Zahra Jafargholi

Tamper Detection and Continuous Non-malleable Codes

WeN consider a public and keyless code (Enc,Dec) which is used to encode a message m and derive a codeword c = Enc(m). The codeword can be adversarially tampered via a function \(f \in{\mathcal F}\) from some “tampering function family” \(\mathcal F\), resulting in a tampered value c′ = f(c). We study the different types of security guarantees that can be achieved in this scenario for different families \(\mathcal{F}\) of tampering attacks.

Adaptively Secure Garbled Circuits from One-Way Functions

A garbling scheme is used to garble a circuit C and an input x in a way that reveals the output Cx but hides everything else. In many settings, the circuit can be garbled off-line without strict efficiency constraints, but the input must be garbled very efficiently on-line, with much lower complexity than evaluating the circuit. Yaos garbling schemei?ź[31] has essentially optimal on-line complexity, but only achieves selective security, where the adversary must choose the input x prior to seeing the garbled circuit. It has remained an open problem to achieve adaptive security, where the adversary can choose x after seeing the garbled circuit, while preserving on-line efficiency. In this work, we modify Yaos scheme in a way that allows us to prove adaptive security under one-way functions. In our main instantiation we achieve on-line complexity only proportional to the width w of the circuit. Alternatively we can also get an instantiation with on-line complexity only proportional to the depth d and the output size of the circuit, albeit incurring in a

A Quasipolynomial Reduction for Generalized Selective Decryption on Trees

2^{Od}

Adaptive Security of Yao's Garbled Circuits

security loss in our reduction. More broadly, we relate the on-line complexity of adaptively secure garbling schemes in our framework to a certain type of pebble complexity of the circuit. As our maini?źtool, of independent interest, we develop a new notion of somewhere equivocal encryption, which allows us to efficiently equivocate on a small subset of the message bits.

3SUM, 3XOR, Triangles

We study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve.

Tamper Detection and Continuous Non-Malleable Codes.

Generalized Selective Decryption (GSD), introduced by Panjwani [TCC’07], is a game for a symmetric encryption scheme \(\mathsf{Enc}\) that captures the difficulty of proving adaptive security of certain protocols, most notably the Logical Key Hierarchy (LKH) multicast encryption protocol. In the GSD game there are n keys \(k_1,\ldots ,k_n\), which the adversary may adaptively corrupt (learn); moreover, it can ask for encryptions \(\mathsf{Enc}_{k_i}(k_j)\) of keys under other keys. The adversary’s task is to distinguish keys (which it cannot trivially compute) from random. Proving the hardness of GSD assuming only IND-CPA security of \(\mathsf{Enc}\) is surprisingly hard. Using “complexity leveraging” loses a factor exponential in n, which makes the proof practically meaningless.