Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

In this work, we show how to use indistinguishability obfuscation (iO) to build multiparty key exchange, efficient broadcast encryption, and efficient traitor tracing. Our schemes enjoy several interesting properties that have not been achievable before: Our multiparty non-interactive key exchange protocol does not require a trusted setup. Moreover, the size of the published value from each user is independent of the total number of users. Our broadcast encryption schemes support distributed setup, where users choose their own secret keys rather than be given secret keys by a trusted entity. The broadcast ciphertext size is independent of the number of users. Our traitor tracing system is fully collusion resistant with short ciphertexts, secret keys, and public key. Ciphertext size is logarithmic in the number of users and secret key size is independent of the number of users. Our public key size is polylogarithmic in the number of users. The recent functional encryption system of Garg, Gentry, Halevi, Raykova, Sahai, and Waters also leads to a traitor tracing scheme with similar ciphertext and secret key size, but the construction in this paper is simpler and more direct. These constructions resolve an open problem relating to differential privacy. Generalizing our traitor tracing system gives a private broadcast encryption scheme (where broadcast ciphertexts reveal minimal information about the recipient set) with optimal size ciphertext. Several of our proofs of security introduce new tools for proving security using indistinguishability obfuscation.

[1]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[2]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[3]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[4]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Aggelos Kiayias,et al.  Delegatable pseudorandom functions and applications , 2013, IACR Cryptol. ePrint Arch..

[6]  David Pointcheval,et al.  Public Traceability in Traitor Tracing Schemes , 2005, EUROCRYPT.

[7]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[8]  Jonathan Ullman,et al.  Answering n{2+o(1)} counting queries with differential privacy is hard , 2012, STOC '13.

[9]  Hideki Imai,et al.  Efficient Asymmetric Public-Key Traitor Tracing without Trusted Agents , 2001, CT-RSA.

[10]  Guy N. Rothblum,et al.  Black-box obfuscation for d-CNFs , 2014, ITCS.

[11]  Brent Waters,et al.  Replacing a Random Oracle: Full Domain Hash From Indistinguishability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[12]  Brent Waters,et al.  Privacy in Encrypted Content Distribution Using Private Broadcast Encryption , 2006, Financial Cryptography.

[13]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[14]  Aggelos Kiayias,et al.  Breaking and Repairing Asymmetric Public-Key Traitor Tracing , 2002, Digital Rights Management Workshop.

[15]  Nelly Fazio,et al.  Outsider-Anonymous Broadcast Encryption with Sublinear Ciphertexts , 2012, Public Key Cryptography.

[16]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.

[17]  Amit Sahai,et al.  Positive Results and Techniques for Obfuscation , 2004, EUROCRYPT.

[18]  Brent Waters,et al.  Low Overhead Broadcast Encryption from Multilinear Maps , 2014, IACR Cryptol. ePrint Arch..

[19]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[20]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[21]  Brent Waters,et al.  Constrained Pseudorandom Functions and Their Applications , 2013, ASIACRYPT.

[22]  David Pointcheval,et al.  Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys , 2007, Pairing.

[23]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[24]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[25]  Jun Furukawa,et al.  Identity-Based Broadcast Encryption , 2007, IACR Cryptol. ePrint Arch..

[26]  Ran Canetti,et al.  Obfuscation of Hyperplane Membership , 2010, TCC.

[27]  Alon Rosen,et al.  There is no Indistinguishability Obfuscation in Pessiland , 2013, IACR Cryptol. ePrint Arch..

[28]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[29]  Ran Canetti,et al.  Perfectly one-way probabilistic hash functions (preliminary version) , 1998, STOC '98.

[30]  Brent Waters,et al.  Building efficient fully collusion-resilient traitor tracing and revocation schemes , 2010, CCS '10.

[31]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[32]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[33]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[34]  Kenneth G. Paterson,et al.  Programmable Hash Functions in the Multilinear Setting , 2013, CRYPTO.

[35]  Thomas Sirvent Traitor tracing scheme with constant ciphertext rate against powerful pirates , 2006, IACR Cryptol. ePrint Arch..

[36]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[37]  Aggelos Kiayias,et al.  Lower Bounds for Private Broadcast Encryption , 2012, Information Hiding.

[38]  Moni Naor,et al.  On the complexity of differentially private data release: efficient algorithms and hardness results , 2009, STOC '09.

[39]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[40]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.

[41]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[42]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[43]  Dalit Naor,et al.  Broadcast Encryption , 1993, Encyclopedia of Multimedia.

[44]  Matthew J. Campagna Security Bounds for the NIST Codebook-based Deterministic Random Bit Generator , 2006, IACR Cryptol. ePrint Arch..

[45]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[46]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[47]  Ran Canetti,et al.  Perfectly One-Way Probabilistic Hash Functions , 1998, Symposium on the Theory of Computing.

[48]  Kenneth G. Paterson,et al.  Non-Interactive Key Exchange , 2012, IACR Cryptol. ePrint Arch..

[49]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[50]  Brent Waters,et al.  Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts) , 2009, EUROCRYPT.

[51]  Brent Waters,et al.  Separations in Circular Security for Arbitrary Length Key Cycles , 2015, TCC.

[52]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[53]  Birgit Pfitzmann,et al.  Trials of Traced Traitors , 1996, Information Hiding.

[54]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[55]  Moni Naor,et al.  Traitor tracing with constant size ciphertext , 2008, CCS.

[56]  Yevgeniy Dodis,et al.  Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack , 2003, Public Key Cryptography.

[57]  Birgit Pfitzmann,et al.  Asymmetric fingerprinting for larger collusions , 1997, CCS '97.

[58]  Kenneth G. Paterson,et al.  Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model , 2012, Public Key Cryptography.

[59]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.