Time+Place: Thursday 10/07/2014 14:30 Room 337-8 Taub Bld.
Title: Towards a Unified Framework for Computing on Encrypted Data
Speaker: Shweta Agrawal - CSpecial-Lecture http://www.cse.iitd.ac.in/~shweta/
Affiliation: IIT Delhi
Host: Yuval Ishai


In recent years there has been a fantastic boom of increasingly 
sophisticated ''Ccryptographic objects'' -- identity-based encryption, 
fully-homomorphic encryption, functional encryption, and most recently, 
various forms of obfuscation. These objects often come in various 
flavors of security, and as these constructions have grown in number, 
complexity and inter-connectedness, the relationships between them have 
become increasingly confusing.

We provide a new framework of cryptographic agents that unifies various 
cryptographic objects and security definitions, similar to how the 
Universal Composition framework unifies various multi-party computation 
tasks like commitment, coin-tossing and zero-knowledge proofs.

Our contributions can be summarized as follows.

Our main contribution is a new model of cryptographic computation, that 
unifies and extends cryptographic primitives such as Obfuscation, 
Functional Encryption, Fully Homomorphic Encryption, Witness encryption, 
Property Preserving Encryption and the like, all of which can be cleanly 
modeled as ''schemata'' in our framework.

We provide a new indistinguishability preserving (IND-PRE) definition of 
security that interpolates indistinguishability and simulation style 
definitions, implying the former while (often) sidestepping the 
impossibilities of the latter.

We present a notion of reduction from one schema to another and a 
powerful composition theorem with respect to IND-PRE security. This 
provides a modular means to build and analyze secure schemes for 
complicated schemata based on those for simpler schemata. Further, this 
provides a way to abstract out and study and the relative complexity of 
different schemata. We show that obfuscation is a ''Ccomplete'' schema 
under this notion, under standard cryptographic assumptions.

IND-PRE-security can be parametrized by the choice of the ''test'' 
family. For obfuscation, the strongest security definition (by 
considering all PPT tests) is unrealizable in general.  But we identify 
a family of tests, such that all known impossibility results, for 
obfuscation as well as functional encryption, are by-passed. On the 
other hand, for each of the example primitives we consider in this 
paper --  obfuscation, functional encryption, fully-homomorphic 
encryption and property-preserving encryption  -- our notion of security 
for the corresponding schema implies the standard achievable security 
definitions in the literature.

We provide a stricter notion of reduction that composes with respect to 
the restricted family of tests.

Based on our sliding scale of security we obtain a new definition for 
security of obfuscation, called adaptive differing-inputs obfuscation. 
We illustrate its power by using it for new constructions of functional 
encryption schemes, with and without function-hiding.

Joint work with Manoj Prabhakaran and Shashank Agrawal.

Short Bio:

Shweta Agrawal is an INSPIRE assistant professor at the Indian Institute 
of Technology, Delhi. She got her PhD at UT Austin and subsequently 
spent 2 years as a postdoc at UCLA.