TY - GEN
T1 - Witness Indistinguishability for Any Single-Round Argument with Applications to Access Control
AU - Brakerski, Zvika
AU - Kalai, Yael
N1 - Publisher Copyright: © 2020, International Association for Cryptologic Research.
PY - 2020/4/29
Y1 - 2020/4/29
N2 - Consider an access policy for some resource which only allows access to users of the system who own a certain set of attributes. Specifically, we consider the case where such an access structure is defined by some monotone function f : {0, 1}(N) -> {0, 1}, belonging to some class of function F (e.g. conjunctions, space bounded computation), where N is the number of possible attributes.In this work we show that any succinct single-round delegation scheme for the function class F can be converted into a succinct single-round private access control protocol. That is, a verifier can be convinced that an approved user (i.e. one which holds an approved set of attributes) is accessing the system, without learning any additional information about the user or the set of attributes.As a main tool of independent interest, we show that assuming a quasi-polynomially secure two-message oblivious transfer scheme with statistical sender privacy (which can be based on quasi-polynomial hardness of the DDH, QR, DCR or LWE assumptions), we can convert any single-round protocol into a witness indistinguishable one, with similar communication complexity.
AB - Consider an access policy for some resource which only allows access to users of the system who own a certain set of attributes. Specifically, we consider the case where such an access structure is defined by some monotone function f : {0, 1}(N) -> {0, 1}, belonging to some class of function F (e.g. conjunctions, space bounded computation), where N is the number of possible attributes.In this work we show that any succinct single-round delegation scheme for the function class F can be converted into a succinct single-round private access control protocol. That is, a verifier can be convinced that an approved user (i.e. one which holds an approved set of attributes) is accessing the system, without learning any additional information about the user or the set of attributes.As a main tool of independent interest, we show that assuming a quasi-polynomially secure two-message oblivious transfer scheme with statistical sender privacy (which can be based on quasi-polynomial hardness of the DDH, QR, DCR or LWE assumptions), we can convert any single-round protocol into a witness indistinguishable one, with similar communication complexity.
UR - http://www.scopus.com/inward/record.url?scp=85089722171&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-45388-6_4
DO - 10.1007/978-3-030-45388-6_4
M3 - منشور من مؤتمر
SN - 9783030453879
VL - 12111
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 97
EP - 123
BT - Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
A2 - Kiayias, Aggelos
A2 - Kohlweiss, Markulf
A2 - Wallden, Petros
A2 - Zikas, Vassilis
PB - Springer Verlag
T2 - 23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020
Y2 - 4 May 2020 through 7 May 2020
ER -