TY - CHAP
T1 - Non-trivial witness encryption and null-io from standard assumptions
AU - Brakerski, Zvika
AU - Jain, Aayush
AU - Komargodski, Ilan
AU - Passelègue, Alain
AU - Wichs, Daniel
N1 - Publisher Copyright: © 2018, Springer Nature Switzerland AG.
PY - 2018/8
Y1 - 2018/8
N2 - A witness encryption (WE) scheme can take any NP statement as a public-key and use it to encrypt a message. If the statement is true then it is possible to decrypt the message given a corresponding witness, but if the statement is false then the message is computationally hidden. Ideally, the encryption procedure should run in polynomial time, but it is also meaningful to define a weaker notion, which we call non-trivially exponentially efficient WE (XWE), where the encryption run-time is only required to be much smaller than the trivial 2 m bound for NP relations with witness size m. We show how to construct such XWE schemes for all of NP with encryption run-time 2 m / 2 under the sub-exponential learning with errors (LWE) assumption. For NP relations that can be verified in NC1 (e.g., SAT) we can also construct such XWE schemes under the sub-exponential Decisional Bilinear Diffie-Hellman (DBDH) assumption. Although we find the result surprising, it follows via a very simple connection to attribute-based encryption. We also show how to upgrade the above results to get non-trivially exponentially efficient indistinguishability obfuscation for null circuits (niO), which guarantees that the obfuscations of any two circuits that always output 0 are indistinguishable. In particular, under the LWE assumptions we get a XniO scheme where the obfuscation time is 2 n / 2 for all circuits with input size n. It is known that in the case of indistinguishability obfuscation (iO) for all circuits, non-trivially efficient XiO schemes imply fully efficient iO schemes (Lin et al., PKC ’16) but it remains as a fascinating open problem whether any such connection exists for WE or niO. Lastly, we explore a potential approach toward constructing fully efficient WE and niO schemes via multi-input ABE.
AB - A witness encryption (WE) scheme can take any NP statement as a public-key and use it to encrypt a message. If the statement is true then it is possible to decrypt the message given a corresponding witness, but if the statement is false then the message is computationally hidden. Ideally, the encryption procedure should run in polynomial time, but it is also meaningful to define a weaker notion, which we call non-trivially exponentially efficient WE (XWE), where the encryption run-time is only required to be much smaller than the trivial 2 m bound for NP relations with witness size m. We show how to construct such XWE schemes for all of NP with encryption run-time 2 m / 2 under the sub-exponential learning with errors (LWE) assumption. For NP relations that can be verified in NC1 (e.g., SAT) we can also construct such XWE schemes under the sub-exponential Decisional Bilinear Diffie-Hellman (DBDH) assumption. Although we find the result surprising, it follows via a very simple connection to attribute-based encryption. We also show how to upgrade the above results to get non-trivially exponentially efficient indistinguishability obfuscation for null circuits (niO), which guarantees that the obfuscations of any two circuits that always output 0 are indistinguishable. In particular, under the LWE assumptions we get a XniO scheme where the obfuscation time is 2 n / 2 for all circuits with input size n. It is known that in the case of indistinguishability obfuscation (iO) for all circuits, non-trivially efficient XiO schemes imply fully efficient iO schemes (Lin et al., PKC ’16) but it remains as a fascinating open problem whether any such connection exists for WE or niO. Lastly, we explore a potential approach toward constructing fully efficient WE and niO schemes via multi-input ABE.
UR - http://www.scopus.com/inward/record.url?scp=85053592177&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-319-98113-0_23
DO - https://doi.org/10.1007/978-3-319-98113-0_23
M3 - فصل
SN - 9783319981123
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 425
EP - 441
BT - Security and Cryptography for Networks - 11th International Conference, SCN 2018, Proceedings
A2 - Catalano, Dario
A2 - De Prisco, Roberto
PB - Springer-Verlag Italia
T2 - 11th International Conference on Security and Cryptography for Networks, SCN 2018
Y2 - 5 September 2018 through 7 September 2018
ER -