CryptoDB
Alexis Korb
ORCID: 0000-0001-6888-5296
Publications
Year
Venue
Title
2023
CRYPTO
Streaming Functional Encryption
Abstract
We initiate the study of streaming functional encryption (sFE) which is designed for scenarios
in which data arrives in a streaming manner and is computed on in an iterative manner as the
stream arrives. Unlike in a standard functional encryption (FE) scheme, in an sFE scheme,
we (1) do not require the entire data set to be known at encryption time and (2) allow for
partial decryption given only a prefix of the input. More specifically, in an sFE scheme, we can
sequentially encrypt each data point x_i in a stream of data x = x_1 . . . x_n as it arrives, without
needing to wait for all n values. We can then generate function keys for streaming functions
which are stateful functions that take as input a message x_i and a state st_i and output a value
y_i and the next state st_{i+1}. For any k ≤ n, a user with a function key for a streaming function
f can learn the first k output values y_1 . . . y_k where (y_i, st_{i+1}) = f (x_i, st_i) and st_1 = ⊥ given
only ciphertexts for the first k elements x_1 . . . x_k.
In this work, we introduce the notion of sFE and show how to construct it from FE. In
particular, we show how to achieve a secure sFE scheme for P/Poly from a compact, secure
FE scheme for P/Poly, where our security notion for sFE is similar to standard FE security
except that we require all function queries to be made before the challenge ciphertext query.
Furthermore, by combining our result with the FE construction of Jain, Lin, and Sahai (STOC,
2022), we show how to achieve a secure sFE scheme for P/Poly from the polynomial hardness
of well-studied assumptions.
2023
JOFC
Beyond the Csiszár–Körner Bound: Best-Possible Wiretap Coding via Obfuscation
Abstract
A wiretap coding scheme (Wyner in Bell Syst Tech J 54(8):1355–1387, 1975) enables Alice to reliably communicate a message m to an honest Bob by sending an encoding c over a noisy channel $$\textsf{ChB}$$ ChB , while at the same time hiding m from Eve who receives c over another noisy channel $$\textsf{ChE}$$ ChE . Wiretap coding is clearly impossible when $$\textsf{ChB}$$ ChB is a degraded version of $$\textsf{ChE}$$ ChE , in the sense that the output of $$\textsf{ChB}$$ ChB can be simulated using only the output of $$\textsf{ChE}$$ ChE . A classic work of Csiszár and Korner (IEEE Trans Inf Theory 24(3):339–348, 1978) shows that the converse does not hold. This follows from their full characterization of the channel pairs $$(\textsf{ChB},\textsf{ChE})$$ ( ChB , ChE ) that enable information-theoretic wiretap coding. In this work, we show that in fact the converse does hold when considering computational security ; that is, wiretap coding against a computationally bounded Eve is possible if and only if $$\textsf{ChB}$$ ChB is not a degraded version of $$\textsf{ChE}$$ ChE . Our construction assumes the existence of virtual black-box obfuscation of specific classes of “evasive” functions that generalize fuzzy point functions and can be heuristically instantiated using indistinguishability obfuscation. Finally, our solution has the appealing feature of being universal in the sense that Alice’s algorithm depends only on $$\textsf{ChB}$$ ChB and not on $$\textsf{ChE}$$ ChE .
2022
CRYPTO
Beyond the Csiszár-Korner Bound: Best-Possible Wiretap Coding via Obfuscation
📺
Abstract
A wiretap coding scheme (Wyner, Bell Syst.\ Tech.\ J.\ 1975) enables Alice to reliably communicate a message m to an honest Bob by sending an encoding c over a noisy channel ChB while at the same time hiding m from Eve who receives c over another noisy channel ChE.
Wiretap coding is clearly impossible when ChB is a degraded version of ChE, in the sense that the output of ChB can be simulated using only the output of ChE. A classic work of Csiszár and Korner (IEEE Trans.\ Inf.\ Theory, 1978) shows that the converse does not hold. This follows from their full characterization of the channel pairs (ChB, ChE) that enable information-theoretic wiretap coding.
In this work, we show that in fact the converse does hold when considering computational security; that is, wiretap coding against a computationally bounded Eve is possible if and only if ChB is not a degraded version of ChE. Our construction assumes the existence of virtual black-box (VBB) obfuscation of specific classes of ``evasive'' functions that generalize fuzzy point functions, and can be heuristically instantiated using indistinguishability obfuscation. Finally, our solution has the appealing feature of being universal in the sense that Alice's algorithm depends only on ChB and not on ChE.
2020
CRYPTO
Amplifying the Security of Functional Encryption, Unconditionally
📺
Abstract
Security amplification is a fundamental problem in cryptography. In this work, we study security amplification for functional encryption. We show two main results:
- For any constant epsilon in (0,1), we can amplify an epsilon-secure FE scheme for P/poly which is secure against all polynomial sized adversaries to a fully secure FE scheme for P/poly, unconditionally.
- For any constant epsilon in (0,1), we can amplify an epsilon-secure FE scheme for P/poly which is secure against subexponential sized adversaries to a subexponentially secure FE scheme for P/poly, unconditionally.
Furthermore, both of our amplification results preserve compactness of the underlying FE scheme. Previously, amplification results for FE were only known assuming subexponentially secure LWE.
Along the way, we introduce a new form of homomorphic secret sharing called set homomorphic secret sharing that may be of independent interest. Additionally, we introduce a new technique, which allows one to argue security amplification of nested primitives, and prove a general theorem that can be used to analyze the security amplification of parallel repetitions.
Coauthors
- Jiaxin Guan (1)
- Yuval Ishai (2)
- Paul Lou (2)
- Aayush Jain (1)
- Alexis Korb (4)
- Nathan Manohar (1)
- Amit Sahai (4)