280 likes | 293 Vues
This research paper explores the concept of incremental deterministic public-key encryption, its security guarantees, and its applications in various scenarios. It also presents lower bounds, generic solutions, and constructions based on computational assumptions.
Ilya Mironov, Omkant Pandey, Omer Reingold, Gil Segev Microsoft Research Incremental Deterministic Public-Key Encryption
-source adversary min-entropy min-entropy min-entropy : Probability of any output
Deterministic Public-Key Encryption: PRIV1-IND Epk[ ] Epk[ ] min-entropy min-entropy and are independent of PK [Bellare, Boldyreva, O’Neill CRYPTO’07]
Is It Secure? • search • de-duplication • deterministic KEM Secure Deterministic Encryption Computational assumptions Min-entropy of the source • Long, unpredictable plaintext: • digital photograph • MS Word document • entire database • full disk
security Length of the plaintext efficiency
Incrementality degree • Incrementality with access to plaintext: setting bit • Incrementality without access to plaintext: flipping bit
Our results • Lower bound: • Two schemes • Generic Solution • DDH-based solution tight up to polylog factors incrementality Deterministic Encryption Incremental Deterministic Encryption min-entropy
Naïve Generic Solution min-entropy ? … E E E E: deterministic encryption scheme
Sample-then-extract min-entropy similar min-entropy rate [Nisan,Zuckerman’96] [Vadhan’04]
Generic Solution min-entropy Partition input into random subsets PRIV-IND PRIV1-IND with Incrementality
Standard Model DDH PRIV1-IND with Incrementality
LossyTrapdoor Functions Injective mode: w/ trapdoor Lossy mode: [Peikert, Waters STOC’08]
Smooth Trapdoor Functions Injective mode: w/ trapdoor Smooth mode: statisticallyclose min-entropy
Smooth Trapdoor Functions PRIV1-IND Security min-entropy min-entropy injective mode: smooth mode:
Construction of PRIV1-IND Lossy Trapdoor Function Pairwise-independent permutation Smooth Trapdoor Function Deterministic Public-Key Encryption [Boldyreva, Fehr, O’Neill CRYPTO’08]
Construction of PRIV1-IND Lossy Trapdoor Function Pairwise-independent permutation Smooth Trapdoor Function Incremental Deterministic Public-Key Encryption [Boldyreva, Fehr, O’Neill CRYPTO’08]
Construction of Lossy TDF - group of order generated by • Sample • Outputand Key generation • Given output Encryption • Given compute • Output Decryption [Freeman, Goldreich, Kiltz, Rosen, Segev PKC’10] [Brakerski, Segev CRYPTO’11]
Security Argument: Lossy TDF rank rank 1 — injective — bits
Towards Incremental Smooth TDF rank sparse rank ℓ sparse — injective if has min-entropy , statistically close to the uniform over its range
Towards Incremental Smooth TDF Sample-then-extract + Leftover Hash Lemma
Smooth vs Injective Mode rank full rank
Open Problems Incremental Deterministic Encryption: • Stronger security: PRIV-IND (multiple messages) • Length-preserving in the standard model Deterministic Encryption: • Relaxing the definition to allow dependency on the public key