Cryptography for Parallel RAM from Indistinguishability Obfuscation∗
Total Page:16
File Type:pdf, Size:1020Kb
Cryptography for Parallel RAM from Indistinguishability Obfuscation∗ Yu-Chi Cheny Sherman S. M. Chowz Kai-Min Chungx Russell W. F. Lai{ Wei-Kai Link Hong-Sheng Zhou∗∗ January 1, 2016 Abstract Since many cryptographic schemes are about performing computation on data, it is important to consider a computation model which captures the prominent features of modern system architecture. Parallel random access machine (PRAM) is such an abstraction which not only models multiprocessor platforms, but also new frameworks supporting massive parallel computation such as MapReduce. In this work, we explore the feasibility of designing cryptographic solutions for the PRAM model of computation to achieve security while leveraging the power of parallelism and random data access. We demonstrate asymptotically optimal solutions for a wide-range of cryptographic tasks based on indistin- guishability obfuscation. In particular, we construct the first publicly verifiable delegation scheme with privacy in the persistent database setting, which allows a client to privately delegate both computation and data to a server with optimal efficiency. Specifically, the server can perform PRAM computation on private data with parallel efficiency preserved (up to poly-logarithmic overhead). Our results also cover succinct randomized encoding, searchable encryption, functional encryption, secure multiparty computation, and indistinguishability obfuscation for PRAM. We obtain our results in a modular way through a notion of computational-trace indistinguishability obfuscation (CiO), which may be of independent interests. ∗This is the full version of the extended abstract to appear at ACM Innovations in Theoretical Computer Science (ITCS) 2016. Previous version of this paper is known as “Computation-Trace Indistinguishability Obfuscation and its Applications”. yAcademia Sinica, Taiwan ([email protected]). This work is partially supported by Academia Sinica Postdoctoral Fellowship. zThe Chinese University of Hong Kong, Hong Kong ([email protected]). This work is supported in part by the Early Career Award and the grants from the Research Grants Council, Hong Kong (CUHK 439713 & 14201914). Part of this work was done while the author was visiting Academia Sinica. xAcademia Sinica, Taiwan ([email protected]). This work is partially supported by Ministry of Science and Tech- nology, Taiwan, under Grant no. MOST 103-2221-E-001-022-MY3. This work was done in part while the author was visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant #CNS-1523467; and while the author was visiting The Chinese University of Hong Kong. {The Chinese University of Hong Kong, Hong Kong (wfl[email protected]). kAcademia Sinica, Taiwan ([email protected]). ∗∗Virginia Commonwealth University, VA, USA ([email protected]). 1 Contents 1 Introduction 4 1.1 The PRAM Model........................................4 1.2 Crypto for PRAM.........................................4 1.3 Our Goal.............................................5 1.4 Summary of Our Results.....................................5 1.5 Related Works...........................................7 1.6 Paper Outline...........................................8 2 Constructions Overview8 2.1 The (Parallel) RAM Model....................................8 2.2 High Level Ideas.........................................9 2.3 CiO Construction.........................................9 2.4 RE Construction......................................... 12 2.5 Extension for Persistent Database................................ 15 3 Technical Highlights 15 3.1 Handling Parallel Processors................................... 15 3.2 Handling Memory Access.................................... 18 3.3 Handling Parallel Memory Access................................ 21 4 Computation-Trace Indistinguishability Obfuscation (CiO) 22 4.1 Model of Distributed Computation Systems........................... 23 4.2 Computation-trace Indistinguishability Obfuscation....................... 24 5 Starting Point: Constructing CiO in the RAM Model (CiO-RAM) 25 5.1 Building Blocks.......................................... 25 5.2 Construction for CiO-RAM.................................... 25 6 Constructing CiO in the PRAM Model (CiO-PRAM) 28 6.1 Generalizing CiO-RAM to CiO-PRAM: A “Pebble Game” Illustration............. 28 6.2 Building Blocks.......................................... 32 6.3 Topological Iterators....................................... 32 6.4 Parallel Accumulator....................................... 34 6.5 Warm-up: Construction for CiO-mPRAM............................ 37 6.6 Construction for CiO-PRAM................................... 44 7 Constructing RE in the RAM Model (RE-RAM) 49 7.1 Building Blocks.......................................... 51 7.2 Recap: The CP-ORAM ...................................... 51 7.3 Construction for RE-RAM.................................... 55 8 Constructing RE in the PRAM Model (RE-PRAM) 57 8.1 Recap: The BCP-OPRAM .................................... 58 8.2 Construction for RE-PRAM................................... 59 9 Extensions 61 9.1 CiO with Persistent Database................................... 61 9.2 RE with Persistent Database................................... 64 9.3 RE with Output Hiding...................................... 66 9.4 RE with Verifiability, and Verifiable Encoding (VE)....................... 67 2 9.5 RE and VE with Long Output.................................. 69 9.6 Application: Searchable Symmetric Encryption (SSE) ..................... 70 A Preliminaries 72 A.1 Models of Computation...................................... 72 A.2 Randomized Encoding (RE)................................... 73 A.3 Building Blocks.......................................... 74 B Security Proofs 80 B.1 Proof of Theorem 5.2 (Security for CiO-RAM)......................... 80 B.2 Proof of Lemma 6.3 (Security for Topological Iterators).................... 110 B.3 Proof of Theorem 6.6 (Security for CiO-mPRAM)....................... 110 B.4 Proof Sketch of Theorem 6.8 (Security for CiO-PRAM)..................... 122 B.5 Proof of Theorem 7.1 (Security for RE-RAM).......................... 129 B.6 Proof Sketch of Theorem 8.1 (Security for RE-PRAM)..................... 157 B.7 Proof of Theorem 9.4 (Security for VE)............................. 160 3 1 Introduction 1.1 The PRAM Model The parallel random-access machine (PRAM) is an abstract computation or programming model of a canonical structured parallel machine. It consists of a polynomial number of synchronous processors. Each of them is similar to an individual (non-parallel) RAM with its central processing unit (CPU) performing computation locally. In addition to the local memory, CPUs in PRAM have random access of a common array of memory which is potentially unbounded. Parallel and distributed computing community suggested many algorithms which are parallelizable in the PRAM model, resulting in an exponential gap between solving the same problem in the RAM and PRAM models. Examples include parallel sorting or searching in a database, which have linear size input but run in polylogarithmic time. Being an abstract model, PRAM not only models multiprocessor platforms, but also new frameworks in the big-data era such as MapReduce, GraphLab, Spark, etc. Running time is a critical factor, especially when data is being generated in every second worldwide which are too big to be processed by traditional information processing technique or by a single commodity computer. For individuals, or even enterprises without in-house resource/expertise, there is an emerging demand for delegation of both data and computation to a third-party server, often called “the cloud”, a distributed computing platform with a large amount of CPUs to perform computations in parallel. We found PRAM a clean theoretical model to work with for these scenarios. PRAM with Persistent Database With the high volume of data to process and the potentially high volume of output data, it is natural to perform multiple computations over the “big data” that persists in the cloud storage. Such functionality is supported by introducing the notion of persistent database on top of the PRAM model. A motivating example is a special kind of delegation, known as searchable symmetric encryption (SSE), which features parallel search and update algorithms. 1.2 Crypto for PRAM Many cryptographic schemes are about performing computation on data. Traditionally, cryptographers worked on the circuit model of computations; for example, the celebrated result of Yao’s garbled circuit for two-party computation [Yao86]. Many cryptographic notions can be benefited by parallelism and persistent database. Secure Multiparty Computation (SMC) Secure multiparty computation (SMC) generalizes two-party com- putation. Consider using SMC on electronic health record (EHR) for collaborative research, EHR often involves patients’ medical and genetic information which are often expensive to collect and should be kept confidential as mandated by law. Such kind of large-scale SMC [BCP15] further motivates the benefits of PRAM. Although (highly optimized) circuit-based SMC protocols and RAM-based solutions of SMC exist, they have inherent drawbacks. Circuit-based solutions are not feasible for big data since circuit representations are huge and the (worst case) runtime can be dependent on the input length. Consequently, it cannot represent