Dakshita Khurana

Distinguisher-Dependent Simulation in Two Rounds and its Applications

We devise a novel simulation technique that makes black-box use of the adversary as well as the distinguisher. Using this technique we construct several round-optimal protocols, many of which were previously unknown even using non-black-box simulation techniques: Two-round witness indistinguishable (WI) arguments for \(\mathrm {NP}\) from different assumptions than previously known. Two-round arguments and three-round arguments of knowledge for \(\mathrm {NP}\) that achieve strong WI, witness hiding (WH) and distributional weak zero knowledge (WZK) properties in a setting where the instance is only determined by the prover in the last round of the interaction. The soundness of these protocols is guaranteed against adaptive provers. Three-round two-party computation satisfying input-indistinguishable security as well as a weaker notion of simulation security against malicious adversaries. Three-round extractable commitments with guaranteed correctness of extraction from polynomial hardness assumptions.

Secure Computation from Elastic Noisy Channels

Noisy channels enable unconditionally secure multi-party computation even against parties with unbounded computational power. But inaccurate noise estimation and adversarially determined channel characteristics render known protocols insecure. Such channels are known as unreliable noisy channels. A large body of work in the last three decades has attempted to construct secure multi-party computation from unreliable noisy channels, but this previous work has not been able to deal with most parameter settings. In this work, we study a form of unreliable noisy channels where the unreliability is one-sided, that we name elastic noisy channels: thus, in one form of elastic noisy channel, an adversarial receiver can increase the reception reliability unbeknown to the sender, but the sender cannot change the channel characteristic. Our work shows feasibility results for a large set of parameters for the elastic binary symmetric channel, significantly improving upon the best results obtainable using prior techniques. In a key departure from existing approaches, we use a more elemental correlated private randomness as an intermediate cryptographic primitive that exhibits only a rudimentary essence of oblivious transfer. Toward this direction, we introduce new information-theoretic techniques that are potentially applicable to other cryptographic settings involving unreliable noisy channels.

Statistical Randomized Encodings: A Complexity Theoretic View

A randomized encoding of a function f(x) is a randomized function \(\hat{f}(x,r)\), such that the “encoding” \(\hat{f}(x,r)\) reveals f(x) and essentially no additional information about x. Randomized encodings of functions have found many applications in different areas of cryptography, including secure multiparty computation, efficient parallel cryptography, and verifiable computation.

Multi-party Key Exchange for Unbounded Parties from Indistinguishability Obfuscation

Existing protocols for non-interactive multi-party key exchange either 1 support a bounded number of users, 2 require a trusted setup, or 3 rely on knowledge-type assumptions. We construct the first non-interactive key exchange protocols which support an unbounded number of parties and have a security proof that does not rely on knowledge assumptions. Our non-interactive key-exchange protocol does not require a trusted setup and extends easily to the identity-based setting. Our protocols suffer only a polynomial loss to the underlying hardness assumptions.

Round Optimal Concurrent Non-malleability from Polynomial Hardness

Non-malleable commitments are a central cryptographic primitive that guarantee security against man-in-the-middle adversaries, and their exact round complexity has been a subject of great interest. Pass (TCC 2013, CC 2016) proved that non-malleable commitments with respect to commitment are impossible to construct in less than three rounds, via black-box reductions to polynomial hardness assumptions. Obtaining a matching positive result has remained an open problem so far.

Round Optimal Concurrent MPC via Strong Simulation

In this paper, we study the round complexity of concurrently secure multi-party computation (MPC) with super-polynomial simulation (SPS) in the plain model. In the plain model, there are known explicit attacks that show that concurrently secure MPC with polynomial simulation is impossible to achieve; SPS security is the most widely studied model for concurrently secure MPC in the plain model. We obtain the following results: Three-round concurrent MPC with SPS security against Byzantine adversaries, assuming sub-exponentially secure DDH and LWE. Two-round concurrent MPC with SPS security against Byzantine adversaries for input-less randomized functionalities, assuming sub-exponentially secure indistinguishability obfuscation and DDH. In particular, this class includes sampling functionalities that allow parties to jointly sample a secure common reference string for cryptographic applications.

How to Achieve Non-Malleability in One or Two Rounds

Non-malleable commitments, introduced by Dolev, Dwork and Naor (STOC 1991), are a fundamental cryptographic primitive, and their round complexity has been a subject of great interest. And yet, the goal of achieving non-malleable commitments with only one or two rounds} has been elusive. Pass (TCC 2013) captured this difficulty by proving important impossibility results regarding two-round non-malleable commitments. This led to the widespread belief that achieving two-round non-malleable commitments was impossible from standard assumptions. We show that this belief was false. Indeed, we obtain the following positive results:∘ We construct two-message non-malleable commitments satisfying non-malleability with respect to commitment, based on standard sub-exponential assumptions, namely: sub-exponential one-way permutations, sub-exponential ZAPs, and sub-exponential DDH. Furthermore, our protocol is public-coin}.∘ We obtain two-message private-coin} non-malleable commitments with respect to commitment, assuming only sub-exponential DDH or QR or N^{th}-residuosity.∘ We bootstrap the above protocols (under the same assumptions) to obtain two round constant bounded-concurrent non-malleable commitments. In the simultaneous message model, we obtain unbounded concurrent non-malleability in two rounds.∘ In the simultaneous messages model, we obtain one-round} non-malleable commitments, with unbounded concurrent security with respect to opening, under standard sub-exponential assumptions.– This implies non-interactive non-malleable commitments with respect to opening, in a restricted model with a broadcast channel, and a-priori bounded polynomially many parties such that every party is aware of every other party in the system. To the best of our knowledge, this is the first protocol to achieve completely non-interactive non-malleability in any plain model setting from standard assumptions.– As an application of this result, in the simultaneous exchange model, we obtain two-round multi-party pseudorandom coin-flipping.∘ We construct two-message zero-knowledge arguments with super-polynomial strong} simulation (SPSS-ZK), which also serve as an important tool for our constructions of non-malleable commitments.∘ In order to obtain our results, we develop several techniques that may be of independent interest.– We give the first two-round black-box rewinding strategy based on standard sub-exponential assumptions, in the plain model.– We also give a two-round tag amplification technique for non-malleable commitments, that amplifies a 4-tag scheme to a scheme for all tags, while relying on sub-exponential DDH. This includes a more efficient alternative to the DDN encoding.The full version of this paper is available online at: https://eprint.iacr.org/2017/291.pdf.

Promise Zero Knowledge and Its Applications to Round Optimal MPC.

We devise a new partitioned simulation technique for MPC where the simulator uses different strategies for simulating the view of aborting adversaries and non-aborting adversaries. The protagonist of this technique is a new notion of promise zero knowledge (ZK) where the ZK property only holds against non-aborting verifiers. We show how to realize promise ZK in three rounds in the simultaneous-message model assuming polynomially hard DDH (or QR or N\(^{th}\)-Residuosity).

Black-Box Separations for Differentially Private Protocols

We study the maximal achievable accuracy of distributed differentially private protocols for a large natural class of boolean functions, in the computational setting.

A grammar-based GUI for single view reconstruction

This paper presents a novel grammar-based GUI with an integrated back-end engine that enables accurate single view reconstruction with minimum supplementary information from the user. Our grammar allows a dynamic symbolic capture of constraints, which can be solved together in the end to eliminate incremental errors. This approach focuses on the simultaneous reconstruction of connected faces minimizing least square error, as opposed to a piece-wise approach where error keeps building up at every stage. We demonstrate how our Graphical User Interface is usable even by a layman to generate 3D models with negligible error.