1 / 19

Identity Based Encryption from the Diffie-Hellman Assumption

Identity Based Encryption from the Diffie-Hellman Assumption. Sanjam Garg University of California, Berkeley (Joint work with Nico Döttling ). Private-Key Encryption. Alice Bob . Public-Key Encryption [DH76,RSA78,GM82]. Obtain.

muth
Download Presentation

Identity Based Encryption from the Diffie-Hellman Assumption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Based Encryption from the Diffie-Hellman Assumption Sanjam Garg University of California, Berkeley (Joint work with Nico Döttling)

  2. Private-Key Encryption Alice Bob

  3. Public-Key Encryption [DH76,RSA78,GM82] Obtain Alice Bob

  4. Identity-Based Encryption (IBE) [Shamir84, BF01] Identity of the recipient used as the public key pp Alice Bob First construction based on pairings [BF01] CA/PKG

  5. ABE [SW05] Hierarchical IBE IBE [Pairing, Lattices] Reduce the Gap! Public-key crypto Public-Key Encryption Trapdoor Functions Private-key crypto Signatures PRF OWF PRG

  6. Our Results • Main result: IBE from Computational Diffie-Hellman Assumption (Fully-secure) • Or, the hardness of Factoring Avoid impossibilities using non-black-box techniques.

  7. Challenge?How do we it?

  8. Compress two keys Bob Alice • Encryption can be done to either or knowing just • Decryption can be done using , and the right secret key • looses information about or Cara

  9. How known schemes from stronger assumptions compress two keys? • or are correlated • Structured assumptions • Impossibility results: Similar intuition Our goal: Compress Uncorrelated Keys!

  10. Our Construction: Tools + Yao’s Garbled Circuits Hash with Encryption

  11. Tool I: Hash with Encryption Three Algorithms: is short (say -bits) is -bits where and if and Security: Hard to compute such that Security: Reminiscent of Witness Encryption [GGSW13] or laconic OT [CDGGMP17].

  12. Tool I: Hash with Encryption Security can be argued based on DDH Hash Parameters • Set

  13. Tool 2: Yao’s Garbled Circuits [Yao86, AIK04, AIK05, LP09, BHR12] Security:

  14. How do we compress?

  15. Obfuscation Lens! How do we encrypt? Bob Alice Abort if . If then else Output Cara

  16. How do we encrypt? Bob Alice • Circuit Cara

  17. How to decrypt? • Decrypt using , and • Recall and • which one can be decrypted? • which decrypts to • Similarly, for each decrypt or • Evaluate(, ) outputs

  18. Many new Applications • New constructions of cryptographic primitives from weaker computation assumptions • Two round MPC [GS17,GS18,BL18,GIS18] • TDF [GD18] from CDH • Deterministic Encryption [GGH18] from CDH • Beats the efficiency of prior works even under DDH • Two-round OT [DGHMW19] form CDH • First PIR with polylogarithmic communication under DDH [DGMMIO19] (also rate 1-OT and more) • Many new techniques: Can lead to several other improvements!

  19. Thank You! Questions? ? ?

More Related