Skip to main content
Log in

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

  • Published:
Algorithmica Aims and scope Submit manuscript

Abstract

In this work, we show how to use indistinguishability obfuscation to build multiparty key exchange, efficient broadcast encryption, and efficient traitor tracing. Our schemes enjoy several interesting properties that have not been achievable before:

  • Our multiparty non-interactive key exchange protocol does not require a trusted setup. Moreover, the size of the published value from each user is independent of the total number of users.

  • Our broadcast encryption schemes support distributed setup, where users choose their own secret keys rather than be given secret keys by a trusted entity. The broadcast ciphertext size is independent of the number of users.

  • Our traitor tracing system is fully collusion resistant with short ciphertexts, secret keys, and public key. Ciphertext size is logarithmic in the number of users and secret key size is independent of the number of users. Our public key size is polylogarithmic in the number of users. The recent functional encryption system of Garg, Gentry, Halevi, Raykova, Sahai, and Waters also leads to a traitor tracing scheme with similar ciphertext and secret key size, but the construction in this paper is simpler and more direct. These constructions resolve an open problem relating to differential privacy.

  • Generalizing our traitor tracing system gives a private broadcast encryption scheme (where broadcast ciphertexts reveal minimal information about the recipient set) with optimal size ciphertext.

Several of our proofs of security introduce new tools for proving security using indistinguishability obfuscation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19

Similar content being viewed by others

Notes

  1. To achieve even semi-static security, we need to use complexity leveraging.

  2. To prove security, we will replace \(P_{KE}\) with the obfuscation of another program \(P_{KE}'\), which may be larger than \(P_{KE}\). In order for the obfuscations to be indistinguishable, both programs must have the same size.

  3. That is, sample \(k_{enc}\leftarrow {\mathcal {K}}_{enc,\lambda }\) for a punctured PRF \(\mathsf{PRF}_{enc}\), and set \(\mathsf{PRF}_{enc}(\cdot )=\mathsf{PRF}_{enc}(k_{enc},\cdot )\). Analogously generate the other three PRFs.

References

  1. Ananth, P., Boneh, D., Garg, S., Sahai, A., Zhandry, M.: Differing-inputs obfuscation and applications. Cryptology ePrint Archive, Report 2013/689 (2013). http://eprint.iacr.org/

  2. Barth, A., Boneh, D., Waters, B.: Privacy in encrypted content distribution using private broadcast encryption. In: Financial Cryptography, pp. 52–64 (2006)

  3. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. In: Advances in Cryptology—CRYPTO 2001, number Im (2001)

  4. Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) Public-Key Cryptography—PKC 2014: 17th International Conference on Practice and Theory in Public-Key Cryptography, Buenos Aires, Argentina, March 26–28, 2014. Proceedings, pp. 501–519, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2014)

  5. Barak, B., Garg, S., Kalai, Y.T., Paneth, O., Sahai, A.: Protecting obfuscation against algebraic attacks. In: Nguyen, P.Q., Oswald, E. (eds.) Advances in Cryptology—EUROCRYPT 2014: 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11–15, 2014. Proceedings, pp. 221–238, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2014)

  6. Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Advances in Cryptology—CRYPTO 2005, pp. 1–19 (2005)

  7. Boneh, D., Naor, M.: Traitor tracing with constant size ciphertext. In: ACM Conference on Computer and Communications Security, pp. 501–510 (2008)

  8. Barak, B., Ong, S.J., Vadhan, S.P.: Derandomization in cryptography. In: Proc. of Crypto (2003)

  9. Brakerski, Z., Rothblum, G.N.: Black-box obfuscation for d-cnfs. In: Proceedings of the 5th Conference on Innovations in Theoretical Computer Science, ITCS ’14, pp. 235–250, New York, NY, USA. ACM (2014)

  10. Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. In: Lindell, Y. (ed.) Theory of Cryptography: 11th Theory of Cryptography Conference, TCC 2014, San Diego, CA, USA, February 24–26, 2014. Proceedings, pp. 1–25, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2014)

  11. Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. Contemp. Math. 324, 71–90 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  12. Boneh, D., Sahai, A., Waters, B.: Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys. In: Advances in Cryptology—EUROCRYPT 2006, pp. 573–592 (2006)

  13. Boneh, D., Waters, B.: A fully collusion resistant broadcast trace and revoke system with public traceability. In: ACM Conference on Computer and Communication Security (CCS) (2006)

  14. Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Advances in Cryptology—ASIACRYPT 2013, pp. 1–23 (2013)

  15. Boneh, D., Waters, B., Zhandry, M.: Low overhead broadcast encryption from multilinear maps. In: Proceedings of CRYPTO (2014)

  16. Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) Advances in Cryptology—CRYPTO 2014: 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2014, Proceedings, Part I, pp. 480–499, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2014)

  17. Canetti, R.: Towards realizing random oracles: hash functions that hide all partial information. In: Advances in Cryptology—CRYPTO 1997, pp. 455–469 (1997)

  18. Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: CRYPTO, pp. 257–270 (1994)

  19. Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology—EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part I, pp. 3–12, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2015)

  20. Coron, J.-S., Lee, M.S., Lepoint, T., Tibouchi, M.: Cryptanalysis of ggh15 multilinear maps. In: Robshaw, M., Katz, J. (eds.) Advances in Cryptology—CRYPTO 2016: 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part II, pp. 607–628, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2016)

  21. Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Advances in Cryptology—CRYPTO 2013, pp. 1–22 (2013)

  22. Canetti, R., Micciancio, D., Reingold, O.: Perfectly one-way probabilistic hash functions. In: Proc. of STOC 1998, pp. 131–140 (1998)

  23. Chabanne, H., Phan, D.H., Pointcheval, D.: Public traceability in traitor tracing schemes. In: EUROCRYPT’05, pp. 542–558 (2005)

  24. Canetti, R., Rothblum, G.N., Varia, M.: Obfuscation of hyperplane membership. In: Theory of Cryptography Conference 2010, vol. 5978, pp. 72–89 (2010)

  25. Delerablée, C.: Identity-based broadcast encryption with constant size ciphertexts and private keys, vol. 2, pp. 200–215 (2007)

  26. Dodis, Y., Fazio, N.: Public key broadcast encryption for stateless receivers. In: Proceedings of the Digital Rights Management Workshop 2002, volume 2696 of LNCS, pp. 61–80. Springer (2002)

  27. Dodis, Y., Fazio, N.: Public key broadcast encryption secure against adaptive chosen ciphertext attack. In: Workshop on Public Key Cryptography (PKC) (2003)

  28. Dwork, C., Naor, M.: Zaps and their applications. In: FOCS, pp. 283–293 (2000)

  29. Dwork, C., Naor, M., Reingold, O., Rothblum, G.N., Vadhan, S.: On the complexity of differentially private data release: efficient algorithms and hardness results. In: Proceedings of STOC 2009 (2009)

  30. Delerablée, C., Paillier, P., Pointcheval, D.: Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: PAIRING 2007 (July 2007)

  31. Freire, E.S.V., Hofheinz, D., Kiltz, E., Paterson, K.: Non-interactive key exchange. In: Public-Key Cryptography, pp. 1–28 (2013)

  32. Freire, E.S.V., Hofheinz, D., Paterson, K.G., Striecks, C.: Programmable hash functions in the multilinear setting. In: CRYPTO 2103, pp. 513–530 (2013)

  33. Fiat, A., Naor, M.: Broadcast encryption. In: Advances in Cryptology—CRYPTO 1993, vol. 773, pp. 480–491 (1994)

  34. Fazio, N., Perera, I.: Outsider-anonymous broadcast encryption with sublinear ciphertexts. In: Public Key Cryptography—PKC 2012, volume 7293 of LNCS, pp. 225–242 (2012)

  35. Freeman, D.M.: Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: EUROCRYPT, pp. 44–61 (2010)

  36. Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Advances in Cryptology—EUROCRYPT 2013 (2013)

  37. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Proc. of FOCS 2013 (2013)

  38. Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) Theory of Cryptography: 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23–25, 2015, Proceedings, Part II, pp. 498–527, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2015)

  39. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. JACM 33(4), 792–807 (1986)

    Article  MathSciNet  MATH  Google Scholar 

  40. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Proceedings of the Forty-fifth Annual ACM Symposium on Theory of Computing, STOC ’13, pp. 467–476, New York, NY, USA. ACM (2013)

  41. Garg, S., Kumarasubramanian, A., Sahai, A., Waters, B.: Building efficient fully collusion-resilient traitor tracing and revocation schemes. In: ACM Conference on Computer and Communications Security, pp. 121–130 (2010)

  42. Garg, S., Miles, E., Mukherjee, P., Sahai, A., Srinivasan, A., Zhandry, M.: Secure obfuscation in a weak multilinear map model. In: Proceedings of TCC 2016-B (2016)

  43. Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: Proc. of EUROCRYPT (2006)

  44. Garg, S., Pandey, O., Srinivasan, A., Zhandry, M.: Breaking the sub-exponential barrier in obfustopia (2016)

  45. Goldwasser, S., Rothblum, G.N.: On best-possible obfuscation. In: TCC, pp. 194–213 (2007)

  46. Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient tree-based revocation in groups of low-state devices. In: Proceedings of Crypto ’04, volume 2204 of LNCS (2004)

  47. Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with short ciphertexts). In: Advances in Cryptology—EUROCRYPT 2009, pp. 1–18 (2009)

  48. Hu, Y., Jia, H.: Cryptanalysis of ggh map. In: Fischlin, M., Coron, J.-S. (eds.) Advances in Cryptology—EUROCRYPT 2016: 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8–12, 2016, Proceedings, Part I, pp. 537–565, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2016)

  49. Hofheinz, D., Jager, T., Khurana, D., Sahai, A., Waters, B., Zhandry, M.: How to generate and use universal samplers. In: Proceedings of ASIACRYPT (2016)

  50. Halevy, D., Shamir, A.: The LSD broadcast encryption scheme (2002)

  51. Hohenberger, S., Sahai, A., Waters, B.: Replacing a random oracle: Full domain hash from indistinguishability obfuscation. In: Nguyen, P.Q., Oswald, E. (eds.) Advances in Cryptology—EUROCRYPT 2014: 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11–15, 2014. Proceedings, pp. 201–220, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2014)

  52. Joux, A.: A one round protocol for tripartite Diffie–Hellman. J. Cryptol. 17(4), 263–276 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  53. Komargodski, I., Moran, T., Naor, M., Pass, R., Rosen, A., Yogev, E.: One-way functions and (im)perfect obfuscation. In: Proceedings of the 2014 IEEE 55th Annual Symposium on Foundations of Computer Science, FOCS ’14, pp. 374–383, Washington, DC, USA. IEEE Computer Society (2014)

  54. Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS ’13, pp. 669–684, New York, NY, USA. ACM (2013)

  55. Khurana, D., Rao, V., Sahai, A.: Multi-party key exchange for unbounded parties from indistinguishability obfuscation. In: Iwata, T., Cheon, H.J. (eds.) Advances in Cryptology—ASIACRYPT 2015: 21st International Conference on the Theory and Application of Cryptology and Information Security,Auckland, New Zealand, November 29–December 3, 2015, Proceedings, Part I, pp. 52–75, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2015)

  56. Koppula, V., Ramchen, K., Waters, B.: Separations in circular security for arbitrary length key cycles. In: Dodis, Y., Nielsen, J.B. (eds.) Theory of Cryptography: 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23–25, 2015, Proceedings, Part II, pp. 378–400, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2015)

  57. Kiayias, A., Samari, K.: Lower bounds for private broadcast encryption. In: Information Hiding, pp. 176–190. Springer (2013)

  58. Kiayias, A., Yung, M.: Breaking and repairing asymmetric public-key traitor tracing. In: Feigenbaum, J. (ed.) ACM Workshop in Digital Rights Management—DRM 2002, volume 2696 of Lecture Notes in Computer Science, pp. 32–50. Springer (2002)

  59. Libert, B., Paterson, K.G., Quaglia, E.A.: Anonymous broadcast encryption: Adaptive security and efficient constructions in the standard model. In: Public Key Cryptography, pp. 206–224 (2012)

  60. Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Advances in Cryptology—EUROCRYPT 2004, pp. 1–18 (2004)

  61. Lewko, A.B., Sahai, A., Waters, B.: Revocation systems with very small private keys. In: IEEE Symposium on Security and Privacy, pp. 273–285 (2010)

  62. Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Proceedings of Crypto ’01, volume 2139 of LNCS, pp. 41–62 (2001)

  63. Naor, M., Pinkas, B.: Efficient trace and revoke schemes. In: Financial cryptography 2000, volume 1962 of LNCS, pp. 1–20. Springer (2000)

  64. Pfitzmann, B.: Trials of traced traitors. In: Proceedings of Information Hiding Workshop, pp. 49–64 (1996)

  65. Pfitzmann, B., Waidner, M.: Asymmetric fingerprinting for larger collusions. In: Proceedings of the ACM Conference on Computer and Communication Security, pp. 151–160 (1997)

  66. Rao, V.: Adaptive multiparty non-interactive key exchange without setup in the standard model. Cryptology ePrint Archive, Report 2014/910 (2014). http://eprint.iacr.org/

  67. Sakai, R., Furukawa, J.: Identity-Based Broadcast Encryption. In: IACR Cryptology ePrint Archive (2007)

  68. Sirvent, T.: Traitor tracing scheme with constant ciphertext rate against powerful pirates. In: Workshop on Coding and Cryptography (2007)

  69. Sahai , A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Proceedings of the 46th Annual ACM Symposium on Theory of Computing, STOC ’14, pp. 475–484, New York, NY, USA. ACM (2014)

  70. Ullman, J.: Answering \(n^{2+O(1)}\) counting queries with differential privacy is hard. In: Proceedings of the Forty-fifth Annual ACM Symposium on Theory of Computing, STOC’13, pp. 361–370, New York, NY, USA. ACM (2013)

  71. Wee, H.: On obfuscating point functions. In: Proceedings of the Thirty-seventh Annual ACM Symposium on Theory of Computing, STOC ’05, pp. 523–532, New York, NY, USA. ACM (2005)

  72. Watanabe, Y., Hanaoka, G., Imai, H.: Efficient asymmetric public-key traitor tracing without trusted agents. In: Proceedings CT-RSA ’01, volume 2020 of LNCS, pp. 392–407 (2001)

  73. Zhandry, M.: Adaptively secure broadcast encryption with small system parameters. Cryptology ePrint Archive, Report 2014/757 (2014). http://eprint.iacr.org/

  74. Zhandry, M.: How to avoid obfuscation using witness prfs. In: Kushilevitz, E., Malkin, T. (eds.) Theory of Cryptography: 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10–13, 2016, Proceedings, Part II, pp. 421–448, Berlin, Heidelberg. Springer, Berlin, Heidelberg (2016)

Download references

Acknowledgements

We thank Jonathan Ullman for his comments on the connection to differential privacy. We thank Brent Waters for suggesting adding capabilities to existing systems such as RSA, and for comments on the definitions of security for key exchange protocols. This work was supported by NSF, the DARPA PROCEED program, an AFO SR MURI award, a grant from ONR, an IARPA project provided via DoI/NBC, and by a Google faculty scholarship. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA or IARPA.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mark Zhandry.

Additional information

This article is the full version of Boneh and Zhandry (2014).

This work done while Mark Zhandry was a graduate student at Stanford University.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Boneh, D., Zhandry, M. Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation. Algorithmica 79, 1233–1285 (2017). https://doi.org/10.1007/s00453-016-0242-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00453-016-0242-8

Keywords

Navigation