Your search keyword '"Shweta Agrawal"' showing total 12 results

1. On the Practical Security of Inner Product Functional Encryption

Author

Manoj Prabhakaran, Shashank Agrawal, Abishek Kumarasubramanian, Shweta Agrawal, Saikrishna Badrinarayanan, and Amit Sahai

Subjects

Public-key cryptography, Pairing-based cryptography, business.industry, restrict, Computer science, Product (category theory), Computer security model, Computer security, computer.software_genre, business, computer, Functional encryption

Abstract

Functional Encryption (FE) is an exciting new paradigm that extends the notion of public key encryption. In this work we explore the security of Inner Product Functional Encryption schemes with the goal of achieving the highest security against practically feasible attacks. While there has been substantial research effort in defining meaningful security models for FE, known definitions run into one of the following difficulties – if general and strong, the definition can be shown impossible to achieve, whereas achievable definitions necessarily restrict the usage scenarios in which FE schemes can be deployed.

Published

2015

2. Statistical Randomized Encodings: A Complexity Theoretic View

Author

Shweta Agrawal, Dakshita Khurana, Yuval Ishai, and Anat Paskin-Cherniavsky

Subjects

Theoretical computer science, Oblivious transfer, business.industry, Computer science, Encoding (memory), Secure multi-party computation, Cryptography, Randomized algorithms as zero-sum games, Data_CODINGANDINFORMATIONTHEORY, Function (mathematics), Verifiable computation, business, Boolean function

Abstract

A randomized encoding of a function f(x) is a randomized function \(\hat{f}(x,r)\), such that the “encoding” \(\hat{f}(x,r)\) reveals f(x) and essentially no additional information about x. Randomized encodings of functions have found many applications in different areas of cryptography, including secure multiparty computation, efficient parallel cryptography, and verifiable computation.

Published

2015

3. Cryptographic Agents: Towards a Unified Theory of Computing on Encrypted Data

Author

Shweta Agrawal, Shashank Agrawal, and Manoj Prabhakaran

Subjects

Theoretical computer science, Cryptographic primitive, Computer science, business.industry, Obfuscation, Identity (object-oriented programming), Homomorphic encryption, Cryptography, Encryption, business, Computer Science::Cryptography and Security, Functional encryption, Random oracle

Abstract

We provide a new framework of cryptographic agents that unifies various modern “cryptographic objects” — identity-based encryption, fully-homomorphic encryption, functional encryption, and various forms of obfuscation – similar to how the Universal Composition framework unifies various multi-party computation tasks like commitment, coin-tossing and zero-knowledge proofs. These cryptographic objects can all be cleanly modeled as “schemata” in our framework.

Published

2015

4. Discrete Gaussian Leftover Hash Lemma over Infinite Domains

Author

Shai Halevi, Craig Gentry, Amit Sahai, and Shweta Agrawal

Subjects

Combinatorics, Discrete mathematics, Lemma (mathematics), symbols.namesake, Finite field, Gaussian, Leftover hash lemma, Probability mass function, symbols, Probability distribution, Subset sum problem, Lattice-based cryptography, Mathematics

Abstract

The classic Leftover Hash Lemma LHL is often used to argue that certain distributions arising from modular subset-sums are close to uniform over their finite domain. Though very powerful, the applicability of the leftover hash lemma to lattice based cryptography is limited for two reasons. First, typically the distributions we care about in lattice-based cryptography are discrete Gaussians, not uniform. Second, the elements chosen from these discrete Gaussian distributions lie in an infinite domain: a lattice rather than a finite field. In this work we prove a "lattice world" analog of LHL over infinite domains, proving that certain "generalized subset sum" distributions are statistically close to well behaved discrete Gaussian distributions, even without any modular reduction. Specifically, given many vectors $\{\vec x_i\}_{i=1}^m$ from some lattice Li¾?i¾?i¾?ℝ n , we analyze the probability distribution $\sum_{i=1}^m z_i \vec x_i$ where the integer vector $\vec z \in \mathbb{Z}^m$ is chosen from a discrete Gaussian distribution. We show that when the $\vec x_i$ 's are "random enough" and the Gaussian from which the $\vec z$ 's are chosen is "wide enough", then the resulting distribution is statistically close to a near-spherical discrete Gaussian over the latticei¾?L. Beyond being interesting in its own right, this "lattice-world" analog of LHL has applications for the new construction of multilinear maps [5], where it is used to sample Discrete Gaussians obliviously. Specifically, given encoding of the $\vec x_i$ 's, it is used to produce an encoding of a near-spherical Gaussian distribution over the lattice. We believe that our new lemma will have other applications, and sketch some plausible ones in this work.

Published

2013

5. On Continual Leakage of Discrete Log Representations

Author

Vinod Vaikuntanathan, Shweta Agrawal, Daniel Wichs, and Yevgeniy Dodis

Subjects

Physics, Combinatorics, Group (mathematics), Discrete logarithm, Bounded function, Affine space, Negligible function

Abstract

Let \(\mathbb{G}\) be a group of prime order q, and let g 1,…,g n be random elements of \(\mathbb{G}\). We say that a vector x = \((x_1,\ldots,x_n)\in \mathbb{Z}_q^n\) is a discrete log representation of some some element \(y\in\mathbb{G}\) (with respect to g 1,…,g n ) if \(g_1^{x_1}\cdots g_n^{x_n} = y\). Any element y has many discrete log representations, forming an affine subspace of \(\mathbb{Z}_q^n\). We show that these representations have a nice continuous leakage-resilience property as follows. Assume some attacker \(\mathcal{A}(g_1,\ldots,g_n,y)\) can repeatedly learn L bits of information on arbitrarily many random representations of y. That is, \(\mathcal{A}\) adaptively chooses polynomially many leakage functions \(f_i:\mathbb{Z}_q^n\rightarrow \{0,1\}^L\), and learns the value f i (x i ), where x i is a fresh and random discrete log representation of y. \(\mathcal{A}\) wins the game if it eventually outputs a valid discrete log representation x* of y. We show that if the discrete log assumption holds in \(\mathbb{G}\), then no polynomially bounded \(\mathcal{A}\) can win this game with non-negligible probability, as long as the leakage on each representation is bounded by \(L\approx (n-2)\log q = (1-\frac{2}{n})\cdot\) |x|.

Published

2013

6. Functional Encryption: New Perspectives and Lower Bounds

Author

Vinod Vaikuntanathan, Sergey Gorbunov, Shweta Agrawal, and Hoeteck Wee

Subjects

Class (set theory), Theoretical computer science, business.industry, Computer science, Bounded function, Computer Science::Multimedia, Ciphertext, Impossibility, Encryption, business, Computer Science::Cryptography and Security, Functional encryption, Random oracle

Abstract

Functional encryption is an emerging paradigm for public-key encryption that enables fine-grained control of access to encrypted data. In this work, we present new lower bounds and impossibility results on functional encryption, as well as new perspectives on security definitions. Our main contributions are as follows: We show that functional encryption schemes that satisfy even a weak (non-adaptive) simulation-based security notion are impossible to construct in general. This is the first impossibility result that exploits unbounded collusions in an essential way. In particular, we show that there are no such functional encryption schemes for the class of weak pseudo-random functions (and more generally, for any class of incompressible functions). More quantitatively, our technique also gives us a lower bound for functional encryption schemes secure against bounded collusions. To be secure against q collusions, we show that the ciphertext in any such scheme must have size Ω(q). We put forth and discuss a simulation-based notion of security for functional encryption, with an unbounded simulator (called USIM). We show that this notion interpolates indistinguishability and simulation-based security notions, and is inspired by results and barriers in the zero-knowledge and multi-party computation literature.

Published

2013

7. Functional Encryption for Threshold Functions (or Fuzzy IBE) from Lattices

Author

Xavier Boyen, Vinod Vaikuntanathan, Panagiotis Voulgaris, Hoeteck Wee, and Shweta Agrawal

Subjects

Theoretical computer science, business.industry, Lattice problem, Encryption, Secret sharing, Fuzzy logic, law.invention, law, Cryptosystem, business, Cryptanalysis, Learning with errors, Computer Science::Cryptography and Security, Functional encryption, Mathematics

Abstract

Cryptosystems based on the hardness of lattice problems have recently acquired much importance due to their average-case to worst-case equivalence, their conjectured resistance to quantum cryptanalysis, their ease of implementation and increasing practicality, and, lately, their promising potential as a platform for constructing advanced functionalities. In this work, we construct "Fuzzy" Identity Based Encryption from the hardness of the Learning With Errors (LWE) problem. We note that for our parameters, the underlying lattice problems (such as gapSVP or SIVP) are assumed to be hard to approximate within supexponential factors for adversaries running in subexponential time. We give CPA and CCA secure variants of our construction, for small and large universes of attributes. All our constructions are secure against selective-identity attacks in the standard model. Our construction is made possible by observing certain special properties that secret sharing schemes need to satisfy in order to be useful for Fuzzy IBE. We also discuss some obstacles towards realizing lattice-based attribute-based encryption (ABE).

Published

2012

8. New Impossibility Results for Concurrent Composition and a Non-interactive Completeness Theorem for Secure Computation

Author

Shweta Agrawal, Vipul Goyal, Abhishek Jain, Amit Sahai, and Manoj Prabhakaran

Subjects

Protocol (science), Theoretical computer science, Oblivious transfer, Secure multi-party computation, Single server, Gödel's completeness theorem, Composition (combinatorics), Impossibility, Binary erasure channel, Mathematics

Abstract

We consider the client-server setting for the concurrent composition of secure protocols: in this setting, a single server interacts with multiple clients concurrently, executing with each client a specified protocol where only the client should receive any nontrivial output. Such a setting is easily motivated from an application standpoint. There are important special cases for which positive results are known – such as concurrent zero knowledge protocols – and it has been an open question whether other natural functionalities such as Oblivious Transfer (OT) are possible in this setting.

Published

2012

9. Functional Encryption for Inner Product Predicates from Learning with Errors

Author

David Mandell Freeman, Vinod Vaikuntanathan, and Shweta Agrawal

Subjects

Theoretical computer science, Plaintext-aware encryption, business.industry, Encryption, Deterministic encryption, Multiple encryption, Probabilistic encryption, Computer Science::Multimedia, 40-bit encryption, Attribute-based encryption, business, Algorithm, Computer Science::Cryptography and Security, Mathematics, Functional encryption

Abstract

We propose a lattice-based functional encryption scheme for inner product predicates whose security follows from the difficulty of the learning with errors (LWE) problem. This construction allows us to achieve applications such as range and subset queries, polynomial evaluation, and CNF/DNF formulas on encrypted data. Our scheme supports inner products over small fields, in contrast to earlier works based on bilinear maps. Our construction is the first functional encryption scheme based on lattice techniques that goes beyond basic identity-based encryption. The main technique in our scheme is a novel twist to the identity-based encryption scheme of Agrawal, Boneh and Boyen (Eurocrypt 2010). Our scheme is weakly attribute hiding in the standard model.

Published

2011

10. Preventing Pollution Attacks in Multi-source Network Coding

Author

Xavier Boyen, David Mandell Freeman, Dan Boneh, and Shweta Agrawal

Subjects

Network packet, Computer science, business.industry, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Packet forwarding, Network traffic control, Out-of-order delivery, Linear network coding, Computer Science::Networking and Internet Architecture, business, Media Delivery Index, Network management station, Computer Science::Information Theory, Computer Science::Cryptography and Security, Computer network

Abstract

Network coding is a method for achieving channel capacity in networks. The key idea is to allow network routers to linearly mix packets as they traverse the network so that recipients receive linear combinations of packets. Network coded systems are vulnerable to pollution attacks where a single malicious node floods the network with bad packets and prevents the receiver from decoding correctly. Cryptographic defenses to these problems are based on homomorphic signatures and MACs. These proposals, however, cannot handle mixing of packets from multiple sources, which is needed to achieve the full benefits of network coding. In this paper we address integrity of multi-source mixing. We propose a security model for this setting and provide a generic construction.

Published

2010

11. Efficient Lattice (H)IBE in the Standard Model

Author

Xavier Boyen, Dan Boneh, and Shweta Agrawal

Subjects

Computer science, Lattice (order), Algorithm, Learning with errors, Computer Science::Cryptography and Security, Random oracle

Abstract

We construct an efficient identity based encryption system based on the standard learning with errors (LWE) problem. Our security proof holds in the standard model. The key step in the construction is a family of lattices for which there are two distinct trapdoors for finding short vectors. One trapdoor enables the real system to generate short vectors in all lattices in the family. The other trapdoor enables the simulator to generate short vectors for all lattices in the family except for one. We extend this basic technique to an adaptively-secure IBE and a Hierarchical IBE.

Published

2010

12. Homomorphic MACs: MAC-Based Integrity for Network Coding

Author

Dan Boneh and Shweta Agrawal

Subjects

Computer science, Network packet, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Homomorphic encryption, Hash-based message authentication code, Computer Science::Performance, Robustness (computer science), Linear network coding, Checksum, Computer Science::Networking and Internet Architecture, Network code, business, Decoding methods, Computer Science::Information Theory, Computer network

Abstract

Network coding has been shown to improve the capacity and robustness in networks. However, since intermediate nodes modify packets en-route, integrity of data cannot be checked using traditional MACs and checksums. In addition, network coded systems are vulnerable to pollution attacks where a single malicious node can flood the network with bad packets and prevent the receiver from decoding the packets correctly. Signature schemes have been proposed to thwart such attacks, but they tend to be too slow for online per-packet integrity. Here we propose a homomorphic MAC which allows checking the integrity of network coded data. Our homomorphic MAC is designed as a drop-in replacement for traditional MACs (such as HMAC) in systems using network coding.

Published

2009