Dates are inconsistent

Dates are inconsistent

437 results sorted by ID

2024/1876 (PDF) Last updated: 2024-11-17
Unbounded Leakage-Resilient Encryption and Signatures
Alper Çakan, Vipul Goyal
Foundations

Given the devastating security compromises caused by side-channel attacks on existing classical systems, can we store our private data encoded as a quantum state so that they can be kept private in the face of arbitrary side-channel attacks? The unclonable nature of quantum information allows us to build various quantum protection schemes for cryptographic information such as secret keys. Examples of quantum protection notions include copy-protection, secure leasing, and finally,...

2024/1822 (PDF) Last updated: 2024-11-07
Anonymous Public-Key Quantum Money and Quantum Voting
Alper Çakan, Vipul Goyal, Takashi Yamakawa
Foundations

Quantum information allows us to build quantum money schemes, where a bank can issue banknotes in the form of authenticatable quantum states that cannot be cloned or counterfeited: a user in possession of k banknotes cannot produce k +1 banknotes. Similar to paper banknotes, in existing quantum money schemes, a banknote consists of an unclonable quantum state and a classical serial number, signed by bank. Thus, they lack one of the most fundamental properties cryptographers look for in a...

2024/1815 (PDF) Last updated: 2024-11-06
Succinct Randomized Encodings from Non-compact Functional Encryption, Faster and Simpler
Nir Bitansky, Rachit Garg
Foundations

Succinct randomized encodings allow encoding the input $x$ of a time-$t$ uniform computation $M(x)$ in sub-linear time $o(t)$. The resulting encoding $\tilde{x}$ allows recovering the result of the computation $M(x)$, but hides any other information about $x$. Such encodings are known to have powerful applications such as reducing communication in MPC, bootstrapping advanced encryption schemes, and constructing time-lock puzzles. Until not long ago, the only known constructions were...

2024/1812 (PDF) Last updated: 2024-11-05
Batching Adaptively-Sound SNARGs for NP
Lalita Devadas, Brent Waters, David J. Wu
Foundations

A succinct non-interactive argument (SNARG) for NP allows a prover to convince a verifier that an NP statement $x$ is true with a proof whose size is sublinear in the length of the traditional NP witness. Moreover, a SNARG is adaptively sound if the adversary can choose the statement it wants to prove after seeing the scheme parameters. Very recently, Waters and Wu (STOC 2024) showed how to construct adaptively-sound SNARGs for NP in the plain model from falsifiable assumptions...

2024/1786 (PDF) Last updated: 2024-11-01
Black-Box Timed Commitments from Time-Lock Puzzles
Hamza Abusalah, Gennaro Avitabile
Cryptographic protocols

A Timed Commitment (TC) with time parameter $t$ is hiding for time at most $t$, that is, commitments can be force-opened by any third party within time $t$. In addition to various cryptographic assumptions, the security of all known TC schemes relies on the sequentiality assumption of repeated squarings in hidden-order groups. The repeated squaring assumption is therefore a security bottleneck. In this work, we give a black-box construction of TCs from any time-lock puzzle (TLP) by...

2024/1785 (PDF) Last updated: 2024-11-01
A General Quantum Duality for Representations of Groups with Applications to Quantum Money, Lightning, and Fire
John Bostanci, Barak Nehoran, Mark Zhandry
Public-key cryptography

Aaronson, Atia, and Susskind [Aaronson et al., 2020] established that efficiently mapping between quantum states $\ket{\psi}$ and $\ket{\phi}$ is computationally equivalent to distinguishing their superpositions $\frac{1}{\sqrt{2}}(|\psi\rangle + |\phi\rangle)$ and $\frac{1}{\sqrt{2}}(|\psi\rangle - |\phi\rangle)$. We generalize this insight into a broader duality principle in quantum computation, wherein manipulating quantum states in one basis is equivalent to extracting their value in a...

2024/1742 (PDF) Last updated: 2024-10-25
Pseudorandom Obfuscation and Applications
Pedro Branco, Nico Döttling, Abhishek Jain, Giulio Malavolta, Surya Mathialagan, Spencer Peters, Vinod Vaikuntanathan
Foundations

We introduce the notion of pseudorandom obfuscation (PRO), a way to obfuscate (keyed) pseudorandom functions $f_K$ in an average-case sense. We introduce several variants of pseudorandom obfuscation and show constructions and applications. For some of our applications that can be achieved using full-fledged indistinguishability obfuscation (iO), we show constructions using lattice-based assumptions alone; the other applications we enable using PRO are simply not known even assuming iO. We...

2024/1720 (PDF) Last updated: 2024-10-21
Pseudorandom Multi-Input Functional Encryption and Applications
Shweta Agrawal, Simran Kumari, Shota Yamada
Public-key cryptography

We construct the first multi-input functional encryption (MIFE) and indistinguishability obfuscation (iO) schemes for pseudorandom functionalities, where the output of the functionality is pseudorandom for every input seen by the adversary. Our MIFE scheme relies on LWE and evasive LWE (Wee, Eurocrypt 2022 and Tsabary, Crypto 2022) for constant arity functions, and a strengthening of evasive LWE for polynomial arity. Thus, we obtain the first MIFE and iO schemes for a nontrivial...

2024/1683 (PDF) Last updated: 2024-10-16
Unclonable Functional Encryption
Arthur Mehta, Anne Müller
Foundations

In a functional encryption (FE) scheme, a user that holds a ciphertext and a function-key can learn the result of applying the function to the plaintext message. Security requires that the user does not learn anything beyond the function evaluation. On the other hand, unclonable encryption (UE) is a uniquely quantum primitive, which ensures that an adversary cannot duplicate a ciphertext to decrypt the same message multiple times. In this work we introduce unclonable quantum...

2024/1572 (PDF) Last updated: 2024-10-05
Bounded Collusion-Resistant Registered Functional Encryption for Circuits
Yijian Zhang, Jie Chen, Debiao He, Yuqing Zhang
Public-key cryptography

As an emerging primitive, Registered Functional Encryption (RFE) eliminates the key-escrow issue that threatens numerous works for functional encryption, by replacing the trusted authority with a transparent key curator and allowing each user to sample their decryption keys locally. In this work, we present a new black-box approach to construct RFE for all polynomial-sized circuits. It considers adaptive simulation-based security in the bounded collusion model (Gorbunov et al. - CRYPTO'12),...

2024/1564 (PDF) Last updated: 2024-10-04
A Simple Framework for Secure Key Leasing
Fuyuki Kitagawa, Tomoyuki Morimae, Takashi Yamakawa
Public-key cryptography

Secure key leasing (a.k.a. key-revocable cryptography) enables us to lease a cryptographic key as a quantum state in such a way that the key can be later revoked in a verifiable manner. We propose a simple framework for constructing cryptographic primitives with secure key leasing via the certified deletion property of BB84 states. Based on our framework, we obtain the following schemes. - A public key encryption scheme with secure key leasing that has classical revocation based on any...

2024/1524 (PDF) Last updated: 2024-09-27
Lower Bounds on the Overhead of Indistinguishability Obfuscation
Zhenjian Lu, Noam Mazor, Igor C. Oliveira, Rafael Pass
Foundations

We consider indistinguishability obfuscation (iO) for multi-output circuits $C:\{0,1\}^n\to\{0,1\}^n$ of size s, where s is the number of AND/OR/NOT gates in C. Under the worst-case assumption that NP $\nsubseteq$ BPP, we establish that there is no efficient indistinguishability obfuscation scheme that outputs circuits of size $s + o(s/ \log s)$. In other words, to be secure, an efficient iO scheme must incur an $\Omega(s/ \log s)$ additive overhead in the size of the obfuscated circuit. The...

2024/1486 (PDF) Last updated: 2024-09-23
Adaptively Secure Attribute-Based Encryption from Witness Encryption
Brent Waters, Daniel Wichs
Public-key cryptography

Attribute-based encryption (ABE) enables fine-grained control over which ciphertexts various users can decrypt. A master authority can create secret keys $sk_f$ with different functions (circuits) $f$ for different users. Anybody can encrypt a message under some attribute $x$ so that only recipients with a key $sk_f$ for a function such that $f(x)=1$ will be able to decrypt. There are a number of different approaches toward achieving selectively secure ABE, where the adversary has to decide...

2024/1477 (PDF) Last updated: 2024-09-21
Signature-based Witness Encryption with Compact Ciphertext
Gennaro Avitabile, Nico Döttling, Bernardo Magri, Christos Sakkas, Stella Wohnig
Public-key cryptography

Signature-based witness encryption (SWE) is a recently proposed notion that allows to encrypt a message with respect to a tag $T$ and a set of signature verification keys. The resulting ciphertext can only be decrypted by a party who holds at least $k$ different valid signatures w.r.t. $T$ and $k$ different verification keys out of the $n$ keys specified at encryption time. Natural applications of this primitive involve distributed settings (e.g., blockchains), where multiple parties sign...

2024/1417 (PDF) Last updated: 2024-09-11
Distributed Broadcast Encryption from Lattices
Jeffrey Champion, David J. Wu
Public-key cryptography

A broadcast encryption scheme allows a user to encrypt a message to $N$ recipients with a ciphertext whose size scales sublinearly with $N$. While broadcast encryption enables succinct encrypted broadcasts, it also introduces a strong trust assumption and a single point of failure; namely, there is a central authority who generates the decryption keys for all users in the system. Distributed broadcast encryption offers an appealing alternative where there is a one-time (trusted) setup...

2024/1294 (PDF) Last updated: 2024-09-06
Don't Trust Setup! New Directions in Pre-Constrained Cryptography
Shweta Agrawal, Simran Kumari, Ryo Nishimaki
Public-key cryptography

The recent works of Ananth et al. (ITCS 2022) and Bartusek et al. (Eurocrypt 2023) initiated the study of pre-constrained cryptography which achieves meaningful security even against the system authority. In this work we significantly expand this area by defining several new primitives and providing constructions from simple, standard assumptions as follows. - Pre-Constrained Encryption. We define a weaker notion of pre-constrained encryption (PCE), as compared to the work of Ananth et...

2024/1213 (PDF) Last updated: 2024-07-29
Bounded-Collusion Streaming Functional Encryption from Minimal Assumptions
Kaartik Bhushan, Alexis Korb, Amit Sahai
Public-key cryptography

Streaming functional encryption (sFE), recently introduced by Guan, Korb, and Sahai [Crypto 2023], is an extension of functional encryption (FE) tailored for iterative computation on dynamic data streams. Unlike in regular FE, in an sFE scheme, users can encrypt and compute on the data as soon as it becomes available and in time proportional to just the size of the newly arrived data. As sFE implies regular FE, all known constructions of sFE and FE for $\mathsf{P/Poly}$ require strong...

2024/1080 (PDF) Last updated: 2024-07-03
Separating Selective Opening Security From Standard Security, Assuming IO
Justin Holmgren, Brent Waters
Foundations

Assuming the hardness of LWE and the existence of IO, we construct a public-key encryption scheme that is IND-CCA secure but fails to satisfy even a weak notion of indistinguishability security with respect to selective opening attacks. Prior to our work, such a separation was known only from stronger assumptions such as differing inputs obfuscation (Hofheinz, Rao, and Wichs, PKC 2016). Central to our separation is a new hash family, which may be of independent interest. Specifically,...

2024/933 (PDF) Last updated: 2024-07-03
A Pure Indistinguishability Obfuscation Approach to Adaptively-Sound SNARGs for NP
Brent Waters, David J. Wu
Foundations

We construct an adaptively-sound succinct non-interactive argument (SNARG) for NP in the CRS model from sub-exponentially-secure indistinguishability obfuscation ($i\mathcal{O}$) and sub-exponentially-secure one-way functions. Previously, Waters and Wu (STOC 2024), and subsequently, Waters and Zhandry (CRYPTO 2024) showed how to construct adaptively-sound SNARGs for NP by relying on sub-exponentially-secure indistinguishability obfuscation, one-way functions, and an additional algebraic...

2024/931 (PDF) Last updated: 2024-10-14
Multi-Hop Multi-Key Homomorphic Signatures with Context Hiding from Standard Assumptions
Abtin Afshar, Jiaqi Cheng, Rishab Goyal
Public-key cryptography

Fully homomorphic signatures are a significant strengthening of digital signatures, enabling computations on \emph{secretly} signed data. Today, we have multiple approaches to design fully homomorphic signatures such as from lattices, or succinct functional commitments, or indistinguishability obfuscation, or mutable batch arguments. Unfortunately, all existing constructions for homomorphic signatures suffer from one or more limitations. We do not have homomorphic signatures with features...

2024/856 (PDF) Last updated: 2024-09-26
Indistinguishability Obfuscation from Bilinear Maps and LPN Variants
Seyoon Ragavan, Neekon Vafa, Vinod Vaikuntanathan
Foundations

We construct an indistinguishability obfuscation (IO) scheme from the sub-exponential hardness of the decisional linear problem on bilinear groups together with two variants of the learning parity with noise (LPN) problem, namely large-field LPN and (binary-field) sparse LPN. This removes the need to assume the existence pseudorandom generators (PRGs) in $\mathsf{NC}^0$ with polynomial stretch from the state-of-the-art construction of IO (Jain, Lin, and Sahai, EUROCRYPT 2022). As an...

2024/606 (PDF) Last updated: 2024-04-19
Classical Commitments to Quantum States
Sam Gunn, Yael Tauman Kalai, Anand Natarajan, Agi Villanyi
Cryptographic protocols

We define the notion of a classical commitment scheme to quantum states, which allows a quantum prover to compute a classical commitment to a quantum state, and later open each qubit of the state in either the standard or the Hadamard basis. Our notion is a strengthening of the measurement protocol from Mahadev (STOC 2018). We construct such a commitment scheme from the post-quantum Learning With Errors (LWE) assumption, and more generally from any noisy trapdoor claw-free function family...

2024/491 (PDF) Last updated: 2024-03-27
Updatable Policy-Compliant Signatures
Christian Badertscher, Monosij Maitra, Christian Matt, Hendrik Waldner
Cryptographic protocols

Policy-compliant signatures (PCS) are a recently introduced primitive by Badertscher et al. [TCC 2021] in which a central authority distributes secret and public keys associated with sets of attributes (e.g., nationality, affiliation with a specific department, or age) to its users. The authority also enforces a policy determining which senders can sign messages for which receivers based on a joint check of their attributes. For example, senders and receivers must have the same nationality,...

2024/420 (PDF) Last updated: 2024-06-25
Gap MCSP is not (Levin) NP-complete in Obfustopia
Noam Mazor, Rafael Pass
Foundations

We demonstrate that under believable cryptographic hardness assumptions, Gap versions of standard meta-complexity problems, such as the Minimum Circuit Size problem (MCSP) and the Minimum Time-Bounded Kolmogorov Complexity problem (MKTP) are not NP-complete w.r.t. Levin (i.e., witness-preserving many-to-one) reductions. In more detail: - Assuming the existence of indistinguishability obfuscation, and subexponentially-secure one-way functions, an appropriate Gap version of MCSP is not...

2024/355 (PDF) Last updated: 2024-02-27
Adaptively Secure Streaming Functional Encryption
Pratish Datta, Jiaxin Guan, Alexis Korb, Amit Sahai
Cryptographic protocols

This paper introduces the first adaptively secure streaming functional encryption (sFE) scheme for P/Poly. sFE stands as an evolved variant of traditional functional encryption (FE), catering specifically to contexts with vast and/or dynamically evolving data sets. sFE is designed for applications where data arrives in a streaming fashion and is computed on in an iterative manner as the stream arrives. Unlike standard FE, in sFE: (1) encryption is possible without knowledge of the full data...

2024/263 (PDF) Last updated: 2024-02-16
Threshold Encryption with Silent Setup
Sanjam Garg, Dimitris Kolonelos, Guru-Vamsi Policharla, Mingyuan Wang
Public-key cryptography

We build a concretely efficient threshold encryption scheme where the joint public key of a set of parties is computed as a deterministic function of their locally computed public keys, enabling a silent setup phase. By eliminating interaction from the setup phase, our scheme immediately enjoys several highly desirable features such as asynchronous setup, multiverse support, and dynamic threshold. Prior to our work, the only known constructions of threshold encryption with silent setup...

2024/254 (PDF) Last updated: 2024-02-16
Adaptive Security in SNARGs via iO and Lossy Functions
Brent Waters, Mark Zhandry
Foundations

We construct an adaptively sound SNARGs in the plain model with CRS relying on the assumptions of (subexponential) indistinguishability obfuscation (iO), subexponential one-way functions and a notion of lossy functions we call length parameterized lossy functions. Length parameterized lossy functions take in separate security and input length parameters and have the property that the function image size in lossy mode depends only on the security parameter. We then show a novel way of...

2024/249 (PDF) Last updated: 2024-05-30
Robust Additive Randomized Encodings from IO and Pseudo-Non-linear Codes
Nir Bitansky, Sapir Freizeit
Cryptographic protocols

Additive randomized encodings (ARE), introduced by Halevi, Ishai, Kushilevitz, and Rabin (CRYPTO 2023), reduce the computation of a k-party function $f (x_1, . . . , x_k )$ to locally computing encodings $\hat{x}_i$ of each input xi and then adding them together over some Abelian group into an output encoding $\hat{y} = ∑ \hat{x}_i$, which reveals nothing but the result. In robust ARE (RARE) the sum of any subset of $\hat{x}_i$, reveals only the residual function obtained by restricting the...

2024/227 (PDF) Last updated: 2024-04-01
Adaptively Sound Zero-Knowledge SNARKs for UP
Surya Mathialagan, Spencer Peters, Vinod Vaikuntanathan

We study succinct non-interactive arguments (SNARGs) and succinct non-interactive arguments of knowledge (SNARKs) for the class $\mathsf{UP}$ in the reusable designated verifier model. $\mathsf{UP}$ is an expressive subclass of $\mathsf{NP}$ consisting of all $\mathsf{NP}$ languages where each instance has at most one witness; a designated verifier SNARG (dvSNARG) is one where verification of the SNARG proof requires a private verification key; and such a dvSNARG is reusable if soundness...

2024/225 (PDF) Last updated: 2024-02-13
Universal Computational Extractors from Lattice Assumptions
Yilei Chen, Xinyu Mao
Foundations

Universal computational extractors (UCEs), introduced by Bellare, Hoang, and Keelveedhi [BHK13], can securely replace random oracles in various applications, including KDM-secure encryption, deterministic encryption, RSA-OAEP, etc. Despite its usefulness, constructing UCE in the standard model is challenging. The only known positive result is given by Brzuska and Mittelbach [BM14], who construct UCE with strongly computationally unpredictable one-query source assuming indistinguishability...

2024/179 (PDF) Last updated: 2024-10-11
Traitor Tracing without Trusted Authority from Registered Functional Encryption
Pedro Branco, Russell W. F. Lai, Monosij Maitra, Giulio Malavolta, Ahmadreza Rahimi, Ivy K. Y. Woo
Public-key cryptography

Traitor-tracing systems allow identifying the users who contributed to building a rogue decoder in a broadcast environment. In a traditional traitor-tracing system, a key authority is responsible for generating the global public parameters and issuing secret keys to users. All security is lost if the \emph{key authority itself} is corrupt. This raises the question: Can we construct a traitor-tracing scheme, without a trusted authority? In this work, we propose a new model for...

2024/177 (PDF) Last updated: 2024-02-06
Registered Functional Encryption for Quadratic Functions from MDDH
Qiaohan Chu, Li Lin, Chen Qian, Jie Chen
Public-key cryptography

We present a Registered Functional Encryption (RFE) scheme for inner product and a RFE scheme for quadratic functions based on pairings and relying on the Matrix Decision Diffie-Hellman (MDDH) assumption and bilateral MDDH assumption. Previously, RFE is only known to be constructed from indistinguishability obfuscation (iO) in Francati-Friolo-Maitra-Malavolta-Rahimi-Venturi [Asiacrypt '23].

2024/165 (PDF) Last updated: 2024-02-05
Adaptively-Sound Succinct Arguments for NP from Indistinguishability Obfuscation
Brent Waters, David J. Wu
Foundations

A succinct non-interactive argument (SNARG) for $\mathsf{NP}$ allows a prover to convince a verifier that an $\mathsf{NP}$ statement $x$ is true with a proof of size $o(|x| + |w|)$, where $w$ is the associated $\mathsf{NP}$ witness. A SNARG satisfies adaptive soundness if the malicious prover can choose the statement to prove after seeing the scheme parameters. In this work, we provide the first adaptively-sound SNARG for $\mathsf{NP}$ in the plain model assuming sub-exponentially-hard...

2024/082 (PDF) Last updated: 2024-01-18
Quantum State Obfuscation from Classical Oracles
James Bartusek, Zvika Brakerski, Vinod Vaikuntanathan
Cryptographic protocols

A major unresolved question in quantum cryptography is whether it is possible to obfuscate arbitrary quantum computation. Indeed, there is much yet to understand about the feasibility of quantum obfuscation even in the classical oracle model, where one is given for free the ability to obfuscate any classical circuit. In this work, we develop a new array of techniques that we use to construct a quantum state obfuscator, a powerful notion formalized recently by Coladangelo and Gunn...

2024/068 (PDF) Last updated: 2024-06-05
Laconic Function Evaluation, Functional Encryption and Obfuscation for RAMs with Sublinear Computation
Fangqi Dong, Zihan Hao, Ethan Mook, Daniel Wichs
Public-key cryptography

Laconic function evaluation (LFE) is a "flipped" version of fully homomorphic encryption, where the server performing the computation gets the output. The server commits itself to a function $f$ by outputting a small digest. Clients can later efficiently encrypt inputs $x$ with respect to the digest in much less time than computing $f$, and ensure that the server only decrypts $f(x)$, but does not learn anything else about $x$. Prior works constructed LFE for circuits under LWE, and for...

2024/053 (PDF) Last updated: 2024-01-14
Anonymous Homomorphic IBE with Application to Anonymous Aggregation
Michael Clear, Ciaran McGoldrick, Hitesh Tewari
Public-key cryptography

All anonymous identity-based encryption (IBE) schemes that are group homomorphic (to the best of our knowledge) require knowledge of the identity to compute the homomorphic operation. This paper is motivated by this open problem, namely to construct an anonymous group-homomorphic IBE scheme that does not sacrifice anonymity to perform homomorphic operations. Note that even when strong assumptions such as indistinguishability obfuscation (iO) are permitted, no schemes are known. We succeed in...

2024/006 (PDF) Last updated: 2024-01-27
Towards general-purpose program obfuscation via local mixing
Ran Canetti, Claudio Chamon, Eduardo Mucciolo, Andrei Ruckenstein
Foundations

We explore the possibility of obtaining general-purpose obfuscation for all circuits by way of making only simple, local, functionality preserving random perturbations in the circuit structure. Towards this goal, we use the additional structure provided by reversible circuits, but no additional algebraic structure. We start by formulating a new (and relatively weak) obfuscation task regarding the ability to obfuscate random circuits of bounded length. We call such obfuscators random...

2023/1972 (PDF) Last updated: 2023-12-31
Hard Languages in $\mathsf{NP} \cap \mathsf{coNP}$ and NIZK Proofs from Unstructured Hardness
Riddhi Ghosal, Yuval Ishai, Alexis Korb, Eyal Kushilevitz, Paul Lou, Amit Sahai
Foundations

The existence of "unstructured" hard languages in $\mathsf{NP} \,\cap\,\mathsf{coNP}$ is an intriguing open question. Bennett and Gill (SICOMP, 1981) asked whether $\mathsf{P}$ is separated from $\mathsf{NP} \cap \mathsf{coNP}$ relative to a random oracle, a question that remained open ever since. While a hard language in $\mathsf{NP} \,\cap\,\mathsf{coNP}$ can be constructed in a black-box way from a one-way permutation, for which only few (structured) candidates exist, Bitansky et al....

2023/1818 (PDF) Last updated: 2024-01-23
On Instantiating Unleveled Fully-Homomorphic Signatures from Falsifiable Assumptions
Romain Gay, Bogdan Ursu
Foundations

We build the first unleveled fully homomorphic signature scheme in the standard model. Our scheme is not constrained by any a-priori bound on the depth of the functions that can be homomorphically evaluated, and relies on subexponentially-secure indistinguishability obfuscation, fully-homomorphic encryption and a non-interactive zero-knowledge (NIZK) proof system with composable zero-knowledge. Our scheme is also the first to satisfy the strong security notion of context-hiding for an...

2023/1797 (PDF) Last updated: 2024-03-04
A Modular Approach to Unclonable Cryptography
Prabhanjan Ananth, Amit Behera
Foundations

We explore a new pathway to designing unclonable cryptographic primitives. We propose a new notion called unclonable puncturable obfuscation (UPO) and study its implications for unclonable cryptography. Using UPO, we present modular (and in some cases, arguably, simple) constructions of many primitives in unclonable cryptography, including, public-key quantum money, quantum copy-protection for many classes of functionalities, unclonable encryption, and single-decryption encryption....

2023/1756 (PDF) Last updated: 2024-05-03
How to Use Quantum Indistinguishability Obfuscation
Andrea Coladangelo, Sam Gunn
Foundations

Quantum copy protection, introduced by Aaronson, enables giving out a quantum program-description that cannot be meaningfully duplicated. Despite over a decade of study, copy protection is only known to be possible for a very limited class of programs. As our first contribution, we show how to achieve "best-possible" copy protection for all programs. We do this by introducing quantum state indistinguishability obfuscation (qsiO), a notion of obfuscation for quantum descriptions of...

2023/1716 (PDF) Last updated: 2023-11-06
Attribute-Based Encryption for Circuits of Unbounded Depth from Lattices: Garbled Circuits of Optimal Size, Laconic Functional Evaluation, and More
Yao-Ching Hsieh, Huijia Lin, Ji Luo
Public-key cryptography

Although we have known about fully homomorphic encryption (FHE) from circular security assumptions for over a decade [Gentry, STOC '09; Brakerski–Vaikuntanathan, FOCS '11], there is still a significant gap in understanding related homomorphic primitives supporting all *unrestricted* polynomial-size computations. One prominent example is attribute-based encryption (ABE). The state-of-the-art constructions, relying on the hardness of learning with errors (LWE) [Gorbunov–Vaikuntanathan–Wee,...

2023/1593 (PDF) Last updated: 2023-10-14
Multi-Party Homomorphic Secret Sharing and Sublinear MPC from Sparse LPN
Quang Dao, Yuval Ishai, Aayush Jain, Huijia Lin
Cryptographic protocols

Over the past few years, homomorphic secret sharing (HSS) emerged as a compelling alternative to fully homomorphic encryption (FHE), due to its feasibility from an array of standard assumptions and its potential efficiency benefits. However, all known HSS schemes, with the exception of schemes built from FHE or indistinguishability obfuscation (iO), can only support two or four parties. In this work, we give the first construction of a multi-party HSS scheme for a non-trivial function...

2023/1582 (PDF) Last updated: 2024-02-29
Time-Lock Puzzles with Efficient Batch Solving
Jesko Dujmovic, Rachit Garg, Giulio Malavolta
Cryptographic protocols

Time-Lock Puzzles (TLPs) are a powerful tool for concealing messages until a predetermined point in time. When solving multiple puzzles, it becomes crucial to have the ability to "batch-solve" puzzles, i.e., simultaneously open multiple puzzles while working to solve a "single one". Unfortunately, all previously known TLP constructions equipped for batch solving rely on super-polynomially secure indistinguishability obfuscation, making them impractical. In light of this challenge, we...

2023/1376 (PDF) Last updated: 2023-09-14
Bootstrapping Homomorphic Encryption via Functional Encryption
Nir bitansky, Tomer Solomon
Foundations

Homomorphic encryption is a central object in modern cryptography, with far-reaching applications. Constructions supporting homomorphic evaluation of arbitrary Boolean circuits have been known for over a decade, based on standard lattice assumptions. However, these constructions are leveled, meaning that they only support circuits up to some a-priori bounded depth. These leveled constructions can be bootstrapped into fully homomorphic ones, but this requires additional circular security...

2023/1291 (PDF) Last updated: 2023-08-29
On the Invalidity of LV16/Lin17 Obfuscation Schemes Revisited
Yupu Hu, Siyue Dong, Baocang Wang, Xingting Dong
Attacks and cryptanalysis

LV16/Lin17 IO schemes are famous progresses towards simplifying obfuscation mechanism. In fact, these two schemes only constructed two compact functional encryption (CFE) algorithms, while other things were taken to the AJ15 IO frame or BV15 IO frame. CFE algorithms are inserted into the AJ15 IO frame or BV15 IO frame to form a complete IO scheme. We stated the invalidity of LV16/Lin17 IO schemes. More detailedly, under reasonable assumption “real white box (RWB)” LV16/Lin17 CFE algorithms...

2023/1270 (PDF) Last updated: 2023-08-22
Computational Wiretap Coding from Indistinguishability Obfuscation
Yuval Ishai, Aayush Jain, Paul Lou, Amit Sahai, Mark Zhandry
Cryptographic protocols

A wiretap coding scheme for a pair of noisy channels $(\mathsf{ChB},\mathsf{ChE})$ enables Alice to reliably communicate a message to Bob by sending its encoding over $\mathsf{ChB}$, while hiding the message from an adversary Eve who obtains the same encoding over $\mathsf{ChE}$. A necessary condition for the feasibility of wiretap coding is that $\mathsf{ChB}$ is not a degradation of $\mathsf{ChE}$, namely Eve cannot simulate Bob’s view. While insufficient in the information-theoretic...

2023/925 (PDF) Last updated: 2023-06-13
Homomorphic Indistinguishability Obfuscation and its Applications
Kaartik Bhushan, Venkata Koppula, Manoj Prabhakaran
Applications

In this work, we propose the notion of homomorphic indistinguishability obfuscation ($\mathsf{HiO}$) and present a construction based on subexponentially-secure $\mathsf{iO}$ and one-way functions. An $\mathsf{HiO}$ scheme allows us to convert an obfuscation of circuit $C$ to an obfuscation of $C'\circ C$, and this can be performed obliviously (that is, without knowing the circuit $C$). A naive solution would be to obfuscate $C' \circ \mathsf{iO}(C)$. However, if we do this for $k$ hops,...

2023/874 (PDF) Last updated: 2023-09-19
Distributed Broadcast Encryption from Bilinear Groups
Dimitris Kolonelos, Giulio Malavolta, Hoeteck Wee
Public-key cryptography

Distributed broadcast encryption (DBE) improves on the traditional notion of broadcast encryption by eliminating the key-escrow problem: In a DBE system, users generate their own secret keys non- interactively without the help of a trusted party. Then anyone can broadcast a message for a subset S of the users, in such a way that the resulting ciphertext size is sublinear in (and, ideally, independent of) |S|. Unfortunately, the only known constructions of DBE requires heavy cryptographic...

2023/863 (PDF) Last updated: 2023-10-11
On the (Im)possibility of Distributed Samplers: Lower Bounds and Party-Dynamic Constructions
Damiano Abram, Maciej Obremski, Peter Scholl
Cryptographic protocols

Distributed samplers, introduced by Abram, Scholl and Yakoubov (Eurocrypt ’22), are a one-round, multi-party protocol for securely sampling from any distribution. We give new lower and upper bounds for constructing distributed samplers in challenging scenarios. First, we consider the feasibility of distributed samplers with a malicious adversary in the standard model; the only previous construction in this setting relies on a random oracle. We show that for any UC-secure construction in the...

2023/812 (PDF) Last updated: 2023-07-21
How to Use (Plain) Witness Encryption: Registered ABE, Flexible Broadcast, and More
Cody Freitag, Brent Waters, David J. Wu
Cryptographic protocols

Witness encryption is a generalization of public-key encryption where the public key can be any NP statement x and the associated decryption key is any witness w for x. While early constructions of witness encryption relied on multilinear maps and indistinguishability obfuscation (iO), recent works have provided direct constructions of witness encryption that are more efficient than iO (and also seem unlikely to yield iO). Motivated by this progress, we revisit the possibility of using...

2023/719 (PDF) Last updated: 2024-02-27
Lower Bounds for Lattice-based Compact Functional Encryption
Erkan Tairi, Akın Ünal
Public-key cryptography

Functional encryption (FE) is a primitive where the holder of a master secret key can control which functions a user can evaluate on encrypted data. It is a powerful primitive that even implies indistinguishability obfuscation (iO), given sufficiently compact ciphertexts (Ananth-Jain, CRYPTO'15 and Bitansky-Vaikuntanathan, FOCS'15). However, despite being extensively studied, there are FE schemes, such as function-hiding inner-product FE (Bishop-Jain-Kowalczyk, AC'15,...

2023/705 (PDF) Last updated: 2023-05-26
Deniable Cryptosystems: Simpler Constructions and Achieving Leakage Resilience
Zhiyuan An, Haibo Tian, Chao Chen, Fangguo Zhang
Public-key cryptography

Deniable encryption (Canetti et al. CRYPTO ’97) is an intriguing primitive, which provides security guarantee against coercion by allowing a sender to convincingly open the ciphertext into a fake message. Despite the notable result by Sahai and Waters STOC ’14 and other efforts in functionality extension, all the deniable public key encryption (DPKE) schemes suffer from intolerable overhead due to the heavy building blocks, e.g., translucent sets or indistinguishability obfuscation. Besides,...

2023/692 (PDF) Last updated: 2023-09-04
On the Invalidity of LV16/Lin17 Obfuscation Schemes
Yupu Hu, Siyue Dong, Baocang Wang, Xingting Dong
Attacks and cryptanalysis

Indistinguishability obfuscation (IO) is at the frontier of cryptography research for several years. LV16/Lin17 obfuscation schemes are famous progresses towards simplifying obfuscation mechanism. In fact, these two schemes only constructed two compact functional encryption (CFE) algorithms, while other things were taken to AJ15 IO frame or BV15 IO frame. That is, CFE algorithms are inserted into AJ15 IO frame or BV15 IO frame to form a complete IO scheme. The basic structure of two CFE...

2023/673 (PDF) Last updated: 2023-05-11
Tracing Quantum State Distinguishers via Backtracking
Mark Zhandry
Foundations

We show the following results: - The post-quantum equivalence of indistinguishability obfuscation and differing inputs obfuscation in the restricted setting where the outputs differ on at most a polynomial number of points. Our result handles the case where the auxiliary input may contain a quantum state; previous results could only handle classical auxiliary input. - Bounded collusion traitor tracing from general public key encryption, where the decoder is allowed to contain a...

2023/559 (PDF) Last updated: 2023-10-16
Weakening Assumptions for Publicly-Verifiable Deletion
James Bartusek, Dakshita Khurana, Giulio Malavolta, Alexander Poremba, Michael Walter
Public-key cryptography

We develop a simple compiler that generically adds publicly-verifiable deletion to a variety of cryptosystems. Our compiler only makes use of one-way functions (or one-way state generators, if we allow the public verification key to be quantum). Previously, similar compilers either relied on the use of indistinguishability obfuscation (Bartusek et. al., ePrint:2023/265) or almost-regular one-way functions (Bartusek, Khurana and Poremba, arXiv:2303.08676).

2023/502 (PDF) Last updated: 2023-04-07
Laconic Function Evaluation for Turing Machines
Nico Döttling, Phillip Gajland, Giulio Malavolta
Public-key cryptography

Laconic function evaluation (LFE) allows Alice to compress a large circuit $\mathbf{C}$ into a small digest $\mathsf{d}$. Given Alice's digest, Bob can encrypt some input $x$ under $\mathsf{d}$ in a way that enables Alice to recover $\mathbf{C}(x)$, without learning anything beyond that. The scheme is said to be $laconic$ if the size of $\mathsf{d}$, the runtime of the encryption algorithm, and the size of the ciphertext are all sublinear in the size of $\mathbf{C}$. Until now, all...

2023/501 (PDF) Last updated: 2023-04-06
New Ways to Garble Arithmetic Circuits
Marshall Ball, Hanjun Li, Huijia Lin, Tianren Liu
Foundations

The beautiful work of Applebaum, Ishai, and Kushilevitz [FOCS'11] initiated the study of arithmetic variants of Yao's garbled circuits. An arithmetic garbling scheme is an efficient transformation that converts an arithmetic circuit $C: \mathcal{R}^n \rightarrow \mathcal{R}^m$ over a ring $\mathcal{R}$ into a garbled circuit $\widehat C$ and $n$ affine functions $L_i$ for $i \in [n]$, such that $\widehat C$ and $L_i(x_i)$ reveals only the output $C(x)$ and no other information of $x$. AIK...

2023/457 (PDF) Last updated: 2023-10-12
Registered FE beyond Predicates: (Attribute-Based) Linear Functions and more
Pratish Datta, Tapas Pal, Shota Yamada
Public-key cryptography

This paper introduces the first registered functional encryption RFE scheme tailored for linear functions. Distinctly different from classical functional encryption (FE), RFE addresses the key-escrow issue and negates the master key exfiltration attack. Instead of relying on a centralized trusted authority, it introduces a “key curator” - a fully transparent entity that does not retain secrets. In an RFE framework, users independently generate secret keys and subsequently register their...

2023/395 (PDF) Last updated: 2024-08-15
Registered (Inner-Product) Functional Encryption
Danilo Francati, Daniele Friolo, Monosij Maitra, Giulio Malavolta, Ahmadreza Rahimi, Daniele Venturi
Public-key cryptography

Registered encryption (Garg $et\ al.$, TCC'18) is an emerging paradigm that tackles the key-escrow problem associated with identity-based encryption by replacing the private-key generator with a much weaker entity known as the key curator. The key curator holds no secret information, and is responsible to: (i) update the master public key whenever a new user registers its own public key to the system; (ii) provide helper decryption keys to the users already registered in the system, in...

2023/343 (PDF) Last updated: 2023-03-08
A Map of Witness Maps: New Definitions and Connections
Suvradip Chakraborty, Manoj Prabhakaran, Daniel Wichs
Public-key cryptography

A \emph{witness map} deterministically maps a witness $w$ of some NP statement $x$ into computationally sound proof that $x$ is true, with respect to a public common reference string (CRS). In other words, it is a deterministic, non-interactive, computationally sound proof system in the CRS model. A \emph{unique witness map} (UWM) ensures that for any fixed statement $x$, the witness map should output the same \emph{unique} proof for $x$, no matter what witness $w$ it is applied to. More...

2023/264 (PDF) Last updated: 2023-04-06
Public Key Encryption with Secure Key Leasing
Shweta Agrawal, Fuyuki Kitagawa, Ryo Nishimaki, Shota Yamada, Takashi Yamakawa
Public-key cryptography

We introduce the notion of public key encryption with secure key leasing (PKE-SKL). Our notion supports the leasing of decryption keys so that a leased key achieves the decryption functionality but comes with the guarantee that if the quantum decryption key returned by a user passes a validity test, then the user has lost the ability to decrypt. Our notion is similar in spirit to the notion of secure software leasing (SSL) introduced by Ananth and La Placa (Eurocrypt 2021) but captures...

2023/252 (PDF) Last updated: 2023-11-19
Obfuscation of Pseudo-Deterministic Quantum Circuits
James Bartusek, Fuyuki Kitagawa, Ryo Nishimaki, Takashi Yamakawa
Foundations

We show how to obfuscate pseudo-deterministic quantum circuits in the classical oracle model, assuming the quantum hardness of learning with errors. Given the classical description of a quantum circuit $Q$, our obfuscator outputs a quantum state $\ket{\widetilde{Q}}$ that can be used to evaluate $Q$ repeatedly on arbitrary inputs. Instantiating the classical oracle using any candidate post-quantum indistinguishability obfuscator gives us the first candidate construction of...

2023/236 (PDF) Last updated: 2024-03-29
Certified Everlasting Secure Collusion-Resistant Functional Encryption, and More
Taiga Hiroka, Fuyuki Kitagawa, Tomoyuki Morimae, Ryo Nishimaki, Tapas Pal, Takashi Yamakawa
Public-key cryptography

We study certified everlasting secure functional encryption (FE) and many other cryptographic primitives in this work. Certified everlasting security roughly means the following. A receiver possessing a quantum cryptographic object (such as ciphertext) can issue a certificate showing that the receiver has deleted the cryptographic object and information included in the object (such as plaintext) was lost. If the certificate is valid, the security is guaranteed even if the receiver becomes...

2023/234 (PDF) Last updated: 2023-02-20
Privately Puncturing PRFs from Lattices: Adaptive Security and Collusion Resistant Pseudorandomness
Rupeng Yang
Public-key cryptography

A private puncturable pseudorandom function (PRF) enables one to create a constrained version of a PRF key, which can be used to evaluate the PRF at all but some punctured points. In addition, the constrained key reveals no information about the punctured points and the PRF values on them. Existing constructions of private puncturable PRFs are only proven to be secure against a restricted adversary that must commit to the punctured points before viewing any information. It is an open problem...

2023/229 (PDF) Last updated: 2023-09-21
One-out-of-Many Unclonable Cryptography: Definitions, Constructions, and More
Fuyuki Kitagawa, Ryo Nishimaki
Foundations

The no-cloning principle of quantum mechanics enables us to achieve amazing unclonable cryptographic primitives, which is impossible in classical cryptography. However, the security definitions for unclonable cryptography are tricky. Achieving desirable security notions for unclonability is a challenging task. In particular, there is no indistinguishable-secure unclonable encryption and quantum copy-protection for single-bit output point functions in the standard model. To tackle this...

2022/1781 (PDF) Last updated: 2022-12-31
COA-Secure Obfuscation and Applications
Ran Canetti, Suvradip Chakraborty, Dakshita Khurana, Nishanth Kumar, Oxana Poburinnaya, Manoj Prabhakaran
Foundations

We put forth a new paradigm for program obfuscation, where obfuscated programs are endowed with proofs of ``well-formedness.'' In addition to asserting existence of an underlying plaintext program with an attested structure and functionality, these proofs also prevent mauling attacks, whereby an adversary surreptitiously creates an obfuscated program based on secrets which are embedded in a given obfuscated program. We call this new guarantee Chosen Obfuscation Attack (COA) security....

2022/1760 (PDF) Last updated: 2024-03-01
Fully Succinct Batch Arguments for NP from Indistinguishability Obfuscation
Rachit Garg, Kristin Sheridan, Brent Waters, David J. Wu
Cryptographic protocols

Non-interactive batch arguments for $\mathsf{NP}$ provide a way to amortize the cost of $\mathsf{NP}$ verification across multiple instances. In particular, they allow a prover to convince a verifier of multiple $\mathsf{NP}$ statements with communication that scales sublinearly in the number of instances. In this work, we study fully succinct batch arguments for $\mathsf{NP}$ in the common reference string (CRS) model where the length of the proof scales not only sublinearly in the...

2022/1699 (PDF) Last updated: 2022-12-07
SoK: Use of Cryptography in Malware Obfuscation
Hassan Asghar, Benjamin Zi Hao Zhao, Muhammad Ikram, Giang Nguyen, Dali Kaafar, Sean Lamont, Daniel Coscia
Foundations

We look at the use of cryptography to obfuscate malware. Most surveys on malware obfuscation only discuss simple encryption techniques (e.g., XOR encryption), which are easy to defeat (in principle), since the decryption algorithm and the key is shipped within the program. This SoK proposes a principled definition of malware obfuscation, and categorises instances of malware obfuscation that use cryptographic tools into those which evade detection and those which are detectable. The SoK first...

2022/1637 (PDF) Last updated: 2022-11-24
Polynomial-Time Cryptanalysis of the Subspace Flooding Assumption for Post-Quantum $i\mathcal{O}$
Aayush Jain, Huijia Lin, Paul Lou, Amit Sahai
Attacks and cryptanalysis

Indistinguishability Obfuscation $(i\mathcal{O})$ is a highly versatile primitive implying a myriad advanced cryptographic applications. Up until recently, the state of feasibility of $i\mathcal{O}$ was unclear, which changed with works (Jain-Lin-Sahai STOC 2021, Jain-Lin-Sahai Eurocrypt 2022) showing that $i\mathcal{O}$ can be finally based upon well-studied hardness assumptions. Unfortunately, one of these assumptions is broken in quantum polynomial time. Luckily, the line work of...

2022/1584 (PDF) Last updated: 2022-11-15
Instantiability of Classical Random-Oracle-Model Encryption Transforms
Alice Murphy, Adam O'Neill, Mohammad Zaheri
Public-key cryptography

Extending work leveraging program obfuscation to instantiate random-oracle-based transforms (e.g., Hohenberger et al., EUROCRYPT 2014, Kalai et al., CRYPTO 2017), we show that, using obfuscation and other assumptions, there exist standard-model hash functions that suffice to instantiate the classical RO-model encryption transforms OAEP (Bellare and Rogaway, EUROCRYPT 1994) and Fujisaki-Okamoto (CRYPTO 1999, J. Cryptology 2013) for specific public-key encryption (PKE) schemes to achieve...

2022/1500 (PDF) Last updated: 2023-02-07
Registered Attribute-Based Encryption
Susan Hohenberger, George Lu, Brent Waters, David J. Wu
Public-key cryptography

Attribute-based encryption (ABE) generalizes public-key encryption and enables fine-grained control to encrypted data. However, ABE upends the traditional trust model of public-key encryption by requiring a single trusted authority to issue decryption keys. If an adversary compromises the central authority and exfiltrates its secret key, then the adversary can decrypt every ciphertext in the system. This work introduces registered ABE, a primitive that allows users to generate secret keys...

2022/1430 (PDF) Last updated: 2022-10-20
Indistinguishability Obfuscation via Mathematical Proofs of Equivalence
Abhishek Jain, Zhengzhong Jin
Foundations

Over the last decade, indistinguishability obfuscation (iO) has emerged as a seemingly omnipotent primitive in cryptography. Moreover, recent breakthrough work has demonstrated that iO can be realized from well-founded assumptions. A thorn to all this remarkable progress is a limitation of all known constructions of general-purpose iO: the security reduction incurs a loss that is exponential in the input length of the function. This ``input-length barrier'' to iO stems from the...

2022/1395 (PDF) Last updated: 2023-09-23
Non-Interactive Anonymous Router with Quasi-Linear Router Computation
Rex Fernando, Elaine Shi, Pratik Soni, Nikhil Vanjani, Brent Waters
Foundations

Anonymous routing is an important cryptographic primitive that allows users to communicate privately on the Internet, without revealing their message contents or their contacts. Until the very recent work of Shi and Wu (Eurocrypt’21), all classical anonymous routing schemes are interactive protocols, and their security rely on a threshold number of the routers being honest. The recent work of Shi and Wu suggested a new abstraction called Non-Interactive Anonymous Router (NIAR), and showed...

2022/1347 (PDF) Last updated: 2023-03-29
Broadcast, Trace and Revoke with Optimal Parameters from Polynomial Hardness
Shweta Agrawal, Simran Kumari, Anshu Yadav, Shota Yamada
Cryptographic protocols

A broadcast, trace and revoke system generalizes broadcast encryption as well as traitor tracing. In such a scheme, an encryptor can specify a list $L \subseteq N$ of revoked users so that (i) users in $L$ can no longer decrypt ciphertexts, (ii) ciphertext size is independent of $L$, (iii) a pirate decryption box supports tracing of compromised users. The ``holy grail'' of this line of work is a construction which resists unbounded collusions, achieves all parameters (including public and...

2022/1324 (PDF) Last updated: 2022-10-05
Adaptive Multiparty NIKE
Venkata Koppula, Brent Waters, Mark Zhandry
Foundations

We construct adaptively secure multiparty non-interactive key exchange (NIKE) from polynomially hard indistinguishability obfuscation and other standard assumptions. This improves on all prior such protocols, which required sub-exponential hardness. Along the way, we establish several compilers which simplify the task of constructing new multiparty NIKE protocols, and also establish a close connection with a particular type of constrained PRF.

2022/1301 Last updated: 2022-10-19
On the Invalidity of Lin16/Lin17 Obfuscation Schemes
Hu Yupu, Dong Siyue, Wang Baocang, Dong Xingting
Attacks and cryptanalysis

Indistinguishability obfuscation (IO) is at the frontier of cryptography research. Lin16/Lin17 obfuscation schemes are famous progresses towards simplifying obfuscation mechanism. Their basic structure can be described in the following way: to obfuscate a polynomial-time-computable Boolean function $c(x)$, first divide it into a group of component functions with low-degree and low-locality by using randomized encoding, and then hide the shapes of these component functions by using...

2022/1284 (PDF) Last updated: 2023-10-28
(Inner-Product) Functional Encryption with Updatable Ciphertexts
Valerio Cini, Sebastian Ramacher, Daniel Slamanig, Christoph Striecks, Erkan Tairi
Public-key cryptography

We propose a novel variant of functional encryption which supports ciphertext updates, dubbed ciphertext-updatable functional encryption (CUFE). Such a feature further broadens the practical applicability of the functional-encryption paradigm and allows for fine-grained access control even after a ciphertext is generated. Updating ciphertexts is carried out via so-called update tokens which a dedicated party can use to convert ciphertexts. However, allowing update tokens requires some care...

2022/1265 (PDF) Last updated: 2022-09-23
Universal Ring Signatures in the Standard Model
Pedro Branco, Nico Döttling, Stella Wohnig
Cryptographic protocols

Ring signatures allow a user to sign messages on behalf of an ad hoc set of users - a ring - while hiding her identity. The original motivation for ring signatures was whistleblowing [Rivest et al. ASIACRYPT'01]: a high government employee can anonymously leak sensitive information while certifying that it comes from a reliable source, namely by signing the leak. However, essentially all known ring signature schemes require the members of the ring to publish a structured verification key...

2022/1252 (PDF) Last updated: 2022-09-21
Functional Encryption with Secure Key Leasing
Fuyuki Kitagawa, Ryo Nishimaki
Foundations

Secure software leasing is a quantum cryptographic primitive that enables us to lease software to a user by encoding it into a quantum state. Secure software leasing has a mechanism that verifies whether a returned software is valid or not. The security notion guarantees that once a user returns a software in a valid form, the user no longer uses the software. In this work, we introduce the notion of secret-key functional encryption (SKFE) with secure key leasing, where a decryption key...

2022/1236 (PDF) Last updated: 2023-04-07
Rate-1 Non-Interactive Arguments for Batch-NP and Applications
Lalita Devadas, Rishab Goyal, Yael Kalai, Vinod Vaikuntanathan
Cryptographic protocols

We present a rate-$1$ construction of a publicly verifiable non-interactive argument system for batch-$\mathsf{NP}$ (also called a BARG), under the LWE assumption. Namely, a proof corresponding to a batch of $k$ NP statements each with an $m$-bit witness, has size $m + \mathsf{poly}(\lambda,\log k)$. In contrast, prior work either relied on non-standard knowledge assumptions, or produced proofs of size $m \cdot \mathsf{poly}(\lambda,\log k)$ (Choudhuri, Jain, and Jin, STOC 2021,...

2022/1229 (PDF) Last updated: 2022-09-16
Cumulatively All-Lossy-But-One Trapdoor Functions from Standard Assumptions
Benoît Libert, Ky Nguyen, Alain Passelègue
Public-key cryptography

Chakraborty, Prabhakaran, and Wichs (PKC'20) recently introduced a new tag-based variant of lossy trapdoor functions, termed cumulatively all-lossy-but-one trapdoor functions (CALBO-TDFs). Informally, CALBO-TDFs allow defining a public tag-based function with a (computationally hidden) special tag, such that the function is lossy for all tags except when the special secret tag is used. In the latter case, the function becomes injective and efficiently invertible using a secret trapdoor. This...

2022/1208 (PDF) Last updated: 2022-09-13
Notes on Reusable Garbling
Hu Yupu, Dong Siyue, Wang Baocang, Liu Jun
Attacks and cryptanalysis

Garbling is a cryptographic primitive which has many applications. It is mainly used for scenes of limited authority, such as multi-party computation (MPC), attribute-based encryption (ABE), functional encryption (FE), indistinguishability obfuscation (IO), etc. Garbling schemes before 2013 are of one-time garbling. Goldwasser et al and Agrawal presented a reusable garbling scheme, which made use of a symmetric encryption scheme and an FE scheme as the components. In this paper we discuss...

2022/1140 (PDF) Last updated: 2022-08-31
Witness Encryption and Null-IO from Evasive LWE
Vinod Vaikuntanathan, Hoeteck Wee, Daniel Wichs
Public-key cryptography

Witness encryption (WE) allows us to use an arbitrary NP statement $x$ as a public key to encrypt a message, and the witness $w$ serves as a decryption key. Security ensures that, when the statement $x$ is false, the encrypted message remains computationally hidden. WE appears to be significantly weaker than indistinguishability obfuscation (iO). Indeed, WE is closely related to a highly restricted form of iO that only guarantees security for null circuits (null iO). However, all current...

2022/1027 (PDF) Last updated: 2022-08-08
Maliciously Secure Massively Parallel Computation for All-but-One Corruptions
Rex Fernando, Yuval Gelles, Ilan Komargodski, Elaine Shi
Cryptographic protocols

The Massive Parallel Computing (MPC) model gained wide adoption over the last decade. By now, it is widely accepted as the right model for capturing the commonly used programming paradigms (such as MapReduce, Hadoop, and Spark) that utilize parallel computation power to manipulate and analyze huge amounts of data. Motivated by the need to perform large-scale data analytics in a privacy-preserving manner, several recent works have presented generic compilers that transform algorithms in...

2022/1024 (PDF) Last updated: 2022-08-08
Multi-Input Attribute Based Encryption and Predicate Encryption
Shweta Agrawal, Anshu Yadav, Shota Yamada
Cryptographic protocols

Motivated by several new and natural applications, we initiate the study of multi-input predicate encryption (${\sf miPE}$) and further develop multi-input attribute based encryption (${\sf miABE}$). Our contributions are: 1. Formalizing Security: We provide definitions for ${\sf miABE}$ and ${\sf miPE}$ in the {symmetric} key setting and formalize security in the standard indistinguishability (IND) paradigm, against unbounded collusions. 2. Two-input ${\sf ABE}$ for ${\sf NC}_1$...

2022/857 (PDF) Last updated: 2022-06-28
Succinct Classical Verification of Quantum Computation
James Bartusek, Yael Tauman Kalai, Alex Lombardi, Fermi Ma, Giulio Malavolta, Vinod Vaikuntanathan, Thomas Vidick, Lisa Yang
Foundations

We construct a classically verifiable succinct interactive argument for quantum computation (BQP) with communication complexity and verifier runtime that are poly-logarithmic in the runtime of the BQP computation (and polynomial in the security parameter). Our protocol is secure assuming the post-quantum security of indistinguishability obfuscation (iO) and Learning with Errors (LWE). This is the first succinct argument for quantum computation in the plain model; prior work...

2022/806 (PDF) Last updated: 2023-02-24
Multi-key and Multi-input Predicate Encryption from Learning with Errors
Danilo Francati, Daniele Friolo, Giulio Malavolta, Daniele Venturi
Foundations

We put forward two natural generalizations of predicate encryption (PE), dubbed multi-key and multi-input PE. More in details, our contributions are threefold. - Definitions. We formalize security of multi-key PE and multi-input PE following the standard indistinguishability paradigm, and modeling security both against malicious senders (i.e., corruption of encryption keys) and malicious receivers (i.e., collusions). - Constructions. We construct adaptively secure multi-key and...

2022/783 (PDF) Last updated: 2022-06-17
Augmented Random Oracles
Mark Zhandry
Foundations

We propose a new paradigm for justifying the security of random oracle-based protocols, which we call the Augmented Random Oracle Model (AROM). We show that the AROM captures a wide range of important random oracle impossibility results. Thus a proof in the AROM implies some resiliency to such impossibilities. We then consider three ROM transforms which are subject to impossibilities: Fiat-Shamir (FS), Fujisaki-Okamoto (FO), and Encrypt-with-Hash (EwH). We show in each case how to obtain...

2022/768 (PDF) Last updated: 2022-06-15
Public-Key Watermarking Schemes for Pseudorandom Functions
Rupeng Yang, Zuoxia Yu, Man Ho Au, Willy Susilo
Foundations

A software watermarking scheme can embed a message into a program while preserving its functionality. The embedded message can be extracted later by an extraction algorithm, and no one could remove it without significantly changing the functionality of the program. A watermarking scheme is public key if neither the marking procedure nor the extraction procedure needs a watermarking secret key. Prior constructions of watermarking schemes mainly focus on watermarking pseudorandom functions...

2022/732 (PDF) Last updated: 2023-02-22
Structure-Preserving Compilers from New Notions of Obfuscations
Matteo Campanelli, Danilo Francati, Claudio Orlandi
Foundations

The dream of software obfuscation is to take programs, as they are, and then generically compile them into obfuscated versions that hide their secret inner workings. In this work we investigate notions of obfuscations weaker than virtual black-box (VBB) but which still allow obfuscating cryptographic primitives preserving their original functionalities as much as possible. In particular we propose two new notions of obfuscations, which we call oracle-differing-input obfuscation (odiO) and...

2022/697 (PDF) Last updated: 2023-03-24
Rate-1 Incompressible Encryption from Standard Assumptions
Pedro Branco, Nico Döttling, Jesko Dujmovic
Public-key cryptography

Incompressible encryption, recently proposed by Guan, Wichs and Zhandry (EUROCRYPT'22), is a novel encryption paradigm geared towards providing strong long-term security guarantees against adversaries with bounded long-term memory. Given that the adversary forgets just a small fraction of a ciphertext, this notion provides strong security for the message encrypted therein, even if, at some point in the future, the entire secret key is exposed. This comes at the price of having potentially...

2022/672 (PDF) Last updated: 2023-10-21
CENSOR: Privacy-preserving Obfuscation for Outsourcing SAT formulas
Tassos Dimitriou, Khazam Alhamdan
Applications

We propose a novel obfuscation technique that can be used to outsource hard satisfiability (SAT) formulas to the cloud. Servers with large computational power are typically used to solve SAT instances that model real-life problems in task scheduling, AI planning, circuit verification and more. However, outsourcing data to the cloud may lead to privacy and information breaches since satisfying assignments may reveal considerable information about the underlying problem modeled by SAT. In...

2022/631 (PDF) Last updated: 2023-08-27
Watermarking PRFs against Quantum Adversaries
Fuyuki Kitagawa, Ryo Nishimaki
Foundations

We initiate the study of software watermarking against quantum adversaries. A quantum adversary generates a quantum state as a pirate software that potentially removes an embedded message from a classical marked software. Extracting an embedded message from quantum pirate software is difficult since measurement could irreversibly alter the quantum state. In software watermarking against classical adversaries, a message extraction algorithm crucially uses the (input-output) behavior of a...

2022/549 (PDF) Last updated: 2022-05-10
Smart Contracts Obfuscation from Blockchain-based One-time Program
Sora Suegami
Cryptographic protocols

We propose a cryptographic obfuscation scheme for smart contracts from one-time programs using a blockchain, a garbled circuit, and witness encryption. The proposed scheme protects not only the privacy of its input data and states but also the privacy of its algorithm and hardcoded secrets. Its security depends on existing secure blockchains and does not require the honest majority of secure multiparty computation and trusted hardware. This scheme is more efficient than obfuscating an entire...

2022/535 (PDF) Last updated: 2022-05-13
Distributed (Correlation) Samplers: How to Remove a Trusted Dealer in One Round
Damiano Abram, Peter Scholl, Sophia Yakoubov
Cryptographic protocols

Structured random strings (SRSs) and correlated randomness are important for many cryptographic protocols. In settings where interaction is expensive, it is desirable to obtain such randomness in as few rounds of communication as possible; ideally, simply by exchanging one reusable round of messages which can be considered public keys. In this paper, we describe how to generate any SRS or correlated randomness in such a single round of communication, using, among other things,...

2022/343 (PDF) Last updated: 2022-09-01
Beyond the Csiszár-Körner Bound: Best-Possible Wiretap Coding via Obfuscation
Yuval Ishai, Alexis Korb, Paul Lou, Amit Sahai

A wiretap coding scheme (Wyner, Bell Syst. Tech. J. 1975) enables Alice to reliably communicate a message m to an honest Bob by sending an encoding c over a noisy channel chB, while at the same time hiding m from Eve who receives c over another noisy channel chE. Wiretap coding is clearly impossible when chB is a degraded version of chE, in the sense that the output of chB can be simulated using only the output of chE. A classic work of Csiszár and Körner (IEEE Trans. Inf. Theory, 1978)...

2022/311 (PDF) Last updated: 2023-04-20
Unidirectional Updatable Encryption and Proxy Re-encryption from DDH
Peihan Miao, Sikhar Patranabis, Gaven Watson
Cryptographic protocols

Updatable Encryption (UE) and Proxy Re-encryption (PRE) allow re-encrypting a ciphertext from one key to another in the symmetric-key and public-key settings, respectively, without decryption. A longstanding open question has been the following: do unidirectional UE and PRE schemes (where ciphertext re-encryption is permitted in only one direction) necessarily require stronger/more structured assumptions as compared to their bidirectional counterparts? Known constructions of UE and PRE seem...

2022/228 (PDF) Last updated: 2022-02-25
Semi-Quantum Tokenized Signatures
Omri Shmueli
Cryptographic protocols

Quantum tokenized signature schemes (Ben-David and Sattath, QCrypt 2017) allow a sender to generate and distribute quantum unclonable states which grant their holder a one-time permission to sign in the name of the sender. Such schemes are a strengthening of public-key quantum money schemes, as they imply public-key quantum money where some channels of communication in the system can be made classical. An even stronger primitive is semi-quantum tokenized signatures, where the sender is...

2022/017 (PDF) Last updated: 2023-09-20
Keyed-Fully Homomorphic Encryption without Indistinguishability Obfuscation
Shingo Sato, Keita Emura, Atsushi Takayasu
Public-key cryptography

(Fully) homomorphic encryption ((F)HE) allows users to publicly evaluate circuits on encrypted data. Although publicly homomorphic evaluation property has various applications, (F)HE cannot achieve security against chosen ciphertext attacks (CCA2) due to its nature. To achieve both the CCA2 security and homomorphic evaluation property, Emura et al. (PKC 2013) introduced keyed-homomorphic public key encryption (KH-PKE) and formalized its security denoted by $\mathsf{KH\textup{-}CCA}$...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.