Theory of Cryptography

We consider the problem of delegating RAM computations over persistent databases. A user wishes to delegate a sequence of computations over a database to a server, where each computation may read and modify the database and the modifications persist between computations. Delegating RAM computations is important as it has the distinct feature that the run-time of computations maybe sub-linear in the size of the database. We present the first RAM delegation scheme that provide both soundness and privacy guarantees in the adaptive setting, where the sequence of delegated RAM programs are chosen adaptively, depending potentially on the encodings of the database and previously chosen programs. Prior works either achieved only adaptive soundness without privacy [Kalai and Paneth, ePrint’15], or only security in the selective setting where all RAM programs are chosen statically [Chen et al. ITCS’16, Canetti and Holmgren ITCS’16]. Our scheme assumes the existence of indistinguishability obfuscation (iO) for circuits and the decisional Diffie-Hellman (DDH) assumption. However, our techniques are quite general and in particular, might be applicable even in settings where iO is not used. We provide a “security lifting technique” that “lifts” any proof of selective security satisfying certain special properties into a proof of adaptive security, for arbitrary cryptographic schemes. We then apply this technique to the delegation scheme of Chen et al. and its selective security proof, obtaining that their scheme is essentially already adaptively secure. Because of the general approach, we can also easily extend to delegating parallel RAM (PRAM) computations. We believe that the security lifting technique can potentially find other applications and is of independent interest. This paper was presented jointly with “Adaptive Succinct Garbled RAM, or How To Delegate Your Database” by Ran Canetti, Yilei Chen, Justin Holmgren, and Mariana Raykova. The full version of this paper is available on ePrint [2]. Information about the grants supporting the authors can be found in “Acknowledgements” section. c © International Association for Cryptologic Research 2016 M. Hirt and A. Smith (Eds.): TCC 2016-B, Part II, LNCS 9986, pp. 3–30, 2016. DOI: 10.1007/978-3-662-53644-5 1

[1]  Dominique Unruh,et al.  Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model , 2015, EUROCRYPT.

[2]  Jonathan Katz,et al.  Feasibility and Infeasibility of Adaptively Secure Fully Homomorphic Encryption , 2013, Public Key Cryptography.

[3]  Dhinakaran Vinayagamurthy,et al.  Riding on Asymmetry: Efficient ABE for Branching Programs , 2015, ASIACRYPT.

[4]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[5]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[6]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[7]  Rafael Pass,et al.  Indistinguishability Obfuscation with Non-trivial Efficiency , 2016, Public Key Cryptography.

[8]  Rafael Pass,et al.  Output-Compressing Randomized Encodings and Applications , 2016, TCC.

[9]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[10]  Dominique Unruh,et al.  Quantum Collision-Resistance of Non-uniformly Distributed Functions , 2016, PQCrypto.

[11]  Andris Ambainis,et al.  Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[12]  Amit Sahai,et al.  Worry-free encryption: functional encryption with public keys , 2010, CCS '10.

[13]  Henry Yuen,et al.  A quantum lower bound for distinguishing random functions from random permutations , 2013, Quantum Inf. Comput..

[14]  Dominique Unruh,et al.  Quantum Position Verification in the Random Oracle Model , 2014, CRYPTO.

[15]  Dominique Unruh Revocable Quantum Timed-Release Encryption , 2014, EUROCRYPT.

[16]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[17]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[18]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[19]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[20]  Huijia Lin,et al.  Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes , 2016, EUROCRYPT.

[21]  Mark Zhandry,et al.  Secure Identity-Based Encryption in the Quantum Random Oracle Model , 2012, CRYPTO.

[22]  Brent Waters,et al.  Bi-Deniable Public-Key Encryption , 2011, CRYPTO.

[23]  Hoeteck Wee,et al.  Dual System Encryption via Predicate Encodings , 2014, TCC.

[24]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[25]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[26]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[27]  Sanjam Garg,et al.  Two-Round Adaptively Secure MPC from Indistinguishability Obfuscation , 2015, TCC.

[28]  Brent Waters,et al.  A Punctured Programming Approach to Adaptively Secure Functional Encryption , 2015, CRYPTO.

[29]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[30]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[31]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[32]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[33]  Michael Ben-Or,et al.  Probabilistic algorithms in finite fields , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[34]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[35]  Tommaso Gagliardoni,et al.  Computational Security of Quantum Encryption , 2016, ICITS.

[36]  Mark Zhandry,et al.  Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World , 2013, CRYPTO.

[37]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[38]  Daniele Micciancio,et al.  Compactness vs Collusion Resistance in Functional Encryption , 2016, IACR Cryptol. ePrint Arch..

[39]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.