PhD Seminar

Title: Building Cryptography for Distributed Data and Authority
Speaker: Anshu (IITM)
Details: Thu, 6 Jul, 2023 9:00 AM @ MR - I (SSB 233)
Abstract:: In the modern era of advanced digital technologies, there exists a plethora of online applications on the internet including e-commerce, net banking, online games and movies, and many more. These applications generate huge amounts of data which includes sensitive information of their users, like bank account details, credit card numbers, and personal details like date of birth, mobile number, address, and such others. This poses new challenges in ensuring data privacy and secrecy without compromising with the enormous opportunities of performing useful studies on these data. For example, consider a researcher who wants to study the correlation between hypertension and the profession of patients in the age group 30-50 years and hence needs access to records of patients who fall in this category. The hospital would want to encrypt the records of patients and provide a decrypting key to the researcher that allows access to only the relevant records and nothing else. Traditional methods like standard public key encryption (PKE) do not suffice because anyone having the decryption key gets unrestricted access to all the records of all the patients. While what we want is a tailored key that lets the researcher access only the relevant data related only to her research. Advanced tools like functional encryption (FE), attribute based encryption (ABE), and predicate encryption (PE) give us such guarantees but are generally defined in a single input setting where the data is assumed to be held by a single party. In practice, data related to a single entity is generated independently in parts at different locations. In such a scenario, we would want to have the same security guarantees as if the data were generated from a single source. Furthermore, for better security in cryptographic primitives, it is often desired vthat the authority is distributed among multiple parties so that there is no single point of security failure. For example, a user of an online application may want to distribute his/her key on multiple devices, like smartphone and tablet so that the security is ensured unless all the devices are compromised. Motivated by these observations, we study different cryptographic primitives in a distributed setup. Our work can be broadly viewed in two parts - in the first part, we study such primitives, where the data to be encrypted is generated in a distributed manner. In the second part, we focus on primitives with distributed authority. In the first part, we study ABE, PE, and FE in distributed settings. We initiate the study of multi-input PE (MIPE) and further develop multi-input ABE (MIABE). We define MIABE and MIPE in symmetric key setting and formalize the security in standard indistinguishability (IND) based paradigm against unbounded collusions. We provide the first construction for 2ABE for NC1 using learning with errors (LWE) and pairings and give a generic compiler that for any constant 𝑘, transforms any 𝑘 input ABE to 𝑘-input PE. We also provide the first construction of MIABE for NC1 for any constant arity from evasive LWE assumption, recently introduced independently by Wee (Eurocrypt 2022) and Tsabary (Crypto 2022). We extend our construction to support functions in P by using evasive and suitable strengthening of tensor LWE introduced by Wee (Eurocrypt 2022). By combining our compiler with our results for MIABE, we get 2PE for NC1 using LWE and pairings and constant-arity PE for NC1 a nd P from lattice based assumptions of evasive and tensor LWE that are conjectured to be post-quantum secure. Recently Abdalla et al. (Crypto 2020) gave FE for attribute weighted sums (AWS), where encryption takes 𝑁 (unbounded) (public-private) attribute-value pairs {x_𝑖, z_𝑖 }_{𝑖in[𝑁]} , the secret key is given for an arithmetic branching programs 𝑓 , and the decryption returns the weighted sum Sum_{𝑖in[𝑁]} 𝑓 (x_𝑖)^T z_𝑖. We extend their result to the significantly more challenging multi-party setting and provide the first construction for attribute-based multi-input FE (MIFE) supporting AWS. We also provide the first constructions of multi-client FE (MCFE) and dynamic decentralized FE (DDFE) for AWS. Multi-client FE is a generalization of miFE where the inputs to the encryption algorithm are additionally associated with a public label 𝐿_𝑖 such that during decryption, only the inputs with same labels can be combined. DDFE further generalizes MCFE, where the key computation is also decentralized. The keys and the ciphertexts are additionally associated with a user set such that they can be combined together only if they are associated with the same user set. Previously, these primitives were known only for linear functions (or inner products) [Abdalla et al. (Asiacrypt 2020), Chotard et al. (ePrint 2018), Abdalla et al. (Asiacrypt 2019), andChotard et al. (Crypto 2020)]. In the second part, we study advanced digital signature schemes - threshold signatures and blind signatures. Both the primitives find applications in modern applications like cryptocurrencies, e-voting, blockchains, etc. Threshold signature is a digital signature scheme, where the signing power is distributed among 𝑁 signers such that at least some threshold 𝑡 number of signers are needed to generate a valid signature. We improve the only lattice based construction for 𝑡-out-of-𝑁 access structure with round optimality by Boneh et al. in terms of efficiency and security. We reduce the signature size from ̃𝑂 (𝜆^3) to ̃𝑂 (𝜆), where 𝜆 is the security parameter. Boneh et al’s construction achieve only selective security, where all the corrupt parties are declared in the beginning. We give two constructions that achieve (i) partial adaptivity - which allows corruption at any time, but all the corruptions must be declared together, and (ii) full adapt ivity - which allows corruption at any time in any order. In blind signatures, there are two parties involved - the user and the signer. The user U, holding a public key and message, may request a signature from the signer S, holding a signing key, such that the signer is not able to link a message-signature pair with a protocol execution, and the user is not able to forge signatures even after multiple interactions with the signer. We construct the first overall practical round optimal lattice based blind signature supporting an unbounded number of signature queries. We provide a detailed estimate of parameters achieved – we obtain a signature of size slightly above 45KB, for a core-SVP hardness of 109 bits. All the run-times are also very small. Its security stems from a new and arguably natural assumption that we introduce. To gain confidence in our assumption, we provide a detailed analysis of diverse attack strategies. Web Conference Link :https://meet.google.com/smk-jret-jsu


Announcements from Dept.

  • Nov 8, 2024 : CSE Words Meeting (read more)
  • Sep 13, 2024 : CSE Words Meeting (read more)
  • May 13, 2024 : MS-PhD Admissions (Jul 2024) - List of Recommended Candidates (read more)
(View All)
© 2016 - All Rights Reserved - Dept of CSE, IIT Madras
Website Credits