[Busec] [BUsec] seminar next week Oxana Poburinnaya, BU (Wed 10am)

Foteini Baldimtsi foteini at baldimtsi.com
Fri Nov 27 22:24:38 EST 2015


Hi everyone,

I hope you are having a nice Thanksgiving break. Our BUsec seminar is back
next week. On Wednesday, Oxana Poburinnaya, a PhD student at BUsec, will be
presenting her work on Optimal-Rate Non-Committing Encryption in CRS Model.

See you all on Wednesday at 10am!

Foteini


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


*****

Title: Optimal-Rate Non-Committing Encryption in a CRS Model
Speaker: Oxana Poburinnaya
Hariri
Wednesday Dec. 2nd


Abstract: Non-committing encryption (NCE) was introduced in order to
implement secure channels under adaptive corruptions in situations when
data erasures are not trustworthy. In this work we are trying to optimize
the rate of NCE, i.e. the number of bits one needs to send in order to
transmit a single bit of a plaintext.


In initial constructions (e.g. Canetti, Feige, Goldreich and Naor, STOC 96)
the length of both the receiver message, namely the public key, and the
sender message, namely the ciphertext, is m*poly(k) for an $m$-bit message,
where k is the security parameter. Subsequent works improve efficiency
significantly.

Specifically, the work of Hemenway, Ostrovsky and Rosen (TCC 15) achieves
O(m log m)+poly(k) ciphertext size, under the Phi-hiding assumption. Still,
the public key (which can be used for only a single message) has size m *
poly(k), and thus the protocol requires sending poly(k) bits for each bit
of a plaintext.


We show the first construction of a constant-rate NCE. In fact, our public
key has size only poly(k), and the ciphertext size is m+poly(k), which is
comparable to efficiency of a plain semantically secure encryption. We also
need a common reference string (CRS) of size poly(m*k), but the CRS is
reusable for an arbitrary polynomial number of m-bit messages. We assume
one way functions and indistinguishability obfuscation for circuits.


In addition, our NCE protocol is the first NCE protocol with perfect
correctness.


Joint work with Ran Canetti and Mariana Raykova
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20151127/d9a36e75/attachment.html>


More information about the Busec mailing list