[Busec] [BUsec] tomorrow Oxana Poburinnaya, BU (Wed 10am)

Foteini Baldimtsi foteini at baldimtsi.com
Tue Dec 1 20:40:36 EST 2015


Just a reminder for the BUsec seminar tomorrow at 10am in Hariri.
Oxana Poburinnaya from BU will be presenting her work on Optimal-Rate
Non-Committing Encryption in CRS Model.

Lunch will follow!


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


*****

Title: Optimal-Rate Non-Committing Encryption in a CRS Model
Speaker: Oxana Poburinnaya
Hariri
Wednesday Dec. 2nd


Abstract: Non-committing encryption (NCE) was introduced in order to
implement secure channels under adaptive corruptions in situations when
data erasures are not trustworthy. In this work we are trying to optimize
the rate of NCE, i.e. the number of bits one needs to send in order to
transmit a single bit of a plaintext.


In initial constructions (e.g. Canetti, Feige, Goldreich and Naor, STOC 96)
the length of both the receiver message, namely the public key, and the
sender message, namely the ciphertext, is m*poly(k) for an $m$-bit message,
where k is the security parameter. Subsequent works improve efficiency
significantly.

Specifically, the work of Hemenway, Ostrovsky and Rosen (TCC 15) achieves
O(m log m)+poly(k) ciphertext size, under the Phi-hiding assumption. Still,
the public key (which can be used for only a single message) has size m *
poly(k), and thus the protocol requires sending poly(k) bits for each bit
of a plaintext.


We show the first construction of a constant-rate NCE. In fact, our public
key has size only poly(k), and the ciphertext size is m+poly(k), which is
comparable to efficiency of a plain semantically secure encryption. We also
need a common reference string (CRS) of size poly(m*k), but the CRS is
reusable for an arbitrary polynomial number of m-bit messages. We assume
one way functions and indistinguishability obfuscation for circuits.


In addition, our NCE protocol is the first NCE protocol with perfect
correctness.


Joint work with Ran Canetti and Mariana Raykova
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20151201/2f9c2146/attachment.html>


More information about the Busec mailing list