-
Star-specific Key-homomorphic PRFs from Learning with Linear Regression
Authors:
Vipin Singh Sehrawat,
Foo Yee Yeo,
Dmitriy Vassilyev
Abstract:
We introduce a novel method to derandomize the learning with errors (LWE) problem by generating deterministic yet sufficiently independent LWE instances that are constructed by using linear regression models, which are generated via (wireless) communication errors. We also introduce star-specific key-homomorphic (SSKH) pseudorandom functions (PRFs), which are defined by the respective sets of part…
▽ More
We introduce a novel method to derandomize the learning with errors (LWE) problem by generating deterministic yet sufficiently independent LWE instances that are constructed by using linear regression models, which are generated via (wireless) communication errors. We also introduce star-specific key-homomorphic (SSKH) pseudorandom functions (PRFs), which are defined by the respective sets of parties that construct them. We use our derandomized variant of LWE to construct a SSKH PRF family. The sets of parties constructing SSKH PRFs are arranged as star graphs with possibly shared vertices, i.e., the pairs of sets may have non-empty intersections. We reduce the security of our SSKH PRF family to the hardness of LWE. To establish the maximum number of SSKH PRFs that can be constructed -- by a set of parties -- in the presence of passive/active and external/internal adversaries, we prove several bounds on the size of maximally cover-free at most $t$-intersecting $k$-uniform family of sets $\mathcal{H}$, where the three properties are defined as: (i) $k$-uniform: $\forall A \in \mathcal{H}: |A| = k$, (ii) at most $t$-intersecting: $\forall A, B \in \mathcal{H}, B \neq A: |A \cap B| \leq t$, (iii) maximally cover-free: $\forall A \in \mathcal{H}: A \not\subseteq \bigcup\limits_{\substack{B \in \mathcal{H} \\ B \neq A}} B$. For the same purpose, we define and compute the mutual information between different linear regression hypotheses that are generated from overlap** training datasets.
△ Less
Submitted 28 July, 2023; v1 submitted 2 May, 2022;
originally announced May 2022.
-
Function-private Conditional Disclosure of Secrets and Multi-evaluation Threshold Distributed Point Functions
Authors:
Nolan Miranda,
Foo Yee Yeo,
Vipin Singh Sehrawat
Abstract:
Conditional disclosure of secrets (CDS) allows multiple parties to reveal a secret to a third party if and only if some pre-decided condition is satisfied. In this work, we bolster the privacy guarantees of CDS by introducing function-private CDS wherein the pre-decided condition is never revealed to the third party. We also derive a function secret sharing scheme from our function-private CDS sol…
▽ More
Conditional disclosure of secrets (CDS) allows multiple parties to reveal a secret to a third party if and only if some pre-decided condition is satisfied. In this work, we bolster the privacy guarantees of CDS by introducing function-private CDS wherein the pre-decided condition is never revealed to the third party. We also derive a function secret sharing scheme from our function-private CDS solution. The second problem that we consider concerns threshold distributed point functions, which allow one to split a point function such that at least a threshold number of shares are required to evaluate it at any given input. We consider a setting wherein a point function is split among a set of parties such that multiple evaluations do not leak non-negligible information about it. Finally, we present a provably optimal procedure to perform threshold function secret sharing of any polynomial in a finite field.
△ Less
Submitted 8 October, 2021;
originally announced October 2021.
-
Extremal Set Theory and LWE Based Access Structure Hiding Verifiable Secret Sharing with Malicious-Majority and Free Verification
Authors:
Vipin Singh Sehrawat,
Foo Yee Yeo,
Yvo Desmedt
Abstract:
Secret sharing allows distributing a secret among several parties such that only authorized subsets, specified by an access structure, can reconstruct the secret. Sehrawat and Desmedt (COCOON 2020) introduced hidden access structures, that remain secret until some authorized subset of parties collaborate. However, their scheme assumes semi-honest parties and supports only restricted access structu…
▽ More
Secret sharing allows distributing a secret among several parties such that only authorized subsets, specified by an access structure, can reconstruct the secret. Sehrawat and Desmedt (COCOON 2020) introduced hidden access structures, that remain secret until some authorized subset of parties collaborate. However, their scheme assumes semi-honest parties and supports only restricted access structures. We address these shortcomings by constructing an access structure hiding verifiable secret sharing scheme that supports all monotone access structures. It is the first secret sharing scheme to support cheater identification and share verifiability in malicious-majority settings. The verification procedure of our scheme incurs no communication overhead. As the building blocks of our scheme, we introduce and construct: (i) a set-system with $> \exp\left(c\frac{2(\log h)^2}{(\log\log h)}\right)+2\exp\left(c\frac{(\log h)^2}{(\log\log h)}\right)$ subsets of a set of $h$ elements. Our set-system, $\mathcal{H}$, is defined over $\mathbb{Z}_m$, where $m$ is a non-prime-power. The size of each set in $\mathcal{H}$ is divisible by $m$ but the sizes of their pairwise intersections are not, unless one set is a subset of another, (ii) a new variant of the learning with errors (LWE) problem, called PRIM-LWE, wherein the secret matrix is sampled such that its determinant is a generator of $\mathbb{Z}_q^*$, where $q$ is the LWE modulus. The security of our scheme relies on the hardness of the LWE problem, and its share size is $$(1+ o(1)) \dfrac{2^{\ell}}{\sqrt{π\ell/2}}(2 q^{\varrho + 0.5} + \sqrt{q} + \mathrmΘ(h)),$$ where $\varrho \leq 1$ is a constant and $\ell$ is the total number of parties. We also provide directions for future work to reduce the share size to
\[\leq \dfrac{1}{3} \left( (1+ o(1)) \dfrac{2^{\ell}}{\sqrt{π\ell/2}}(2 q^{\varrho + 0.5} + 2\sqrt{q}) \right).\]
△ Less
Submitted 13 September, 2021; v1 submitted 30 November, 2020;
originally announced November 2020.
-
Access Structure Hiding Secret Sharing from Novel Set Systems and Vector Families
Authors:
Vipin Singh Sehrawat,
Yvo Desmedt
Abstract:
Secret sharing provides a means to distribute shares of a secret such that any authorized subset of shares, specified by an access structure, can be pooled together to recompute the secret. The standard secret sharing model requires public access structures, which violates privacy and facilitates the adversary by revealing high-value targets. In this paper, we address this shortcoming by introduci…
▽ More
Secret sharing provides a means to distribute shares of a secret such that any authorized subset of shares, specified by an access structure, can be pooled together to recompute the secret. The standard secret sharing model requires public access structures, which violates privacy and facilitates the adversary by revealing high-value targets. In this paper, we address this shortcoming by introducing \emph{hidden access structures}, which remain secret until some authorized subset of parties collaborate. The central piece of this work is the construction of a set-system $\mathcal{H}$ with strictly greater than $\exp\left(c \dfrac{1.5 (\log h)^2}{\log \log h}\right)$ subsets of a set of $h$ elements. Our set-system $\mathcal{H}$ is defined over $\mathbb{Z}_m$, where $m$ is a non-prime-power, such that the size of each set in $\mathcal{H}$ is divisible by $m$ but the sizes of their pairwise intersections are not divisible by $m$, unless one set is a subset of another. We derive a vector family $\mathcal{V}$ from $\mathcal{H}$ such that superset-subset relationships in $\mathcal{H}$ are represented by inner products in $\mathcal{V}$. We use $\mathcal{V}$ to "encode" the access structures and thereby develop the first \emph{access structure hiding} secret sharing scheme. For a setting with $\ell$ parties, our scheme supports $2^{\binom{\ell}{\ell/2+1}}$ out of the $2^{2^{\ell - O(\log \ell)}}$ total monotone access structures, and its maximum share size for any access structures is $(1+ o(1)) \dfrac{2^{\ell+1}}{\sqrt{π\ell/2}}$. The scheme assumes semi-honest polynomial-time parties, and its security relies on the Generalized Diffie-Hellman assumption.
△ Less
Submitted 23 May, 2021; v1 submitted 18 August, 2020;
originally announced August 2020.
-
Certificate and Signature Free Anonymity for V2V Communications
Authors:
Vipin Singh Sehrawat,
Yogendra Shah,
Vinod Kumar Choyi,
Alec Brusilovsky,
Samir Ferdi
Abstract:
Anonymity is a desirable feature for vehicle-to-vehicle (V2V) communications, but it conflicts with other requirements such as non-repudiation and revocation. Existing, pseudonym-based V2V communications schemes rely on certificate generation and signature verification. These schemes require cumbersome key management, frequent updating of certificate chains and other costly procedures such as cryp…
▽ More
Anonymity is a desirable feature for vehicle-to-vehicle (V2V) communications, but it conflicts with other requirements such as non-repudiation and revocation. Existing, pseudonym-based V2V communications schemes rely on certificate generation and signature verification. These schemes require cumbersome key management, frequent updating of certificate chains and other costly procedures such as cryptographic pairings. In this paper, we present novel V2V communications schemes, that provide authentication, authorization, anonymity, non-repudiation, replay protection, pseudonym revocation, and forward secrecy without relying on traditional certificate generation and signature verification. Security and privacy of our schemes rely on hard problems in number theory. Furthermore, our schemes guarantee security and privacy in the presence of subsets of colluding malicious parties, provided that the cardinality of such sets is below a fixed threshold.
△ Less
Submitted 16 August, 2020;
originally announced August 2020.
-
Bi-Homomorphic Lattice-Based PRFs and Unidirectional Updatable Encryption
Authors:
Vipin Singh Sehrawat,
Yvo Desmedt
Abstract:
We define a pseudorandom function (PRF) $F: \mathcal{K} \times \mathcal{X} \rightarrow \mathcal{Y}$ to be bi-homomorphic when it is fully Key homomorphic and partially Input Homomorphic (KIH), i.e., given $F(k_1, x_1)$ and $F(k_2, x_2)$, there is an efficient algorithm to compute $F(k_1 \oplus k_2, x_1 \ominus x_2)$, where $\oplus$ and $\ominus$ are (binary) group operations. The homomorphism on t…
▽ More
We define a pseudorandom function (PRF) $F: \mathcal{K} \times \mathcal{X} \rightarrow \mathcal{Y}$ to be bi-homomorphic when it is fully Key homomorphic and partially Input Homomorphic (KIH), i.e., given $F(k_1, x_1)$ and $F(k_2, x_2)$, there is an efficient algorithm to compute $F(k_1 \oplus k_2, x_1 \ominus x_2)$, where $\oplus$ and $\ominus$ are (binary) group operations. The homomorphism on the input is restricted to a fixed subset of the input bits, i.e., $\ominus$ operates on some pre-decided $m$-out-of-$n$ bits, where $|x_1| = |x_2| = n$, and the remaining $n-m$ bits are identical in both inputs. In addition, the output length, $\ell$, of the operator $\ominus$ is not fixed and is defined as $n \leq \ell \leq 2n$, hence leading to Homomorphically induced Variable input Length (HVL) as $n \leq |x_1 \ominus x_2| \leq 2n$. We present a learning with errors (LWE) based construction for a HVL-KIH-PRF family. Our construction is inspired by the key homomorphic PRF construction due to Banerjee and Peikert (Crypto 2014).
An updatable encryption scheme allows rotations of the encryption key, i.e., moving existing ciphertexts from old to new key. These updates are carried out via \emph{update tokens}, which can be used by an untrusted party since the update procedure does not involve decryption of the ciphertext. We use our novel PRF family to construct an updatable encryption scheme, named QPC-UE-UU, which is quantum-safe, post-compromise secure and supports unidirectional ciphertext updates, i.e., the update tokens can be used to perform ciphertext updates but they cannot be used to undo already completed updates. Our PRF family also leads to the first left/right key homomorphic constrained-PRF family with HVL.
△ Less
Submitted 21 August, 2020; v1 submitted 23 August, 2019;
originally announced August 2019.