Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Authenticating Computation on Groups: New Homomorphic Primitives and
Applications
Dario Catalano Università di Catania
Antonio Marcedone Cornell University
Orazio Puglisi Università di Catania
1
Outline
Delegating computation on authenticated data Motivating example Linearly Homomorphic Signature Authenticated Encryption
Linearly Homomorphic Authenticated Encryption with Public Verifiability (LAEPuV) Definition and security Generic Construction outline and Instantiation
Other results
Authenticaticating Computation on Groups: New Primitives and Applications
2
Authenticaticating Computation on Groups: New Primitives and Applications
3
Delegating Computation on Authenticated Data
(Calculus , Alice, 30)
(Algebra, Alice, 28)
(Calculus , Bob, 28)
Delegating Computation on Authenticated Data
What is the grade of Alice in Calculus?
The Grade of Alice in Calculus is 30
Authenticaticating Computation on Groups: New Primitives and Applications
4
Delegating Computation on Authenticated Data
What is the average grade in Calculus?
The average grade in Calculus is 29
Authenticaticating Computation on Groups: New Primitives and Applications
5
Linearly Homomorphic Signatures (M
1,Sign(sk,M
1))
(M2,Sign(sk,M
2))
….. (M
n,Sign(sk,M
n))
COMBINE(PK,f,...)
(f(M1,...,M
n),
Sign(sk,f(M1,...,M
n))
Verification is done w.r.t. a function f:
Ver(pk, f, M, σ) The signatures must be succinct (indipendent on the
number of messages).
Authenticaticating Computation on Groups: New Primitives and Applications
6
[Desmedt93], [JMSW02], [BFKW09]
Delegating Computation on Authenticated Data
What is the average grade in Calculus?
The average grade in Calculus is 29
Authenticaticating Computation on Groups: New Primitives and Applications
7
Authenticaticating Computation on Groups: New Primitives and Applications
8
Authenticated Encryption
(Calculus , Alice, 30)
(Algebra, Alice, 28)
(Calculus , Bob, 28)
Authenticaticating Computation on Groups: New Primitives and Applications
9
Authenticated Encryption
(Calculus , Alice, 30) (Calculus , Alice, 30)
(Algebra , Alice, 28)
(Calculus , Bob, 28)
(Calculus , Alice, ##)
(Algebra , Alice, ??)
(Calculus , Bob, !!) Simmetric Cryptography Asimmetric
Cryptography
TLS – SSH – IpSec
[BelNam00]
[An01]
Authenticated Encryption
What is the grade of Alice in Calculus?
The Grade of Alice in Calculus is ##
## 30
Authenticaticating Computation on Groups: New Primitives and Applications
10
Authenticated Encryption
What is the average grade in Calculus?
The average grade in Calculus is **
Authenticaticating Computation on Groups: New Primitives and Applications
11
Delegating Computation on Authenticated Data with privacy
What is the average grade in Calculus?
The average grade in Calculus is **
** 29
## ?? **
Authenticaticating Computation on Groups: New Primitives and Applications
12
Linearly Homomorphic Authenticated Encryption with Public Verifiability
AE-KeyGen(1λ,k )→(sk, vk)
AE-Encrypt (sk, FID, i, M) → C
AE-Verify(vk, FID, C, f)→{0,1}
AE-Decrypt (sk, FID, C, f) → M or
AE-Eval(vk, f, FID, {Ci }i=1,...,k) →C
Security: LH-IND-CCA for privacy, LH-Uf-CMA for integrity Authenticaticating Computation on Groups:
New Primitives and Applications 13
Public Verifiability
Inspired by [JY14]
Authenticaticating Computation on Groups: New Primitives and Applications
14
LAEPuV - General Construction M message space, additive group R randomness space, multiplicative group
C ciphertext space, multiplicative group
Authenticaticating Computation on Groups: New Primitives and Applications
15
LAEPuV - General Construction
T IND-CPA secure
Public Key Encryption Scheme
Encpk(M1,R1)*Encpk(M2,R2)=Encpk(M1+M2,R1*R2)
M message space, additive group R randomness space, multiplicative group
C ciphertext space, multiplicative group
Authenticaticating Computation on Groups: New Primitives and Applications
16
LAEPuV - General Construction
T IND-CPA secure
Public Key Encryption Scheme
Encpk(M1,R1)*Encpk(M2,R2)=Encpk(M1+M2,R1*R2)
M message space, additive group R randomness space, multiplicative group
C ciphertext space, multiplicative group
Σ Linearly Homomorphic signature
scheme for elements in M
Authenticaticating Computation on Groups: New Primitives and Applications
17
LAEPuV - General Construction
T IND-CPA secure
Public Key Encryption Scheme
Encpk(M1,R1)*Encpk(M2,R2)=Encpk(M1+M2,R1*R2)
M message space, additive group R randomness space, multiplicative group
C ciphertext space, multiplicative group
Σ Linearly Homomorphic signature
scheme for elements in M
H Random Oracle
HK:{0,1}*→C
Authenticaticating Computation on Groups: New Primitives and Applications
18
LAEPuV – Encryption
M
ENC
C
HOM-SIGN
σ C*Enc(b)
DEC
Authenticaticating Computation on Groups: New Primitives and Applications
19
LAEPuV – Eval
σ
C
HOM-EVAL
Authenticaticating Computation on Groups: New Primitives and Applications
20
LAEPuV – Practical Instantiation
Other results (in the paper)
A Linearly homomorphic signature scheme to sign elements in (bilinear) groups
This has nice applications in the context of On-line/Off-line signatures
Authenticaticating Computation on Groups: New Primitives and Applications
21
Related works
Efficient Delegation of Computation over encrypted data [JY14], [FGP14]
Authenticaticating Computation on Groups: New Primitives and Applications
22
Authenticaticating Computation on Groups: New Primitives and Applications
23
Very efficient
General construction
Public Verifiability
Only linear functions
Needs ROM
Conclusion and Open problems
Interesting Open questions remain :
• How to extend to more general functionalities?
• How to avoid ROM?
Authenticaticating Computation on Groups: New Primitives and Applications
24
Conclusion and Open problems
Authenticaticating Computation on Groups: New Primitives and Applications
25