also give evidence that any unconditional proof of VBB security in this model would entail proving the algebraic analog of P 6 = NP.