Public-Key Cryptography – PKC 2020: 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Edinburgh, UK, May 4–7, 2020, Proceedings, Part I

Given a cryptographic task, such as encrypting a message or securely computing a given function, a natural question is to find the “minimal cost” of carrying out this task. The question can take a variety of forms, depending on the cost measure. For instance, one can try to minimize computation, communication, rounds, or randomness. In the case of computational cost, one can consider different computation models, such as circuits or branching programs, and different cost metrics, such as size or depth. The answer to the question may further depend on the type of computational assumptions one is willing to make. The study of this question, for different cryptographic tasks and clean asymptotic cost measures, has led to a rich body of work with useful and often unexpected results. The talk will survey some of this work, highlighting connections between different research areas in cryptography and relevance beyond cryptography. In addition to the direct interest in minimizing well-motivated complexity measures, there are cases in which “high-end” cryptographic tasks, such as secure multiparty computation or program obfuscation, call for minimizing different cost measures of lower-end primitives that would otherwise seem poorly motivated. I will give some examples of this kind. Finally, I will make the case that despite the progress already made, there is much more to be explored. Research in this area can greatly benefit from more cooperation between theoretical and applied cryptographers, as well as between cryptographers and researchers from other fields, including computational complexity, algorithms, computational learning theory, coding and information theory. Supported by ERC Project NTSC (742754), NSF-BSF grant 2015782, BSF grant 2018393, and a grant from the Ministry of Science and Technology, Israel and Department of Science and Technology, Government of India.

[1]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[2]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[6]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[7]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[8]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[9]  Antonio Faonio,et al.  Predictable Arguments of Knowledge , 2017, Public Key Cryptography.

[10]  Dennis Hofheinz,et al.  All-But-Many Lossy Trapdoor Functions , 2012, EUROCRYPT.

[11]  Moti Yung,et al.  Signatures Resilient to Continual Leakage on Memory and Computation , 2011, IACR Cryptol. ePrint Arch..

[12]  Richard J. Lipton,et al.  On the Importance of Eliminating Errors in Cryptographic Computations , 2015, Journal of Cryptology.

[13]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[14]  Yu Chen,et al.  Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation , 2018, IACR Cryptol. ePrint Arch..

[15]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[16]  Adam O'Neill,et al.  Selective-Opening Security in the Presence of Randomness Failures , 2016, ASIACRYPT.

[17]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[18]  Antonio Faonio,et al.  Mind Your Coins: Fully Leakage-Resilient Signatures with Graceful Degradation , 2015, ICALP.

[19]  Silvio Micali,et al.  On the Cryptographic Applications of Random Functions , 1984, CRYPTO.

[20]  Ye Zhang,et al.  On the Regularity of Lossy RSA - Improved Bounds and Applications to Padding-Based Encryption , 2015, TCC.

[21]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[22]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, Journal of Cryptology.

[23]  Vipul Goyal,et al.  Non-Malleable Multi-Prover Interactive Proofs and Witness Signatures , 2016 .

[24]  Brent Waters,et al.  Replacing a Random Oracle: Full Domain Hash From Indistinguishability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[25]  Antonio Faonio,et al.  Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience , 2016, ASIACRYPT.

[26]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[27]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[28]  Adam O'Neill,et al.  Adaptive Trapdoor Functions and Chosen-Ciphertext Security , 2010, EUROCRYPT.

[29]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[30]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[31]  Yael Tauman Kalai,et al.  Robustness of the Learning with Errors Assumption , 2010, ICS.

[32]  Daniel Wichs,et al.  Fully Leakage-Resilient Signatures , 2011, Journal of Cryptology.

[33]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[34]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[35]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[36]  Ivan Damgård,et al.  Bounded Tamper Resilience: How to Go Beyond the Algebraic Barrier , 2013, Journal of Cryptology.

[37]  Brent Waters,et al.  Constrained Pseudorandom Functions and Their Applications , 2013, ASIACRYPT.

[38]  Nir Bitansky,et al.  The Hunting of the SNARK , 2016, Journal of Cryptology.

[39]  Silvio Micali,et al.  Physically Observable Cryptography , 2003, IACR Cryptol. ePrint Arch..

[40]  Daniel Wichs,et al.  Witness Maps and Applications , 2020, IACR Cryptol. ePrint Arch..

[41]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[42]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[43]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[44]  Yevgeniy Dodis,et al.  Cryptography against Continuous Memory Attacks , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[45]  Jorge Luis Villar,et al.  Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption , 2006, ASIACRYPT.

[46]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[47]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[48]  Adam O'Neill,et al.  Regularity of Lossy RSA on Subdomains and Its Applications , 2013, EUROCRYPT.

[49]  Brent Waters,et al.  New Negative Results on Differing-Inputs Obfuscation , 2016, EUROCRYPT.

[50]  Eike Kiltz,et al.  On the Security of Padding-Based Encryption Schemes - or - Why We Cannot Prove OAEP Secure in the Standard Model , 2009, EUROCRYPT.

[51]  V. Rich Personal communication , 1989, Nature.

[52]  Eiichiro Fujisaki,et al.  Public-Key Cryptosystems Resilient to Continuous Tampering and Leakage of Arbitrary Functions , 2016, ASIACRYPT.

[53]  Adam O'Neill,et al.  Instantiability of RSA-OAEP Under Chosen-Plaintext Attack , 2010, Journal of Cryptology.

[54]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[55]  Aggelos Kiayias,et al.  Delegatable pseudorandom functions and applications , 2013, IACR Cryptol. ePrint Arch..