Lecture Notes in Computer Science 9563
Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 Eyal Kushilevitz • Tal Malkin (Eds.)
Theory of Cryptography 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10–13, 2016 Proceedings, Part II
123 Editors Eyal Kushilevitz Tal Malkin Department of Computer Science Department of Computer Science Technion Columbia University Haifa New York, NY Israel USA
ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notes in Computer Science ISBN 978-3-662-49098-3 ISBN 978-3-662-49099-0 (eBook) DOI 10.1007/978-3-662-49099-0
Library of Congress Control Number: 2015957796
LNCS Sublibrary: SL4 – Security and Cryptology
© International Association for Cryptologic Research 2016 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made.
Printed on acid-free paper
This Springer imprint is published by SpringerNature The registered company is Springer-Verlag GmbH Berlin Heidelberg Preface
The 13th Theory of Cryptography Conference (TCC 2016-A) was held during January 10–13, 2016, at the Suzanne Dellal Center in Tel Aviv, Israel. It was sponsored by the International Association for Cryptographic Research (IACR). The general chairs of the conference were Ran Canetti and Iftach Haitner. We would like to thank them for their hard work in organizing the conference. The conference received 112 submissions, of which the Program Committee (PC) selected 45 for presentation (with three pairs of papers sharing a single presen- tation slot per pair). Each submission was reviewed by at least three PC members, often more. The 24 PC members, all top researchers in our field, were helped by 112 external reviewers, who were consulted when appropriate. These proceedings consist of the revised version of the 45 accepted papers. The revisions were not reviewed, and the authors bear full responsibility for the content of their papers. As in previous years, we used Shai Halevi’s excellent web-review software, and are extremely grateful to him for writing it, and for providing fast and reliable technical support whenever we had any questions. Based on the experience from last year, we again made use of the interaction feature supported by the review software, where PC members may directly and anonymously interact with authors. This was used to ask specific technical questions that arise, such as suspected bugs. We felt this was efficient and successful, and are thankful to last year’s chairs, Yevgeniy Dodis and Jesper Buus Nielsen, for suggesting this feature, and to Shai Halevi for implementing it. This was the second year where TCC presented the Test of Time Award to an outstanding paper that was published at TCC at least eight years ago, making a sig- nificant contribution to the theory of cryptography, preferably with influence also in other areas of cryptography, theory, and beyond. This year the Test of Time Award Committee selected the following paper, published ten years ago at TCC 2006:
“Calibrating Noise to Sensitivity in Private Data Analysis,” by Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. This paper was selected for introducing the definition of differential privacy, pro- viding a solid mathematical foundation for a vast body of subsequent work on private data analysis. The authors were also invited to deliver a talk at TCC 2016-A. The conference also featured two other invited events. First, an invited talk by Yael Kalai and Shafi Goldwasser (delivered by Yael) followed by panel on “cryptographic assumptions.” Second, an invited talk by Yevgeniy Dodis. Finally, in addition to regular papers and invited events, the conference also featured a rump session. We are greatly indebted to many people who were involved in making TCC 2016-A a success. First of all, a big thanks to the most important contributors: all the authors who submitted papers to the conference. Next, we would like to thank the PC members for their hard work, dedication, and diligence in reviewing the papers, verifying the correctness, and in-depth discussion. We are also thankful to the external reviewers for their volunteered hard work and investment in reviewing papers and answering VI Preface questions, often under time pressure. For running the conference itself, we are very grateful to the general chairs, Ran Canetti and Iftach Haitner, as well as Galit Herzberg and the rest of the local Organizing Committee. Finally, we are thankful to the TCC Steering Committee as well as the entire thriving and vibrant TCC community.
January 2016 Eyal Kushilevitz Tal Malkin TCC 2016-A
The 13th Theory of Cryptography Conference
Suzanne Dellal Center, Tel Aviv, Israel January 10–13, 2016 Sponsored by the International Association for Cryptographic Research
General Chairs
Ran Canetti Tel Aviv University, Israel Boston University, USA Iftach Haitner Tel Aviv University, Israel
Program Chairs
Eyal Kushilevitz Technion, Israel Tal Malkin Columbia University, USA
Program Commitee
Masayuki Abe NTT, Japan Amos Beimel Ben-Gurion University, Israel Nir Bitansky MIT, USA Andrej Bogdanov Chinese University of Hong Kong, SAR China Zvika Brakerski Weizmann Institute of Science, Israel Christina Brzuska Hamburg University of Technology, Germany Nishanth Chandran MSR India Melissa Chase MSR Redmond, USA Dana Dachman-Soled University of Maryland, USA Yuval Ishai Technion, Israel Jonathan Katz University of Maryland, USA Hugo Krawczyk IBM Research, USA Huijia Lin UC Santa Barbara, USA Claudio Orlandi Aarhus University, Denmark Omkant Pandey Drexel University, USA Valerio Pastro Columbia University, USA Leonid Reyzin Boston University, USA Guy Rothblum Samsung Research America, USA Gil Segev Hebrew University, Israel Adam Smith Pennsylvania State University, USA Vinod Vaikuntanathan MIT, USA Ivan Visconti University of Salerno, Italy Brent Waters UT Austin, USA Vassilis Zikas ETH, Switzerland VIII TCC 2016-A
External Reviewers
Divesh Aggarwal Siyao Guo Olya Ohrimenko Prabhanjan Ananth Shai Halevi Omer Paneth Daniel Apon Prahladh Harsha Sunoo Park Benny Applebaum Carmit Hazay Anat Paskin-Cherniavsky Gilad Asharov Brett Hemenway Giuseppe Persiano Nuttapong Attrapadung Ryo Hiromasa Oxana Poburinnaya Pablo Azar Justin Holmgren Antigoni Polychroniadou Saikrishna Ai Ishida Tal Rabin Badrinarayanan Zahra Jafargholi Silas Richelson Allison Bishop Abhishek Jain Mike Rosulek Elette Boyle Stanislaw Jarecki Ron Rothblum Ignacio Cascudo Daniel Jost Yannis Rouselakis David Cash Tomasz Kazana Alessandra Scafuro Binyi Chen Carmen Kempka Karn Seth Yilei Chen Dakshita Khurana Luisa Siniscalchi Mahdi Cheragchi Susumu Kiyoshima John Steinberger Kai-Min Chung Saleet Klein Stefano Tessaro Michele Ciampi Ilan Komargodski Aishwarya Aloni Cohen Venkata Koppula Thiruvengadam Sandro Coretti Lucas Kowalczyk Mehdi Tibouchi Akshay Degwekar Ranjit Kumaresan Daniel Tschudi Gregory Demay Tancrède Lepoint Jalaj Upadhyay Itai Dinur Feng-Hao Liu Prashant Vasudevan Yevgeniy Dodis Tianren Liu Muthu Nico Döttling Satya Lokam Venkitasubramaniam Antonio Faonio Steve Lu Daniele Venturi Sebastian Faust Anna Lysyanskaya Dhinakaran Victoria Fehr Vadim Lyubashevsky Vinayagamurthy Dario Fiore Mohammad Mahmoody Thomas Watson Nils Fleischhacker Hemanta K. Maji Hoeteck Wee Eiichiro Fujisaki Christian Matt Mor Weiss Juan Garay Eric Miles Daniel Wichs Ran Gelles Arno Mittelbach Keita Xagawa Craig Gentry Pratyay Mukherjee Eylon Yogev Niv Gilboa Moni Naor Ching-Hua Yu Alexander Golovnev Jesper Buus Nielsen Yu Yu Sergey Gorbunov Ryo Nishimaki Mark Zhandry Rishab Goyal Adam O’Neill Hong-Sheng Zhou Jens Groth Miyako Ohkubo Contents – Part II
Zero Knowledge and PCP
Making the Best of a Leaky Situation: Zero-Knowledge PCPs from Leakage-Resilient Circuits ...... 3 Yuval Ishai, Mor Weiss, and Guang Yang
Quasi-Linear Size Zero Knowledge from Linear-Algebraic PCPs...... 33 Eli Ben-Sasson, Alessandro Chiesa, Ariel Gabizon, and Madars Virza
From Private Simultaneous Messages to Zero-Information Arthur-Merlin Protocols and Back ...... 65 Benny Applebaum and Pavel Raykov
A Transform for NIZK Almost as Efficient and General as the Fiat-Shamir Transform Without Programmable Random Oracles...... 83 Michele Ciampi, Giuseppe Persiano, Luisa Siniscalchi, and Ivan Visconti
Improved OR-Composition of Sigma-Protocols...... 112 Michele Ciampi, Giuseppe Persiano, Alessandra Scafuro, Luisa Siniscalchi, and Ivan Visconti
Oblivious RAM
Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM ...... 145 Srinivas Devadas, Marten van Dijk, Christopher W. Fletcher, Ling Ren, Elaine Shi, and Daniel Wichs
Oblivious Parallel RAM and Applications ...... 175 Elette Boyle, Kai-Min Chung, and Rafael Pass
Oblivious Parallel RAM: Improved Efficiency and Generic Constructions . . . 205 Binyi Chen, Huijia Lin, and Stefano Tessaro
ABE and IBE
Déjà Q: Encore! Un Petit IBE ...... 237 Hoeteck Wee
A Study of Pair Encodings: Predicate Encryption in Prime Order Groups. . . . 259 Shashank Agrawal and Melissa Chase X Contents – Part II
Codes and Interactive Proofs
Optimal Amplification of Noisy Leakages ...... 291 Stefan Dziembowski, Sebastian Faust, and Maciej Skórski
Rational Sumchecks ...... 319 Siyao Guo, Pavel Hubáček, Alon Rosen, and Margarita Vald
Interactive Coding for Interactive Proofs ...... 352 Allison Bishop and Yevgeniy Dodis
Information-Theoretic Local Non-malleable Codes and Their Applications . . . 367 Nishanth Chandran, Bhavana Kanukurthi, and Srinivasan Raghuraman
Optimal Computational Split-state Non-malleable Codes ...... 393 Divesh Aggarwal, Shashank Agrawal, Divya Gupta, Hemanta K. Maji, Omkant Pandey, and Manoj Prabhakaran
Limitations of Obfuscation and Obfuscation-Avoiding Constructions
How to Avoid Obfuscation Using Witness PRFs...... 421 Mark Zhandry
Cutting-Edge Cryptography Through the Lens of Secret Sharing...... 449 Ilan Komargodski and Mark Zhandry
Functional Encryption Without Obfuscation ...... 480 Sanjam Garg, Craig Gentry, Shai Halevi, and Mark Zhandry
On Constructing One-Way Permutations from Indistinguishability Obfuscation ...... 512 Gilad Asharov and Gil Segev
Contention in Cryptoland: Obfuscation, Leakage and UCE...... 542 Mihir Bellare, Igors Stepanovs, and Stefano Tessaro
Point-Function Obfuscation: A Framework and Generic Constructions ...... 565 Mihir Bellare and Igors Stepanovs
Author Index ...... 595 Contents – Part I
Obfuscation: Impossibility Results and Constructions
Impossibility of VBB Obfuscation with Ideal Constant-Degree Graded Encodings ...... 3 Rafael Pass and Abhi Shelat
On the Impossibility of Virtual Black-Box Obfuscation in Idealized Models . . . 18 Mohammad Mahmoody, Ameer Mohammed, and Soheil Nematihaji
Lower Bounds on Assumptions Behind Indistinguishability Obfuscation . . . . 49 Mohammad Mahmoody, Ameer Mohammed, Soheil Nematihaji, Rafael Pass, and Abhi Shelat
Indistinguishability Obfuscation: From Approximate to Exact ...... 67 Nir Bitansky and Vinod Vaikuntanathan
Output-Compressing Randomized Encodings and Applications ...... 96 Huijia Lin, Rafael Pass, Karn Seth, and Sidharth Telang
Functional Encryption for Turing Machines ...... 125 Prabhanjan Ananth and Amit Sahai
Differential Privacy
The Complexity of Computing the Optimal Composition of Differential Privacy ...... 157 Jack Murtagh and Salil Vadhan
Order-Revealing Encryption and the Hardness of Private Learning ...... 176 Mark Bun and Mark Zhandry
LWR and LPN
On the Hardness of Learning with Rounding over Small Modulus ...... 209 Andrej Bogdanov, Siyao Guo, Daniel Masny, Silas Richelson, and Alon Rosen
Two-Round Man-in-the-Middle Security from LPN...... 225 David Cash, Eike Kiltz, and Stefano Tessaro XII Contents – Part I
Public Key Encryption, Signatures, and VRF
Algebraic Partitioning: Fully Compact and (almost) Tightly Secure Cryptography ...... 251 Dennis Hofheinz
Standard Security Does Imply Security Against Selective Opening for Markov Distributions...... 282 Georg Fuchsbauer, Felix Heuer, Eike Kiltz, and Krzysztof Pietrzak
Non-Malleable Encryption: Simpler, Shorter, Stronger ...... 306 Sandro Coretti, Yevgeniy Dodis, Björn Tackmann, and Daniele Venturi
Verifiable Random Functions from Standard Assumptions ...... 336 Dennis Hofheinz and Tibor Jager
Complexity of Cryptographic Primitives
Homomorphic Evaluation Requires Depth ...... 365 Andrej Bogdanov and Chin Ho Lee
On Basing Private Information Retrieval on NP-Hardness ...... 372 Tianren Liu and Vinod Vaikuntanathan
Obfuscation-Based Cryptographic Constructions
On the Correlation Intractability of Obfuscated Pseudorandom Functions . . . . 389 Ran Canetti, Yilei Chen, and Leonid Reyzin
Reconfigurable Cryptography: A Flexible Approach to Long-Term Security . . . 416 Julia Hesse, Dennis Hofheinz, and Andy Rupp
Multilinear Maps from Obfuscation ...... 446 Martin R. Albrecht, Pooya Farshim, Dennis Hofheinz, Enrique Larraia, and Kenneth G. Paterson
Perfect Structure on the Edge of Chaos: Trapdoor Permutations from Indistinguishability Obfuscation ...... 474 Nir Bitansky, Omer Paneth, and Daniel Wichs
Cryptographic Assumptions (Invited Talk followed by Panel)
Cryptographic Assumptions: A Position Paper ...... 505 Shafi Goldwasser and Yael Tauman Kalai Contents – Part I XIII
Multiparty Computation
Adaptive Security with Quasi-Optimal Rate ...... 525 Brett Hemenway, Rafail Ostrovsky, Silas Richelson, and Alon Rosen
On the Complexity of Additively Homomorphic UC Commitments...... 542 Tore Kasper Frederiksen, Thomas P. Jakobsen, Jesper Buus Nielsen, and Roberto Trifiletti
Simplified Universal Composability Framework ...... 566 Douglas Wikström
Characterization of Secure Multiparty Computation Without Broadcast . . . . . 596 Ran Cohen, Iftach Haitner, Eran Omri, and Lior Rotem
Author Index ...... 617