Advertisement

Collusion Resistant Broadcast and Trace from Positional Witness Encryption

  • Rishab Goyal
  • Satyanarayana VusirikalaEmail author
  • Brent Waters
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11443)

Abstract

An emerging trend is for researchers to identify cryptography primitives for which feasibility was first established under obfuscation and then move the realization to a different setting. In this work we explore a new such avenue—to move obfuscation-based cryptography to the assumption of (positional) witness encryption. Our goal is to develop techniques and tools, which we will dub “witness encryption friendly” primitives and use these to develop a methodology for building advanced cryptography from positional witness encryption.

We take a bottom up approach and pursue our general agenda by attacking the specific problem of building collusion-resistant broadcast systems with tracing from positional witness encryption. We achieve a system where the size of ciphertexts, public key and private key are polynomial in the security parameter \(\lambda \) and independent of the number of users N in the broadcast system. Currently, systems with such parameters are only known from indistinguishability obfuscation.

Notes

Acknowledgement

We thank the anonymous reviewers of PKC 2019 for helpful feedback, especially for pointing out the connection between SPB hashes and (a weakening of) ABO signatures.

References

  1. 1.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_28CrossRefzbMATHGoogle Scholar
  2. 2.
    Alamati, N., Peikert, C.: Three’s compromised too: circular insecurity for any cycle length from (Ring-)LWE. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 659–680. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_23CrossRefGoogle Scholar
  3. 3.
    Ananth, P., Boneh, D., Garg, S., Sahai, A., Zhandry, M.: Differing-inputs obfuscation and applications. Cryptology ePrint Archive, Report 2013/689 (2013)Google Scholar
  4. 4.
    Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 308–326. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_15CrossRefGoogle Scholar
  5. 5.
    Ananth, P., Jain, A., Sahai, A.: Achieving compactness generically: indistinguishability obfuscation from non-compact functional encryption. IACR Cryptology ePrint Archive (2015)Google Scholar
  6. 6.
    Barak, B., et al.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_1CrossRefGoogle Scholar
  7. 7.
    Barak, B., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2), 6 (2012)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_33CrossRefzbMATHGoogle Scholar
  9. 9.
    Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 401–427. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_16CrossRefzbMATHGoogle Scholar
  10. 10.
    Bitansky, N., Paneth, O., Wichs, D.: Perfect structure on the edge of chaos. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 474–502. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_20CrossRefzbMATHGoogle Scholar
  11. 11.
    Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. In: IEEE 56th Annual Symposium on Foundations of Computer Science, FOCS 2015, pp. 171–190 (2015)Google Scholar
  12. 12.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  13. 13.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_16CrossRefGoogle Scholar
  14. 14.
    Boneh, D., Waters, B.: A fully collusion resistant broadcast, trace, and revoke system. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 211–220 (2006)Google Scholar
  15. 15.
    Boneh, D., Waters, B., Zhandry, M.: Low overhead broadcast encryption from multilinear maps. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 206–223. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_12CrossRefGoogle Scholar
  16. 16.
    Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_27CrossRefGoogle Scholar
  17. 17.
    Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (without random oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006).  https://doi.org/10.1007/11818175_17CrossRefGoogle Scholar
  18. 18.
    Brakerski, Z., Jain, A., Komargodski, I., Passelegue, A., Wichs, D.: Non-trivial witness encryption and null-IO from standard assumptions. Cryptology ePrint Archive, Report 2017/874 (2017). https://eprint.iacr.org/2017/874
  19. 19.
    Canetti, R., Lin, H., Tessaro, S., Vaikuntanathan, V.: Obfuscation of probabilistic circuits and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 468–497. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_19CrossRefzbMATHGoogle Scholar
  20. 20.
    Chen, Y., Vaikuntanathan, V., Wee, H.: GGH15 beyond permutation branching programs: proofs, attacks, and candidates. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 577–607. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96881-0_20CrossRefGoogle Scholar
  21. 21.
    Cho, C., Döttling, N., Garg, S., Gupta, D., Miao, P., Polychroniadou, A.: Laconic oblivious transfer and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 33–65. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63715-0_2CrossRefGoogle Scholar
  22. 22.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_26CrossRefGoogle Scholar
  23. 23.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: New multilinear maps over the integers. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 267–286. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_13CrossRefGoogle Scholar
  24. 24.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_40CrossRefGoogle Scholar
  25. 25.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_1CrossRefGoogle Scholar
  26. 26.
    Garg, S., Gentry, C., Halevi, S., Raykova, M.: Two-round secure MPC from indistinguishability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 74–94. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54242-8_4CrossRefGoogle Scholar
  27. 27.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS (2013)Google Scholar
  28. 28.
    Garg, S., Gentry, C., Halevi, S., Wichs, D.: On the implausibility of differing-inputs obfuscation and extractable witness encryption with auxiliary input. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 518–535. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_29CrossRefGoogle Scholar
  29. 29.
    Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: STOC (2013)Google Scholar
  30. 30.
    Garg, S., Pandey, O., Srinivasan, A.: Revisiting the cryptographic hardness of finding a nash equilibrium. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 579–604. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_20CrossRefGoogle Scholar
  31. 31.
    Garg, S., Pandey, O., Srinivasan, A., Zhandry, M.: Breaking the sub-exponential barrier in obfustopia. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 156–181. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56617-7_6CrossRefzbMATHGoogle Scholar
  32. 32.
    Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_20CrossRefGoogle Scholar
  33. 33.
    Gentry, C., Lewko, A., Waters, B.: Witness encryption from instance independent assumptions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 426–443. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_24CrossRefGoogle Scholar
  34. 34.
    Gentry, C., Lewko, A.B., Sahai, A., Waters, B.: Indistinguishability obfuscation from the multilinear subgroup elimination assumption. In: IEEE 56th Annual Symposium on Foundations of Computer Science, FOCS 2015, pp. 151–170 (2015)Google Scholar
  35. 35.
    Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with short ciphertexts). In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 171–188. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_10CrossRefzbMATHGoogle Scholar
  36. 36.
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: How to run turing machines on encrypted data. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 536–553. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_30CrossRefGoogle Scholar
  37. 37.
    Goyal, R., Hohenberger, S., Koppula, V., Waters, B.: A generic approach to constructing and proving verifiable random functions. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 537–566. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70503-3_18CrossRefGoogle Scholar
  38. 38.
    Goyal, R., Koppula, V., Russell, A., Waters, B.: Risky traitor tracing and new differential privacy negative results. Cryptology ePrint Archive, Report 2017/1117 (2017). https://eprint.iacr.org/2017/1117
  39. 39.
    Goyal, R., Koppula, V., Waters, B.: Lockable obfuscation. In: 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2017, pp. 612–621 (2017)Google Scholar
  40. 40.
    Goyal, R., Koppula, V., Waters, B.: Separating semantic and circular security for symmetric-key bit encryption from the learning with errors assumption. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 528–557. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56614-6_18CrossRefGoogle Scholar
  41. 41.
    Goyal, R., Koppula, V., Waters, B.: Collusion resistant traitor tracing from learning with errors. In: STOC (2018)Google Scholar
  42. 42.
    Hofheinz, D., Jager, T.: Verifiable random functions from standard assumptions. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 336–362. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_14CrossRefGoogle Scholar
  43. 43.
    Hofheinz, D., Jager, T., Khurana, D., Sahai, A., Waters, B., Zhandry, M.: How to generate and use universal samplers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 715–744. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_24CrossRefGoogle Scholar
  44. 44.
    Hubácek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, ITCS 2015, pp. 163–172 (2015)Google Scholar
  45. 45.
    Koppula, V., Lewko, A.B., Waters, B.: Indistinguishability obfuscation for turing machines with unbounded memory. In: Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, pp. 419–428 (2015)Google Scholar
  46. 46.
    Koppula, V., Waters, B.: Circular security separations for arbitrary length cycles from LWE. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 681–700. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_24CrossRefGoogle Scholar
  47. 47.
    Liu, Q., Zhandry, M.: Decomposable obfuscation: a framework for building applications of obfuscation from polynomial hardness. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 138–169. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_6CrossRefzbMATHGoogle Scholar
  48. 48.
    Luo, S., Shen, Q., Jin, Y., Chen, Y., Chen, Z., Qing, S.: A variant of Boyen-Waters anonymous IBE scheme. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds.) ICICS 2011. LNCS, vol. 7043, pp. 42–56. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25243-3_4CrossRefGoogle Scholar
  49. 49.
    Micali, S., Rabin, M., Vadhan, S.: Verifiable random functions. In: Proceedings 40th IEEE Symposium on Foundations of Computer Science, FOCS, pp. 120–130. IEEE (1999)Google Scholar
  50. 50.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_3CrossRefGoogle Scholar
  51. 51.
    Naor, M., Pinkas, B.: Efficient trace and revoke schemes. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 1–20. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45472-1_1CrossRefGoogle Scholar
  52. 52.
    Nishimaki, R., Wichs, D., Zhandry, M.: Anonymous traitor tracing: how to embed arbitrary information in a key. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 388–419. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_14CrossRefzbMATHGoogle Scholar
  53. 53.
    Okamoto, T., Pietrzak, K., Waters, B., Wichs, D.: New realizations of somewhere statistically binding hashing and positional accumulators. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 121–145. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_6CrossRefGoogle Scholar
  54. 54.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, pp. 84–93 (2005)Google Scholar
  55. 55.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27CrossRefGoogle Scholar
  56. 56.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May–03 June 2014, pp. 475–484 (2014)Google Scholar
  57. 57.
    Seo, J.H., Kobayashi, T., Ohkubo, M., Suzuki, K.: Anonymous hierarchical identity-based encryption with constant size ciphertexts. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 215–234. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00468-1_13CrossRefGoogle Scholar
  58. 58.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985).  https://doi.org/10.1007/3-540-39568-7_5CrossRefGoogle Scholar
  59. 59.
    Wichs, D., Zirdelis, G.: Obfuscating compute-and-compare programs under LWE. In: 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2017, pp. 600–611 (2017)Google Scholar
  60. 60.
    Zhandry, M.: How to avoid obfuscation using witness PRFs. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 421–448. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49099-0_16CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Rishab Goyal
    • 1
  • Satyanarayana Vusirikala
    • 1
    Email author
  • Brent Waters
    • 1
  1. 1.University of Texas at AustinAustinUSA

Personalised recommendations