|Time+Place:||Thursday 10/07/2014 14:30 Room 337-8 Taub Bld.|
|Title:||Towards a Unified Framework for Computing on Encrypted Data|
|Speaker:|| Shweta Agrawal - CSpecial-Lecture
|| Affiliation: || IIT Delhi
|| Host: || Yuval Ishai
In recent years there has been a fantastic boom of increasingly sophisticated ''Ccryptographic objects'' -- identity-based encryption, fully-homomorphic encryption, functional encryption, and most recently, various forms of obfuscation. These objects often come in various flavors of security, and as these constructions have grown in number, complexity and inter-connectedness, the relationships between them have become increasingly confusing. We provide a new framework of cryptographic agents that unifies various cryptographic objects and security definitions, similar to how the Universal Composition framework unifies various multi-party computation tasks like commitment, coin-tossing and zero-knowledge proofs. Our contributions can be summarized as follows. Our main contribution is a new model of cryptographic computation, that unifies and extends cryptographic primitives such as Obfuscation, Functional Encryption, Fully Homomorphic Encryption, Witness encryption, Property Preserving Encryption and the like, all of which can be cleanly modeled as ''schemata'' in our framework. We provide a new indistinguishability preserving (IND-PRE) definition of security that interpolates indistinguishability and simulation style definitions, implying the former while (often) sidestepping the impossibilities of the latter. We present a notion of reduction from one schema to another and a powerful composition theorem with respect to IND-PRE security. This provides a modular means to build and analyze secure schemes for complicated schemata based on those for simpler schemata. Further, this provides a way to abstract out and study and the relative complexity of different schemata. We show that obfuscation is a ''Ccomplete'' schema under this notion, under standard cryptographic assumptions. IND-PRE-security can be parametrized by the choice of the ''test'' family. For obfuscation, the strongest security definition (by considering all PPT tests) is unrealizable in general. But we identify a family of tests, such that all known impossibility results, for obfuscation as well as functional encryption, are by-passed. On the other hand, for each of the example primitives we consider in this paper -- obfuscation, functional encryption, fully-homomorphic encryption and property-preserving encryption -- our notion of security for the corresponding schema implies the standard achievable security definitions in the literature. We provide a stricter notion of reduction that composes with respect to the restricted family of tests. Based on our sliding scale of security we obtain a new definition for security of obfuscation, called adaptive differing-inputs obfuscation. We illustrate its power by using it for new constructions of functional encryption schemes, with and without function-hiding. Joint work with Manoj Prabhakaran and Shashank Agrawal. Short Bio: Shweta Agrawal is an INSPIRE assistant professor at the Indian Institute of Technology, Delhi. She got her PhD at UT Austin and subsequently spent 2 years as a postdoc at UCLA.