DOCSLIB.ORG

Copyright by Venkata Vivek Kumar Koppula 2018

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Copyright by Venkata Vivek Kumar Koppula 2018 Copyright by Venkata Vivek Kumar Koppula 2018 The Dissertation Committee for Venkata Vivek Kumar Koppula certifies that this is the approved version of the following dissertation: Program Obfuscation: New Applications and Constructions from Standard Assumptions Committee: Brent Waters, Supervisor Adam Klivans Amit Sahai David Zuckerman Program Obfuscation: New Applications and Constructions from Standard Assumptions by Venkata Vivek Kumar Koppula, DISSERTATION Presented to the Faculty of the Graduate School of The University of Texas at Austin in Partial Fulfillment of the Requirements for the Degree of DOCTOR OF PHILOSOPHY THE UNIVERSITY OF TEXAS AT AUSTIN August 2018 Acknowledgments First, I am extremely thankful to my advisor, Brent Waters, without whose guidance and support this thesis would not have been possible. His enthusiasm towards research has been a great source of motivation, and I feel truly indebted to him. I am also grateful to Amit Sahai for hosting me at UCLA on multiple occasions, and for his engaging discussions. This thesis mainly consists of two separate projects, and I wish to thank my collaborators Allison Bishop, Rishab (L.C.) Goyal and Brent Waters for the numerous discussions on these works. Special thanks to Rishab for both the technical as well as non-technical conversations we've had over the last four years. I am also thankful to colleagues with whom I had the pleasure to do research (that is not part of this thesis). Many thanks to my PhD committee members (Adam Klivans, Amit Sahai and David Zuckerman) for their valuable feedback on my thesis. Finally, I thank my friends and family for their constant support and confidence in me. iv Program Obfuscation: New Applications and Constructions from Standard Assumptions Publication No. Venkata Vivek Kumar Koppula, Ph.D. The University of Texas at Austin, 2018 Supervisor: Brent Waters Code obfuscation has been one of the main focal points of cryptographic research over the last few years. This proposed thesis studies two different as- pects of program obfuscation. In the first part, we examine the power of indistinguishability obfuscation. This notion of indistinguishability obfusca- tion requires that the obfuscation of two functionally identical programs must be computationally indistinguishable. In this work, we show how obfusca- tion for circuits can be used to obfuscate Turing machines. Our obfuscation scheme satisfies the succinctness requirement; that is, the obfuscation of a Turing machine M has size polynomial in the machine description jMj and a maximum bound on the input length n. Previous works that addressed this problem required an additional bound on the maximum space used by the Turing machine. Our construction is based on indistinguishability obfuscation for circuits, one way functions and injective pseudo random generators. v In the second part of the proposed dissertation, we study constructions of obfuscation for restricted function classes under standard assumptions. We introduce the notion of lockable obfuscation. In a lockable obfuscation scheme there exists an obfuscation algorithm that takes as input a security parame- ter, a program P , a message m and \lock value" α and outputs an obfuscated program P~. One can evaluate the obfuscated program P~ on any input x where the output of evaluation is the message m if P (x) = α and otherwise receives a rejecting symbol. We proceed to provide a construction of lockable obfuscation and prove it secure under the Learning with Errors (LWE) assumption. Previ- ous constructions of obfuscation under standard assumptions worked for much weaker function classes such as point functions and conjunctions. Next, we describe multiple applications of lockable obfuscation. The first application is a generic transformation of any attribute-based encryption (ABE) scheme into one in which the attributes used to encrypt the message are hidden from any user that is not authorized to decrypt the message. Similarly, we show how to upgrade broadcast encryption schemes to have one-sided anonymity. We also show applications of lockable obfuscation to separation and uninstantiability results. vi Table of Contents Acknowledgments iv Abstract v Chapter 1. Introduction 1 1.1 A Brief History of Program Obfuscation . .2 1.2 Summary of Our Results . 12 1.2.1 Indistinguishability Obfuscation for Turing Machines . 13 1.2.2 Lockable Obfuscation . 16 Chapter 2. Indistinguishability Obfuscation for Turing Machines 22 2.1 Overview of our scheme . 22 2.2 Preliminaries . 30 2.2.1 Notations . 30 2.2.2 Puncturable Pseudorandom Functions . 31 2.2.3 Obfuscation . 32 2.3 iO-compatible Primitives . 33 2.3.1 Iterators . 33 2.3.1.1 Construction . 36 2.3.1.2 Security . 38 2.4 Positional Accumulators . 42 2.4.1 Construction . 48 2.4.1.1 Correctness . 52 2.4.1.2 Security . 53 2.4.2 Splittable Signatures . 61 2.4.3 Construction . 66 2.4.3.1 Proofs of Security . 69 2.5 Message Hiding Encodings . 85 vii 2.5.1 Construction . 86 2.5.2 Proof of Security . 89 2.5.3 Proof of Lemma 2.11 . 99 2.5.4 Proof of Lemma 2.12 . 106 2.5.5 Proof of Lemma 2.13 . 119 2.5.5.1 Analysis . 123 2.5.6 Proof of Lemma 2.14 . 128 2.5.6.1 Analysis . 129 2.5.7 Proof of Lemma 2.15 . 130 2.5.7.1 Analysis . 133 2.6 Machine Hiding Encodings . 135 2.6.1 Construction . 137 2.6.2 Proof of Security . 140 2.6.3 Proof Outline for Lemma 2.16 . 145 2.6.4 Proof of Lemma 2.17 . 162 2.6.5 Proof of Lemma 2.18 . 178 2.6.5.1 Analysis . 180 2.6.6 Extensions and Variations . 181 Chapter 3. Lockable Obfuscation 183 3.1 Overview of our Lockable Obfuscation Construction . 183 3.2 Preliminaries . 191 3.2.1 Lattice Preliminaries . 193 3.2.2 Branching Programs . 197 3.2.3 Public Key Encryption . 198 3.2.4 Homomorphic Encryption . 200 3.2.4.1 Leveled Homomorphic Encryption . 200 3.2.4.2 Fully Homomorphic Encryption . 202 3.2.5 Pairwise Independent Hash Functions . 203 3.2.6 Low-Depth Pseudorandom Generators with Polynomial Stretch . 204 3.3 Lockable Obfuscation . 205 3.3.1 Correctness . 206 viii 3.3.2 Security . 208 3.3.3 Extending the Message Space . 209 3.3.4 Relationship with Existing Cryptographic Primitives . 211 3.4 Our Construction . 212 3.4.1 Security . 217 3.4.1.1 Simulator Sim ................... 217 3.4.1.2 Sequence of Hybrid Games . 218 3.4.1.3 Analysis . 224 3.4.2 On the Need for a Pseudo Random Generator . 231 3.5 Predicate Encryption: Achieving 1-Sided Security . 233 3.5.1 Key-Policy ABE with Bounded Decryption Depth and Size233 3.5.2 Generalizing to Other Types . 245 3.5.3 Encrypting to a Hidden Public Key . 248 3.6 Separating IND-CPA security and Circular Security . 249 3.6.1 Separating IND-CPA Security from n-Circular Security . 252 3.6.2 Separating IND-CPA Security from 1-Circular Security for Bit Encryption . 258 3.6.3 Creating an Unbounded Public Key Cycle Tester . 261 3.7 Uninstantiability of the Fujisaki-Okamoto and Related Trans- formations . 264 3.7.1 The Fujisaki-Okamoto Transformation . 266 3.8 Indistinguishability Obfuscation for Rejecting Programs . 276 3.8.1 Defining Indistinguishability Obfuscation for Rejecting Programs . 278 3.8.2 Witness Encryption . 280 3.8.3 Construction of Rejecting Indistinguishability Obfuscator from Witness Encrytion . 281 3.8.3.1 Security . 283 3.9 Upgrading Broadcast Encryption to Anonymous Broadcast En- cryption . 286 3.9.1 Preliminaries . 287 3.9.1.1 Security . 288 3.9.2 Upgrading Broadcast Encryption to One-Sided Anony- mous Broadcast Encryption . 290 3.9.2.1 Security . 293 ix Index 302 Bibliography 303 x Chapter 1 Introduction Cryptography (derived from Greek words krypt´os meaning `secret' and graphein meaning `to write') is the art of hiding secrets. Traditionally, cryp- tographers have been interested in hiding secrets in messages { transforming secret plaintext messages into scrambled text such that only authorized parties can recover the underlying plaintext message. Decades of research resulted in very efficient solutions for hiding secrets. Since the dawn of the software industry, a different `secret-hiding' prob- lem has emerged : hiding secrets in programs. Suppose Alice has an exciting software P . How can Alice `scramble' this program P into a program P 0 such that P 0 works exactly as P , but hides the implementation of P ? We refer to this problem as code obfuscation, and it is a well-studied problem, both in theory and practice. 1 1.1 A Brief History of Program Obfuscation The goal of code obfuscation is to make programs `maximally unintel- ligible'. An obfuscator takes as input the description of a program P 1 and compiles it into a program P 0 such that P and P 0 have identical functionality, yet P 0 `hides' the internal logic of P . The idea of code obfuscation has been around for many years. Diffie and Hellman, in their seminal work on public- key encryption [241], envisioned that such one-way compilers could be used to transform any private-key encryption schemes to a public-key encryption schemes. In practice, there exist multiple commercial solutions for code ob- fuscation. However, all these solutions are primarily heuristic approaches, and there are no hardness guarantees. Theoretical Foundations of Code Obfuscation: A theoretical study of obfuscation was initiated by the seminal work of Barak, Goldreich, Impagli- azzo, Rudich, Sahai, Vadhan and Yang [61], who proposed various definitions for code obfuscation. One of the definitions they proposed was called vir- tual black box(VBB) obfuscation, which (informally) states that having an obfuscation of program P is similar to having oracle access to P (that is, any predicate that can be computed in polynomial time from the obfuscated code can be simulated via oracle access to the program).
Load more

Recommended publications
  • Succinct Garbled RAM from Indistinguishablity Obfuscation
    Succinct Garbled RAM from Indistinguishablity Obfuscation by Justin Lee Holmgren S.B., Massachusetts Institute of Technology (2013) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master of Engineering in Electrical Engineering and Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY February 2015 ○c Massachusetts Institute of Technology 2015. All rights reserved. Author................................................................ Department of Electrical Engineering and Computer Science February 1, 2015 Certified by. Shafi Goldwasser RSA Professor of Electrical Engineering and Computer Science Thesis Supervisor Accepted by . Professor Albert R. Meyer Chairman, Masters of Engineering Thesis Committee 2 Succinct Garbled RAM from Indistinguishablity Obfuscation by Justin Lee Holmgren Submitted to the Department of Electrical Engineering and Computer Science on February 1, 2015, in partial fulfillment of the requirements for the degree of Master of Engineering in Electrical Engineering and Computer Science Abstract In this thesis, I give the first construction of a succinct garbling scheme forRAM programs. For a program requiring space S and time T to compute, the size of its garbling is O~(S) instead of poly(T ). This construction relies on the existence of indistinguishability obfuscation, as well as the existence of injective one-way functions. As a building block, I introduce and construct a primitive called asymmetrically constrained encryption (ACE). This primitive is an encryption system for which keys can be punctured on succinctly described sets of plaintexts. For programs acting on ACE-encrypted values, I give a natural and general condition for their obfuscations to be indistinguishable, using the fact that the encryption and decryption keys can be separately punctured.
    [Show full text]
  • Curriculum Vitae
    Curriculum Vitae Jens Groth July 11, 2021 1 Contact Information Jens Groth E-mail: [email protected] Homepage: www.cs.ucl.ac.uk/staff/J.Groth 2 Research Interests I am interested in the theory of cryptography and in the practical application of cryptographic techniques. 3 Appointments DFINITY London, UK July 2021 { present. Director of Research Febuary 2021 { June 2021 Team Lead, Research January 2019 { January 2021 Principal Researcher University College London London, UK July 2020 { present. Honorary Professor in the Department of Computer Science. October 2015 { June 2020. Professor of Cryptology in the Department of Computer Science. October 2012 { September 2015. Reader in Cryptology in the Department of Computer Science. October 2010 { September 2012. Senior Lecturer in the Department of Computer Science. September 2007 { September 2010. Lecturer in the Department of Computer Science. University of California, Los Angeles Los Angeles, US February 2005 { August 2007. Postdoctoral Employee at the Computer Science Department. Cryptomathic Arhus,˚ Denmark August 2001 { July 2004. Industrial PhD Student. 1 4 Education Aarhus University Aarhus, Denmark • PhD in Computer Science, December 2004. • Advisor: Professor Ivan Damg˚ard. • Thesis title: Honest Verifier Zero-Knowledge Proofs Applied. Danish Academy of Technical Sciences Aarhus, Denmark • Industrial Research Fellow, October 2004. • Advisor: Senior Systems Engineer, PhD Gorm Salomonsen. Aarhus University Aarhus, Denmark • MSc in Mathematics, April 2001. • Advisor: Professor Ivan Damg˚ard. • Thesis title: Non-malleable Public-Key Encryption Secure against Chosen Ciphertext At- tack based on Trapdoor Permutations. Aarhus University Aarhus, Denmark • Supplement in Philosophy, April 2001. 5 Awards and Distinctions • IACR Test-of-Time Award 2021 for Simulation-sound NIZK proofs for a practical language and constant size group signatures published at ASIACRYPT 2006.
    [Show full text]
  • Efficient Non-Interactive Secure Computation
    Efficient Non-Interactive Secure Computation Yuval Ishai1?, Eyal Kushilevitz1??, Rafail Ostrovsky2???, Manoj Prabhakaran3y, and Amit Sahai2z 1 Dept. of Computer Science, Technion, Haifa, Israel. 2 University of California, Los Angeles. 3 University of Illinois, Urbana-Champaign. Abstract. Suppose that a receiver R wishes to publish an encryption of her se- cret input x so that every sender S, holding an input y, can reveal f(x; y) to R by sending her a single message. This should be done while simultaneously pro- tecting the secrecy of y against a corrupted R and preventing a corrupted S from having an unfair influence on the output of R beyond what is allowed by f. When the parties are semi-honest, practical solutions can be based on Yao’s garbled circuit technique. However, for the general problem when the parties, or even S alone, may be malicious, all known polynomial-time solutions are highly inefficient. This is due in part to the fact that known solutions make a non-black-box use of cryptographic primitives, e.g., for providing non-interactive zero-knowledge proofs of statements involving cryptographic computations on secrets. Motivated by the above question, we consider the problem of secure two-party computation in a model that allows only parallel calls to an ideal oblivious trans- fer (OT) oracle with no additional interaction. We obtain the following results. – Feasibility. We present the first general protocols in this model which only make a black-box use of a pseudorandom generator (PRG). All previous OT- based protocols either make a non-black-box use of cryptographic primitives or require multiple rounds of interaction.
    [Show full text]
  • Indistinguishability Obfuscation from Well-Founded Assumptions
    Indistinguishability Obfuscation from Well-Founded Assumptions Aayush Jain* Huijia Lin† Amit Sahai‡ August 18, 2020 Abstract In this work, we show how to construct indistinguishability obfuscation from subexponential hardness of four well-founded assumptions. We prove: Theorem (Informal). Let τ (0, ), δ (0, 1),ǫ (0, 1) be arbitrary constants. As- ∈ ∞ ∈ ∈ sume sub-exponential security of the following assumptions, where λ is a security parameter, and the parameters ℓ,k,n below are large enough polynomials in λ: • the SXDH assumption on asymmetric bilinear groups of a prime order p = O(2λ), kǫ • the LWE assumption over Zp with subexponential modulus-to-noise ratio 2 , where k is the dimension of the LWE secret, • the LPN assumption over Zp with polynomially many LPN samples and error rate 1/ℓδ, where ℓ is the dimension of the LPN secret, • the existence of a Boolean PRG in NC0 with stretch n1+τ , Then, (subexponentially secure) indistinguishability obfuscation for all polynomial- size circuits exists. arXiv:2008.09317v1 [cs.CR] 21 Aug 2020 Further, assuming only polynomial security of the aforementioned assumptions, there exists collusion resistant public-key functional encryption for all polynomial- size circuits. *UCLA, Center for Encrypted Functionalities, and NTT Research. Email: [email protected]. †UW. Email: [email protected]. ‡UCLA, Center for Encrypted Functionalities. Email: [email protected]. Contents 1 Introduction 1 1.1 AssumptionsinMoreDetail. ... 2 1.2 OurIdeasinaNutshell............................. .. 3 2 Preliminaries 4 3 Definition of Structured-Seed PRG 7 4 Construction of Structured Seed PRG 8 5 Bootstrapping to Indistinguishability Obfuscation 20 5.1 PerturbationResilientGenerators . ........ 23 6 Acknowledgements 26 7 References 27 A Partially Hiding Functional Encryption 36 B Recap of constant-depth functional encryption 37 1 Introduction In this work, we study the notion of indistinguishability obfuscation (i ) for general O polynomial-size circuits [BGI+01a, GKR08, GGH+13b].
    [Show full text]
  • Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics
    This is a repository copy of Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics. White Rose Research Online URL for this paper: https://eprints.whiterose.ac.uk/151333/ Version: Accepted Version Article: Kahrobaei, Delaram orcid.org/0000-0001-5467-7832, Wood, Alexander and Najarian, Kayvan (2020) Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics. ACM Comput. Surv.. ISSN 0360-0300 Reuse Items deposited in White Rose Research Online are protected by copyright, with all rights reserved unless indicated otherwise. They may be downloaded and/or printed for private study, or other acts as permitted by national copyright laws. The publisher or other rights holders may allow further reproduction and re-use of the full text version. This is indicated by the licence information on the White Rose Research Online record for the item. Takedown If you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing [email protected] including the URL of the record and the reason for the withdrawal request. [email protected] https://eprints.whiterose.ac.uk/ Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics ALEXANDER WOOD∗, University of Michigan, United States KAYVAN NAJARIAN, University of Michigan, United States DELARAM KAHROBAEI, University of York, United Kingdom Machine learning and statistical techniques are powerful tools for analyzing large amounts of medical and genomic data. On the other hand, ethical concerns and privacy regulations prevent free sharing of this data. Encryption techniques such as fully homomorphic encryption (FHE) enable evaluation over encrypted data. Using FHE, machine learning models such as deep learning, decision trees, and naive Bayes have been implemented for privacy-preserving applications using medical data.
    [Show full text]
  • Using Fully Homomorphic Hybrid Encryption to Minimize Non-Interative Zero-Knowledge Proofs
    Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs Craig Gentry Jens Groth IBM T.J. Watson Research Center, U.S. University College London, U.K. [email protected] [email protected] Yuval Ishai Chris Peikert Technion, Israel Georgia Institute of Technology, U.S. [email protected] [email protected] Amit Sahai Adam Smith University of California Los Angeles, U.S. Pennsylvania State University, U.S. [email protected] [email protected] Abstract A non-interactive zero-knowledge (NIZK) proof can be used to demonstrate the truth of a statement without revealing anything else. It has been shown under standard cryptographic assumptions that NIZK proofs of membership exist for all languages in NP. While there is evidence that such proofs cannot be much shorter than the corresponding membership witnesses, all known NIZK proofs for NP languages are considerably longer than the witnesses. Soon after Gentry's construction of fully homomorphic encryption, several groups indepen- dently contemplated the use of hybrid encryption to optimize the size of NIZK proofs and dis- cussed this idea within the cryptographic community. This article formally explores this idea of using fully homomorphic hybrid encryption to optimize NIZK proofs and other related crypto- graphic primitives. We investigate the question of minimizing the communication overhead of NIZK proofs for NP and show that if fully homomorphic encryption exists then it is possible to get proofs that are roughly of the same size as the witnesses. Our technique consists in constructing a fully homomorphic hybrid encryption scheme with ciphertext size jmj+poly(k), where m is the plaintext and k is the security parameter.
    [Show full text]
  • Practical Private Information Retrieval
    Practical Private Information Retrieval by Femi George Olumofin A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Computer Science Waterloo, Ontario, Canada, 2011 c Femi George Olumofin 2011 I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Abstract In recent years, the subject of online privacy has been attracting much interest, espe- cially as more Internet users than ever are beginning to care about the privacy of their online activities. Privacy concerns are even prompting legislators in some countries to de- mand from service providers a more privacy-friendly Internet experience for their citizens. These are welcomed developments and in stark contrast to the practice of Internet censor- ship and surveillance that legislators in some nations have been known to promote. The development of Internet systems that are able to protect user privacy requires private in- formation retrieval (PIR) schemes that are practical, because no other efficient techniques exist for preserving the confidentiality of the retrieval requests and responses of a user from an Internet system holding unencrypted data. This thesis studies how PIR schemes can be made more relevant and practical for the development of systems that are protective of users' privacy. Private information retrieval schemes are cryptographic constructions for retrieving data from a database, without the database (or database administrator) being able to learn any information about the content of the query.
    [Show full text]
  • Founding Cryptography on OT
    Founding Cryptography on Oblivious Transfer – Efficiently Yuval Ishai∗ Technion, Israel and University of California, Los Angeles [email protected] Manoj Prabhakaran† Amit Sahai‡ University of Illinois, Urbana-Champaign University of California, Los Angeles [email protected] [email protected] October 5, 2010 Abstract We present a simple and efficient compiler for transforming secure multi-party computation (MPC) protocols that enjoy security only with an honest majority into MPC protocols that guarantee security with no honest majority, in the oblivious-transfer (OT) hybrid model. Our technique works by combining a secure protocol in the honest majority setting with a protocol achieving only security against semi-honest parties in the setting of no honest majority. Applying our compiler to variants of protocols from the literature, we get several applications for secure two-party computation and for MPC with no honest majority. These include: • Constant-rate two-party computation in the OT-hybrid model. We obtain a statistically UC-secure two-party protocol in the OT-hybrid model that can evaluate a general circuit C of size s and depth d with a total communication complexity of O(s) + poly(k, d, log s) and O(d) rounds. The above result generalizes to a constant number of parties. • Extending OTs in the malicious model. We obtain a computationally efficient pro- tocol for generating many string OTs from few string OTs with only a constant amortized communication overhead compared to the total length of the string OTs. • Black-box constructions for constant-round MPC with no honest majority. We obtain general computationally UC-secure MPC protocols in the OT-hybrid model that use only a constant number of rounds, and only make a black-box access to a pseudorandom generator.
    [Show full text]
  • Computer Science Department
    Henry Samueli School of Engineering & Applied Science Learning the style of recorded motions (MAGIX Lab research program) COMPUTER SCIENCE DEPARTMENT University of California, Los Angeles Fall 2005 Henry Samueli School of Engineering and Applied Science Computer Science Department 4732 Boelter Hall University of California, Los Angeles Los Angeles, CA 90095-1596 Telephone: +1.310.825.3886 Fax: +1.310.825.2273 Email: [email protected] URL: www.cs.ucla.edu Computer Science Department Statistics • Faculty (40) • Graduate Enrollment (280) • M.S. Degrees Awarded (105) • Engineering Degree Awarded (1) • Ph.D. Degrees Awarded (28) • Undergraduate Enrollment (539) • Undergraduate Degrees Awarded (164) The Computer Science Department was formally established during UCLA’s 1968-69 academic year—more than 36 years ago. UCLA is one of the nation's largest and most prestigious graduate education centers in computer and information technology. The dedicated efforts of our prominent faculty and exceptional students have coalesced to rank us among the top computer science departments in the world. The UCLA Computer Science Department is well known for its research in the design and analysis of complex computer systems and networks, and for its key role in the creation of the ARPANET—the precursor to today’s Internet. Internationally recognized research has been carried out in such diverse computer science areas as embedded systems, artificial intelligence, mobile computing, architecture, simulation, graphics, data mining, CAD and reconfigurable systems, biomedical systems, programming languages and compilers. 2 The Computer Science Department has continued to excel in both research and education during the 2003 to 2005 academic years (the period covered in this report).
    [Show full text]
  • Copyright by Richard Fontaine Mcpherson III 2016
    Copyright by Richard Fontaine McPherson III 2016 The Dissertation Committee for Richard Fontaine McPherson III certifies that this is the approved version of the following dissertation: Exploiting Leakage in Privacy-Protecting Systems Committee: Mohamed G. Gouda, Supervisor Vitaly Shmatikov, Co-Supervisor Lorenzo Alvisi Emmett Witchel Exploiting Leakage in Privacy-Protecting Systems by Richard Fontaine McPherson III, B.A., M.S.Comp.Sci. DISSERTATION Presented to the Faculty of the Graduate School of The University of Texas at Austin in Partial Fulfillment of the Requirements for the Degree of DOCTOR OF PHILOSOPHY THE UNIVERSITY OF TEXAS AT AUSTIN December 2016 This thesis is dedicated to my grandfather Bud Flanders for his support and inspiration. Acknowledgments I'd like to thank my family for their constant love and support. My parents, Dana and Taine, gave me the resources and opportunity to reach this point in my life. My sister, Charlotte, has been a life-long friend. My stepparents, Liz and Ted, have always encouraged me in my studies. Finally, my grandfather Bud gave me the advice that kept me in graduate school when it got rough and is a constant inspiration that there are always new things to learn. I could not have done all that I have without the help of my co-authors. Special thanks to Paul Grubbs, Mohammed Naveed, Tom Ristenpart, Vitaly Shmatikov, and Reza Shokri for all their help with the research presented in this dissertation. I am indebted to them as well as to many others. I am extremely grateful for all of the advice and help I received from my many advisers and committee members throughout my academic career.
    [Show full text]
  • Can Statistical Zero Knowledge Be Made Non-Interactive? Or on The
    Can Statistical Zero Knowledge b e made NonInteractive or On the Relationship of SZK and N ISZK y z x Oded Goldreich Amit Sahai Salil Vadhan May Abstract We extend the study of noninteractive statistical zeroknowledge pro ofs Our main fo cus is to compare the class NISZK of problems p ossessing such noninteractive pro ofs to the class SZK of problems p ossessing interactive statistical zeroknowledge pro ofs Along these lines we rst show that if statistical zero knowledge is nontrivial then so is noninteractive statistical zero knowledge where by nontrivial we mean that the class includes problems which are not solvable in probabilistic p olynomialtime The hypothesis holds under various assumptions such as the intractability of the Discrete Logarithm Problem Furthermore we show that if NISZK is closed under complement then in fact SZK NISZK ie all statistical zero knowledge pro ofs can b e made noninteractive The main to ols in our analysis are two promise problems that are natural restrictions of promise problems known to b e complete for SZK We show that these restricted problems are in fact complete for NISZK and use this relationship to derive our results comparing the two classes The two problems refer to the statistical dierence and dierence in entropy resp ectively of a given distribution from the uniform one We also consider a weak form of NISZK in which only requires that for every inverse p olynomial pn there exists a simulator which achieves simulator deviation pn and show that this weak form of NISZK actually equals
    [Show full text]
  • Private Search in the Real World
    Private Search in the Real World Vasilis Pappas, Mariana Raykova, Binh Vo, Steven M. Bellovin, Tal Malkin Department of Computer Science Columbia University, New York, NY, USA {vpappas, mariana, binh, smb, tal}@cs.columbia.edu ABSTRACT fiers, related content, etc.) or may differ in number of participants, Encrypted search — performing queries on protected data — has trust assumptions, anonymity requirements, revocation of search been explored in the past; however, its inherent inefficiency has capability and other areas. All of these factors affect performance. raised questions of practicality. Here, we focus on improving Choosing a different definition of “sufficient” privacy can greatly the performance and extending its functionality enough to make affect inherent cost. Making the right choice, in accordance with it practical. We do this by optimizing the system, and by stepping the actual, rather than theoretical, threat model can lead to a very back from the goal of achieving maximal privacy guarantees in an functional system, rather than one that is theoretically perfect but encrypted search scenario and consider efficiency and functionality unusably costly in practice. as priorities. In this paper we step back from absolute privacy guarantees in fa- We design and analyze the privacy implications of two prac- vor of efficiency and real-world requirements. These requirements tical extensions applicable to any keyword-based private search include not just what may leak, but to whom; depending on the system. We evaluate their efficiency by building them on top particular practical setting there may be parties who are at least of a private search system, called SADS. Additionally, we im- partially trusted.
    [Show full text]