TY - GEN
T1 - Succinct spooky free compilers are not black box sound
AU - Brakerski, Zvika
AU - Kalai, Yael Tauman
AU - Perlman, Renen
N1 - Publisher Copyright: © International Association for Cryptologic Research 2017.
PY - 2017/11/17
Y1 - 2017/11/17
N2 - It is tempting to think that if we encrypt a sequence of messages {xi} using a semantically secure encryption scheme, such that each xi is encrypted with its own independently generated public key pki, then even if the scheme is malleable (or homomorphic) then malleability is limited to acting on each xi independently. However, it is known that this is not the case, and in fact even non-local malleability might be possible. This phenomenon is known as spooky interactions. We formally define the notion of spooky free compilers that has been implicit in the delegation of computation literature. A spooky free compiler allows to encode a sequence of queries to a multi-prover interactive proof system (MIP) in a way that allows to apply the MIP prover algorithm on the encoded values on one hand, and prevents spooky interactions on the other. In our definition, the compiler is allowed to be tailored to a specific MIP and does not need to support any other operation. We show that (under a plausible complexity assumption) spooky free compilers that are sufficiently succinct to imply delegation schemes for NP with communication nα (for any constant α < 1) cannot be proven secure via black-box reduction to a falsifiable assumption. On the other hand, we show that it is possible to construct non-succinct spooky free fully homomorphic encryption, the strongest conceivable flavor of spooky free compiler, in a straightforward way from any fully homomorphic encryption scheme. Our impossibility result relies on adapting the techniques of Gentry and Wichs (2011) which rule out succinct adaptively sound delegation protocols. We note that spooky free compilers are only known to imply non-adaptive delegation, so the aforementioned result cannot be applied directly. Interestingly, we are still unable to show that spooky free compilers imply adaptive delegation, nor can we apply our techniques directly to rule out arbitrary non-adaptive NP-delegation.
AB - It is tempting to think that if we encrypt a sequence of messages {xi} using a semantically secure encryption scheme, such that each xi is encrypted with its own independently generated public key pki, then even if the scheme is malleable (or homomorphic) then malleability is limited to acting on each xi independently. However, it is known that this is not the case, and in fact even non-local malleability might be possible. This phenomenon is known as spooky interactions. We formally define the notion of spooky free compilers that has been implicit in the delegation of computation literature. A spooky free compiler allows to encode a sequence of queries to a multi-prover interactive proof system (MIP) in a way that allows to apply the MIP prover algorithm on the encoded values on one hand, and prevents spooky interactions on the other. In our definition, the compiler is allowed to be tailored to a specific MIP and does not need to support any other operation. We show that (under a plausible complexity assumption) spooky free compilers that are sufficiently succinct to imply delegation schemes for NP with communication nα (for any constant α < 1) cannot be proven secure via black-box reduction to a falsifiable assumption. On the other hand, we show that it is possible to construct non-succinct spooky free fully homomorphic encryption, the strongest conceivable flavor of spooky free compiler, in a straightforward way from any fully homomorphic encryption scheme. Our impossibility result relies on adapting the techniques of Gentry and Wichs (2011) which rule out succinct adaptively sound delegation protocols. We note that spooky free compilers are only known to imply non-adaptive delegation, so the aforementioned result cannot be applied directly. Interestingly, we are still unable to show that spooky free compilers imply adaptive delegation, nor can we apply our techniques directly to rule out arbitrary non-adaptive NP-delegation.
UR - http://www.scopus.com/inward/record.url?scp=85037856015&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-70700-6_6
DO - 10.1007/978-3-319-70700-6_6
M3 - منشور من مؤتمر
SN - 9783319706993
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 159
EP - 180
BT - Advances in Cryptology – ASIACRYPT 2017
A2 - Takagi, Tsuyoshi
A2 - Peyrin, Thomas
PB - Springer Verlag
T2 - 23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017
Y2 - 3 December 2017 through 7 December 2017
ER -