[PDF] Top 20 Adaptively Secure Garbled Circuits from One-Way Functions

... selectively secure functional encryption (FE) scheme into an adaptively secure ...allowed functions. This is true even if the selectively secure FE that they start with is ...having ... See full document

... FE from any public-key ...on one-way functions (OWFs), whereas they constructed public-key FE using public-key encryption, (2) we want security for only 2 ciphertexts but many secret keys, ... See full document

... first one is easy to achieve, but it does not really reflect ...selectively secure schemes did not stop even in contexts where adaptively secure schemes are ...all adaptively ... See full document

... for adaptively chosen inputs x from a set S of size at most 2 b(n) , we may repeat the above argument O(b(n)) ...is secure against provers that run in time 2 O(b(n)) (by choosing the security ... See full document

... wires, one corresponding to a 0-bit and the other to a ...the garbled circuit is completely oblivious, as the evaluator does not learn the circuit’s output nor any intermediary results, only random tokens, ... See full document

... aut1 secure scheme obtained via our all-to-all1 transform has long garbled inputs, so the one-time verifiable outsourcing scheme yielded by Theorem 12, while secure, is not ...aut1 ... See full document

... Abstract. Secure two-party computation provides a way for two parties to compute a function, that depends on the two parties’ inputs, while keeping them ...Yao’s garbled circuits ap- pear to ... See full document

... multiparty, adaptively se- cure protocol against honest-but-curious ...and one way functions that are secure against polysize ...round, adaptively secure protocol against ... See full document

... symbolic way. This requires to describe a method to map arbitrary circuits to symbolic expressions, rather than simply providing a single expression or sequence of expressions (as used, for example, in a ... See full document

... Our Objective and Results Our goal is to study adaptive security of constrained PRFs in the standard model. We initiate this exploration with puncturable PRFs, first explicitly introduced in [24] as a specialization of ... See full document

... value from a memory location, we need to have a key hardcoded in the garbled circuits that produces two values for any memory location, one of which is in the garbled ...using ... See full document

... Next, we focus on reducing the exact round complexity of ZKGC style pro- tocols. We propose a three-round protocol. Since neither zero-knowledge proofs nor arguments can be achieved in less than four rounds without ... See full document

... the garbled circuit GC (which, in turn, can reveal S’s ...the one committed to before knowing ...pseudorandom functions) that a malicious sender, via resetting attacks, can not learn this randomness ... See full document

... a secure multilinear map exists, then as a by-product one can easily implement one-round multipartite Diffie-Hellman key exchange and efficient broadcast ...design secure multilinear maps, ... See full document

... derived from the re-keys and re-encryptions issued to the adversary in the security game, and their purpose is to ensure that the adversary does not win the game in a trivial ...reachable from the challenge ... See full document

... repetition of such protocols reduces the soundness error. Bellare, Impagliazzo and Naor [3] show that there are interactive arguments (i.e., computationally- sound) proofs in the Common Reference String (CRS) model, for ... See full document

... using one-way functions [Yao86, ...over circuits that can run the one-way ...garbling circuits that run the OWF internally) and hence the impossibility result of ... See full document

... Currently, the most efficient IBE scheme that is known is due to Jutla and Roy [JR13] (actually a simple variant of their original proposal is the IBE of choice). In this work, we investigate the possibility of ... See full document

... i.e. one which states that if a function f ← F is (s, δ)-hard to invert, then its k-wise repetition f k is (s, δ k )-hard to ...hash functions. The existence of such a family would also follow from a ... See full document

... whether one can take advantage of cloud-based machine learning, and still maintain the privacy of the user’s ...results from a medical study or patient records from a hospital; here, revealing the ... See full document