| 1. |
- Brunetta, Carlo, 1992, et al.
(författare)
-
A Differentially Private Encryption Scheme
- 2017
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 10599 LNCS, s. 309-326
-
Konferensbidrag (refereegranskat)abstract
- Encrypting data with a semantically secure cryptosystem guarantees that nothing is learned about the plaintext from the ciphertext. However, querying a database about individuals or requesting for summary statistics can leak information. Differential privacy (DP) offers a formal framework to bound the amount of information that an adversary can discover from a database with private data, when statistical findings of the stored data are communicated to an untrusted party. Although both encryption schemes and differential private mechanisms can provide important privacy guarantees, when employed in isolation they do not guarantee full privacy-preservation. This paper investigates how to efficiently combine DP and an encryption scheme to prevent leakage of information. More precisely, we introduce and instantiate differentially private encryption schemes that provide both DP and confidentiality. Our contributions are five-fold, we: (i) define an encryption scheme that is not correct with some probability i.e., an -correct encryption scheme and we prove that it satisfies the DP definition; (ii) prove that combining DP and encryption, is equivalent to using an -correct encryption scheme and provide a construction to build one from the other; (iii) prove that an encryption scheme that belongs in the DP-then-Encrypt class is at least as computationally secure as the original base encryption scheme; (iv) provide an -correct encryption scheme that achieves both requirements (i.e., DP and confidentiality) and relies on Dijk et al.’s homomorphic encryption scheme (EUROCRYPT 2010); and (v) perform some statistical experiments on our encryption scheme in order to empirically check the correctness of the theoretical results.
|
|
| 2. |
- Brunetta, Carlo, 1992, et al.
(författare)
-
Code-Based Zero Knowledge PRF Arguments
- 2019
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 11723 LNCS, s. 171-189
-
Konferensbidrag (refereegranskat)abstract
- Pseudo-random functions are a useful cryptographic primitive that, can be combined with zero-knowledge proof systems in order to achieve privacy-preserving identification. Libert et al. (ASIACRYPT 2017) has investigated the problem of proving the correct evaluation of lattice-based PRFs based on the Learning-With-Rounding (LWR) problem. In this paper, we go beyond lattice-based assumptions and investigate, whether we can solve the question of proving the correct evaluation of PRFs based on code-based assumptions such as the Syndrome Decoding problem. The answer is affirmative and we achieve it by firstly introducing a very efficient code-based PRG based on the Regular Syndrome Decoding problem and subsequently, we give a direct construction of a code-based PRF. Thirdly, we provide a zero-knowledge protocol for the correct evaluation of a code-based PRF, which allows a prover to convince a verifier that a given output y is indeed computed from the code-based PRF with a secret key k on an input x, i.e., {\$}{\$}y=f(k,x){\$}{\$}. Finally, we analytically evaluate the protocol's communication costs.
|
|
| 3. |
- Brunetta, Carlo, 1992, et al.
(författare)
-
Lattice-Based Simulatable VRFs: Challenges and Future Directions
- 2018
-
Ingår i: Journal of Internet Services and Information Security. - 2182-2069 .- 2182-2077. ; 8:4, s. 57-69
-
Tidskriftsartikel (refereegranskat)abstract
- Lattice-based cryptography is evolving rapidly and is often employed to design cryptographic primitives that hold a great promise to be post-quantum resistant and can be employed in multiple application settings such as: e-cash, unique digital signatures, non-interactive lottery and others. In such application scenarios, a user is often required to prove non-interactively the correct computation of a pseudo-random function F_k(x) without revealing the secret key k used. Commitment schemes are also useful in application settings requiring to commit to a chosen but secret value that could be revealed later. In this short paper, we provide our insights on constructing a lattice-based simulatable verifiable random function (sVRF) using non interactive zero knowledge arguments and dual-mode commitment schemes and we point out the main challenges that need to be addressed in order to achieve it.
|
|
| 4. |
- Brunetta, Carlo, 1992, et al.
(författare)
-
Non-Interactive, Secure Verifiable Aggregation for Decentralized, Privacy-Preserving Learning
- 2021
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 13083 LNCS, s. 510-5128
-
Konferensbidrag (refereegranskat)abstract
- We propose a novel primitive called NIVA that allows the distributed aggregation of multiple users’ secret inputs by multiple untrusted servers. The returned aggregation result can be publicly verified in a non-interactive way, i.e. the users are not required to participate in the aggregation except for providing their secret inputs. NIVA allows the secure computation of the sum of a large amount of users’ data and can be employed, for example, in the federated learning setting in order to aggregate the model updates for a deep neural network. We implement NIVA and evaluate its communication and execution performance and compare it with the current state-of- the-art, i.e. Segal et al. protocol (CCS 2017) and Xu et al. VerifyNet protocol (IEEE TIFS 2020), resulting in better user’s communicated data and execution time.
|
|
| 5. |
- Brunetta, Carlo, 1992, et al.
(författare)
-
Towards Stronger Functional Signatures
- 2021
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)abstract
- Functional digital Signatures (FS) schemes introduced by Boyle, Goldwasser and Ivan (PKC 2014) provide a method to generate fine-grained digital signatures in which a master key-pair $(\msk,\mvk)$ is used to generate a signing secret-key $\sk_\function$ for a function $f$ that allows to sign any message $\msg$ into the message $f(\msg)$ and signature $\sigma$. The verification algorithm takes the master verification-key $\mvk$ and checks that the signature $\sigma$ corresponding to $f(\msg)$ is valid. In this paper, we enhance the FS primitive by introducing a function public-key $\pk_f$ that acts as a commitment for the specific signing key $\sk_f$. This public-key is used during the verification phase and guarantees that the message-signature pair is indeed the result generated by employing the specific key $\sk_f$ in the signature phase, a property not achieved by the original FS scheme. This enhanced FS scheme is defined as Strong Functional Signatures (SFS) for which we define the properties of unforgeability as well as the function hiding property. Finally, we provide an unforgeable, function hiding SFS instance in the random oracle model based on Boneh-Lynn-Shacham signature scheme (ASIACRYPT 2001) and Fiore-Gennaro's publicly verifiable computation scheme (CCS 2012).
|
|
| 6. |
- Brunetta, Carlo, 1992, et al.
(författare)
-
Turn Based Communication Channel
- 2021
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)abstract
- We introduce the concept of turn-based communication channel between two mutually distrustful parties with communication consistency, i.e. both parties have the same message history, and happens in sets of exchanged messages across a limited number of turns. Our construction leverages on timed primitives. Namely, we introduce a novel ∆-delay hash function definition in order to establish turns in the channel. Concretely, we introduce the one-way turn-based communication scheme and the two-way turn-based communication protocol and provide a concrete instantiation that achieves communication consistency.
|
|
| 7. |
- Li, Shimin, et al.
(författare)
-
Private Functional Signatures: Definition and Construction
- 2018
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 10946 LNCS, s. 284-303
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we introduce a new cryptographic primitive: private functional signatures, where functional signing keys skffor functions f derived from master signing key msk which can be used to sign any message, allow one to sign any message in the range of the underlying function f. Besides, there is an encryption algorithm which takes as input the master secret key msk to produce a ciphertext cxfor message x. And the signing algorithm applies a signing key skfon the ciphertext cxto produce a signature σf(x)on the result f(x). We also formalize the security notions of private functional signatures. Furthermore, we provide a general compiler from any (single-key) symmetric-key predicate encryption scheme into a single-key private functional signature scheme. By instantiating our construction with schemes for symmetric-key predicate encryption, we obtain private functional signature schemes based on a variety of assumptions (including the LWE assumption, simple multilinear-maps assumptions, obfuscation assumptions, and even the existence of any one-way function) offering various trade-offs between security and efficiency.
|
|
| 8. |
- Liang, Bei, 1985, et al.
(författare)
-
Decentralised Functional Signatures
- 2019
-
Ingår i: Mobile Networks and Applications. - : Springer Science and Business Media LLC. - 1572-8153 .- 1383-469X. ; 24:3, s. 934-946
-
Tidskriftsartikel (refereegranskat)abstract
- With the rapid development of the Internet of Things (IoT) a lot of critical information is shared however without having guarantees about the origin and integrity of the information. Digital signatures can provide important integrity guarantees to prevent illegal users from getting access to private and sensitive data in various IoT applications. Functional signatures, introduced by Boyle, Goldwasser and Ivan (PKC 2014) as signatures with a finegrained access control, allow an authority to generate signing keys corresponding to various functions such that a user with a signing key for a function f, can sign the image of the function f on a message mi.e., can sign f(m). Okamoto and Takashima (PKC 2013) firstly proposed the notion of a decentralized multi-authority functional signature (DMA-FS) scheme, which supports non-monotone access structures combined with inner-product relations. In this paper, we generalise the definition of DMA-FS proposed by Okamoto et al. (PKC13) for even more general policy functions, which support any polynomial-size boolean predicates other than the inner product relation and allow modifications of the original message. In our multi-authority functional signature (MAFS), there are multiple authorities and each one is able to certify a specific function and issue a corresponding functional signing key for each individual with some property, rendering them very useful in application settings such smart homes, smart cities, smart health care etc. We also provide a general transformation from a standard signature scheme to a MAFS scheme. Moreover, we present a way to build a function private MAFS from a FS without function privacy together with SNARKs.
|
|
| 9. |
- Liang, Bei, 1985, et al.
(författare)
-
Distributed pseudorandom functions for general access structures in NP
- 2018
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 10631, s. 81-87
-
Konferensbidrag (refereegranskat)abstract
- Distributed pseudorandom functions (DPRFs) originally introduced by Naor, Pinkas and Reingold (EUROCRYPT ’99) are pseudorandom functions (PRFs), whose computation is distributed to multiple servers. Although by distributing the function computation, we avoid single points of failures, this distribution usually implies the need for multiple interactions with the parties (servers) involved in the computation of the function. In this paper, we take distributed pseudorandom functions (DPRFs) even further, by pursuing a very natural direction. We ask if it is possible to construct distributed PRFs for a general class of access mechanism going beyond the threshold access structure and the access structure that can be described by a polynomial-size monotone span programs. More precisely, our contributions are two-fold and can be summarised as follows: (i) we introduce the notion of single round distributed PRFs for a general class of access structure (monotone functions in NP), (ii) we provide a provably secure general construction of distributed PRFs for every mNP access structure from puncturable PRFs based on indistinguishable obfuscation.
|
|
| 10. |
- Liang, Bei, 1985, et al.
(författare)
-
Fast and adaptively secure signatures in the random oracle model from indistinguishability obfuscation (short paper)
- 2017
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. - 9783319723587 ; 10701 LNCS, s. 422-431
-
Konferensbidrag (refereegranskat)abstract
- Indistinguishability obfuscation (iO) is a powerful cryptographic tool often employed to construct a variety of core cryptographic primitives such as public key encryption and signatures. In this paper, we focus on the employment of iO in order to construct short signatures with strong security guarantees (i.e., adaptive security) that provide a very efficient signing process for resource-constrained devices. Sahai and Waters (SW) (STOC 2014) initially explored the construction of iO -based short signature schemes but their proposal provides selective security. Ramchen and Waters (RW) (CCS 2014) attempted to provide stronger security guarantees (i.e., adaptive security) but their proposal is much more computationally expensive than the SW proposal. In this work, we propose an iO -based short signature scheme that provides adaptive security, fast signing for resource-constrained devices and is much more cost-efficient than the RW signature scheme. More precisely, we employ a puncturable PRF with a fixed length input to get a fast and adaptively secure signature scheme without any additional hardness assumption as in the SW signature scheme. To achieve this goal, we employ the technique of Hofheinz et al. called “delayed backdoor programming” using a random oracle, which allows to embed an execution thread that will only be invoked by special inputs generated using secret key information. Furthermore, we compare the cost of our signature scheme in terms of the cost of the underlying PRG used by the puncturable PRF. Our scheme has a much lower cost than the RW scheme, while providing strong security guarantees (i.e., adaptive security).
|
|
