ebook img

Tutorials on the Foundations of Cryptography: Dedicated to Oded Goldreich PDF

461 Pages·2017·4.418 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Tutorials on the Foundations of Cryptography: Dedicated to Oded Goldreich

Information Security and Cryptography Editor Yehuda Lindell Tutorials on the Foundations of Cryptography Dedicated to Oded Goldreich Information Security and Cryptography SeriesEditors DavidBasin KennyPaterson AdvisoryBoard MichaelBackes GillesBarthe RonaldCramer IvanDamgård AndrewD.Gordon JoshuaD.Guttman Christopher Kruegel UeliMaurer TatsuakiOkamoto Adrian Perrig BartPreneel Moreinformationaboutthisseriesathttp://www.springer.com/series/4752 Yehuda Lindell Editor Tutorials on the Foundations of Cryptography Dedicated to Oded Goldreich Editor Yehuda Lindell Department of Computer Science Bar-Ilan University Ramat Gan, Israel ISSN 1619-7100 ISSN2197- 845X (electr onic) Information Security and Cryptography ISBN 978-3-319-57047-1 ISBN 978-3-319-57048-8 (eBook) DOI 10.1007/978-3-319-57048-8 Library of Congress Control Number: 2017937580 © Springer International Publishing AG 2017 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. Printed on acid-free paper This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland ToOded,whoisacontinualinspirationtous BennyApplebaum BoazBarak AndrejBogdanov IftachHaitner ShaiHalevi YehudaLindell AlonRosen SalilVadhan Preface ThistutorialbookisdedicatedtoOdedGoldreichbyhisstudentsandmentoreeson theoccasionofhis60thbirthday.ThisisanopportunetimetocelebrateOded’sfun- damentalcontributionstothefoundationsofcryptography.Asoneofthefounders of the field, Oded’s work has influenced the way we think about, define, and con- struct cryptographic schemes. Oded’s research contributions are so numerous and wide-ranging that attempting to enumerate even just the most important of them would span many pages. Nevertheless, we would be amiss not to mention at least Oded’s classic results on achieving pseudorandom functions, zero knowledge for NP,securetwo-partyandmultipartycomputation,hard-corepredicatesforallone- wayfunctions,privateinformationretrieval,lowerboundsforblack-boxsimulation, limitationsoftherandom-oraclemethodology,obliviousRAM,andmultipledefini- tionalworks. Havingsaidtheabove,Oded’scontributionstocryptographyhavegonefar be- yondhisnumerousnovelscientificresults.Inparticular,Iwouldliketoelaborateon hisenormousinfluenceontheroleandcharacterofthefieldoftheoreticalcryptog- raphyandwhathehastermedthefoundationsofcryptography. AtCRYPTO’97,Odedgaveaninvitedtalk“OntheFoundationsofModernCryp- tography”inwhichhearticulatedhisvisionforthissubfieldofcryptography.Inthe talkandaccompanyingessay,hedescribesmoderncryptographyascomprisingdef- initionalactivity(formulatingwhat“secure”means)andconstructiveactivity(con- structingschemesthatfulfillthedefinitions).Furthermore,hedi(cid:11)erentiatesbetween threetypesofresults:feasibilityresults,introductionofparadigmsandtechniques thatmaybeapplicableinpractice,andpresentationofschemesthataresuitablefor practicalapplications.(Ofcourse,asOdedmentionsintheessay,thefieldalsoin- cludesotheractivitiessuchasestablishinglowerboundsandimpossibilityresults.) ThisessayandOded’slecturenotesandseminaltwo-volumebookFoundationsof Cryptography,havesignificantlyinfluencedthewaythatweandotherslookatand understandourfield.Needlesstosay,therewasactiveresearchbeingcarriedouton the foundations of cryptography before Oded published his essay. However, Oded wasthefirsttoarticulatetheimportanceofthisworkandcreateanidentityforthis subfieldofcryptography. vii viii Preface ThesuccessofthisapproachasarticulatedbyOdedhasbeenoutstanding.Hewas immensely influential in establishing a flourishing research community devoted to studyingthefoundationsofcryptographyandthefundamentalquestionsoutlinedin his1997essay.OdedwasoneofthefoundersoftheTheoryofCryptographyCon- ferencein2004(togetherwithMihirBellareandShafiGoldwasser),andchairedits steeringcommitteefrom2006to2012.Althoughmanycryptographytheorypapers arepublishedatothervenues,theTCCconferencegrewunderOded’sleadershipto beanaturalhomeforsuchwork. Theimportanceofthisapproachandtheresearchcarriedoutonthefoundations ofcryptographyhasintrinsicscientificvalue,relatedtothetheoryofcomputersci- enceingeneral.Thequestionsaskedarefundamentalinnatureandofimportance, irrespectiveofanyspecificapplication.However,inhisessay,Odedalsodiscussed the eventual utility of theoretical cryptography to practical constructions, and this has been unequivocally demonstrated. One example of this utility is the fact that allnewproposedstandardsformodesofencryption,signatures,key-exchangepro- tocols, and so on are accompanied with a proof of security. However, a far more striking illustration is the transition of purely theoretical notions to tools that are frequentlyusedbytheappliedcryptographyandsecuritycommunities.Onepartic- ularlyinterestingexampleisthepaper“Towardsatheoryofsoftwareprotectionand simulationbyobliviousRAMs”publishedbyOdedatSTOC1987(andlatermerged intoasinglejournalpaperwithRafiOstrovsky).Thispaperintroducedanewtheo- reticalnotionandconstructionandisaclearexampleofwhatonewouldcall“pure theory” today. Three decades later, oblivious RAM is a widely studied primitive, frombothatheoreticalandpracticalperspective.PapersonobliviousRAMarepub- lishedatthetopsecurityconferencesand constructionsareimplemented.Further- more,thetheoreticalmodelofasecureprocessorwithexternalmemoryisexactly themodelthatIntelhasadoptedinitsnewSGXarchitectureandisonethatalsofits manycloudcomputingscenarioswherestorageisheldexternally.Theintroduction of this notion three decades ago, and the proof of feasibility provided back then, informedtheappliedcryptographyandsecuritycommunitiesandformedthebasis theyneededwhenthisconceptbecameofpracticalinterest. Due to the great importance of the “foundations approach” to the field, Oded didnotstopatwritingashortessay.Rather,healsodistributedwidelyusedlecture notes, and expanded these into the two-volume treatise Foundations of Cryptog- raphy (published by Cambridge University Press in 2001 and 2004, respectively). This work presented a truly comprehensive “bottom-up” approach, starting from minimalassumptionsandworkinguptoconstructhigher-levelprimitivesandappli- cations.ItisimportanttonotethatmanyoftheresultsappearingintheFoundations ofCryptographywereneverfullyprovenpriortothework(mostnotably,thosein thechapteronsecurecomputation),andthusthisinvolvedamonumentale(cid:11)ort.In fact,newresultswereuncoveredinthisprocess,includinganexactformulationof the su(cid:14)cient assumptions for obtaining oblivious transfer and noninteractive zero knowledge. ThetwovolumesoftheFoundationsofCryptographyarethemostusedbookson mybookshelf,andareanabsolutenecessityinmyresearch.Thebooksalsoprovide Preface ix studentsandbeginningresearcherswiththeabilitytoentertheworldoftheoretical cryptography.Icannotimaginehowonewouldlearnthetopicofzeroknowledgein depth without Chapter 3 of the Foundations of Cryptography, and likewise all the othertopicscovered. Itisthereforemostappropriatethat,incelebrationofOded’s60thbirthday(and 20 years since the publication of that essay), we present a book in his honor that focuses on the foundations of cryptography. The chapters in this book consist of tutorialsthatareinspiredbythe“foundationsofcryptography”approach: Chapter1– Garbled Circuits as Randomized Encodings of Functions: a Primer (Benny Applebaum): Yao’s garbled circuit construction is a central crypto- graphictoolwithnumerousapplications.Thischapterreviewsgarbledcircuits fromafoundationalpointofviewundertheframeworkofrandomizedencod- ingoffunctions,includingpositiveandnegativeresultsandasampleofbasic applications. Chapter2–TheComplexityofPublic-KeyCryptography (BoazBarak):Thischap- tersurveyswhatisknown(andthemanythingsthatarenotknown)aboutthe computational assumptions that can enable public-key cryptography, and the qualitativedi(cid:11)erencesbetweentheseassumptionsandthosethatareknownto enableprivate-keycryptography. Chapter3 – Pseudorandom Functions: Three Decades Later (AndrejBogdanov andAlonRosen):Pseudorandomfunctionsareanextremelyinfluentialabstrac- tion,withapplicationsrangingfrommessageauthenticationtobarriersinprov- ingcomputationalcomplexitylowerbounds.Thischaptersurveysvariousincar- nationsofpseudorandomfunctions,givingself-containedproofsofkeyresults fromtheliterature. Chapter4–TheManyEntropiesinOne-WayFunctions (Iftach Haitner and Salil Vadhan):Thischapterintroducestworecentcomputationalnotionsofentropy, showsthattheycanbeeasilyfoundinanyone-wayfunction,andusesthemto present simpler and more e(cid:14)cient constructions of pseudorandom generators andstatisticallyhidingcommitmentsfromone-wayfunctions. Chapter5–HomomorphicEncryption (ShaiHalevi):Fullyhomomorphicencryp- tionisarelativelynewdiscoveryandhasgainedmuchattention.Thischapter providesatutorialonthetopic,fromdefinitionsandproperties,toconstructions andapplications. Chapter6–HowtoSimulateIt — A Tutorial on the Simulation Proof Technique (Yehuda Lindell): The simulation paradigm is central to cryptographic def- initions and proofs. This chapter consists of a systematic tutorial on how simulation-basedproofswork,fromsemanticsecuritythroughzeroknowledge andfinallysecurecomputation. Chapter7–TheComplexityofDi(cid:11)erentialPrivacy (SalilVadhan):Di(cid:11)erentialpri- vacyisatheoreticalframeworkforensuringtheprivacyofindividual-leveldata when performing statistical analysis of privacy-sensitive datasets. The goal of thischapteristoconveythedeepconnectionsbetweendi(cid:11)erentialprivacyand avarietyofothertopicsincomputationalcomplexity,cryptography,andtheo- reticalcomputerscienceatlarge. x Preface Oded has quoted his mother as saying “there are no privileges without duties”, and this is a message that Oded has also infused into his students by his personal example.IfeelgreatlyprivilegedtohavehadOdedasmyPh.D.advisor,andIam surethatthesameistrueofalltheauthorsofthisbook(andmanyotherswhoOded hasadvisedandmentoredovertheyears).Thisprivilegeindeedcomeswithduties. We hope that the tutorials in this book are helpful to those who are interested in pursuing the foundations of cryptography approach, and as such will constitute a verysmallpartofthefulfillmentofourobligations. In the name of all the authors of this book, I would like to wish Oded a very happy 60th birthday. There is great happiness in being able to look back at a life fullofaccomplishments,toseethepositiveinfluencethatyouhavehadonsomany people,andtoappreciatethecontinuinginfluenceyourworkwillhaveinthefuture. Happybirthday! Israel, YehudaLindell April2017 Contents 1 GarbledCircuitsasRandomizedEncodingsofFunctions:aPrimer:: 1 BennyApplebaum 1.1 Introduction.............................................. 1 1.2 DefinitionsandBasicProperties............................. 4 1.3 FeasibilityResults......................................... 10 1.4 AdvancedConstructions ................................... 19 1.5 Applications ............................................. 31 1.6 SummaryandSuggestionsforFurtherReading ................ 35 1.7 Appendix:RandomizedEncodingsVersusGarblingSchemes[26] 37 References..................................................... 38 2 TheComplexityofPublic-KeyCryptography ::::::::::::::::::::: 45 BoazBarak 2.1 Introduction.............................................. 45 2.2 Private-KeyCryptography .................................. 49 2.3 Public-KeyCryptography:anOverview ...................... 55 2.4 TheTwo“Mainstream”Public-KeyConstructions.............. 56 2.5 AlternativePublic-KeyConstructions ........................ 61 2.6 IsComputationalHardnesstheRuleortheException? .......... 67 References..................................................... 69 3 PseudorandomFunctions:ThreeDecadesLater ::::::::::::::::::: 79 AndrejBogdanovandAlonRosen 3.1 Introduction.............................................. 80 3.2 Definitions............................................... 87 3.3 GenericConstructions ..................................... 92 3.4 Instantiations............................................. 99 3.5 Transformations ..........................................110 3.6 ComplexityofPseudorandomFunctions ......................120 3.7 Distinguishers ............................................126 3.8 ContemporaryConstructions................................139 xi

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.