PhD Dissertation Proposal: Ojaswi Acharya, Practical Advances in Modern Cryptographic Primitives
Content
Speaker:
Abstract:
Modern cryptographic primitives have evolved from supporting basic functionalities to more advanced functionalities, and such schemes are now getting more practical. In this thesis, we identify and rectify some remaining limitations of such cryptographic constructions and their proofs of security. Specifically, we work with functional encryption, secure aggregation, and threshold signature schemes, and observe key functional or security limitations in existing prior work.
Our first focus is the primitive of functional encryption, which enables the evaluation of a function on the underlying messages from their ciphertexts using a functional secret key. This primitive, however, does not address the need to evaluate a specific function of the underlying messages directly on ciphertexts without any secret key. Here, a different primitive, named function-revealing encryption (FRE), is desired, which allows one to compute a fixed function of the underlying messages using their ciphertexts only. For machine learning and information retrieval applications, it is particularly necessary to compute pairwise inner products of encrypted vectors. Thus, we construct an inner-product FRE scheme and prove its security in the generic bilinear group model. Along the way, we also construct an inner-product FE scheme that is more efficient than prior such schemes, and analyze the relationship between FE and FRE.
Our second contribution considers secure aggregation, a classic problem that has numerous applications in privacy preserving machine learning and analytics. The secure aggregation problem consists of many clients that contribute data and a server that aggregates client data without learning any individual client’s data. Existing practical protocols for secure aggregation have multiple rounds of interaction between clients and the server. While there exist some non-interactive protocols, they rely on heavyweight cryptographic primitives like fully homomorphic encryption and thus are not practical. We propose a practical and non-interactive secure aggregation protocol using a novel combination of an inner-product functional encryption scheme and a fully-linear probabilistically checkable proof (FLPCP) system. For this protocol, we use an existing FLPCP system [BBCGI’19] that we prove satisfies soundness and zero-knowledge properties even when reused for multiple proof instances.
Finally, we address a pressing open question: achieving fully adaptive security for the Sparkle+ [CKM’23] threshold signature scheme. Threshold signature schemes are digital signature schemes that require a threshold number of signers to provide partial signatures on the same message to produce a valid signature on it. Fully adaptive security means a valid signature cannot be produced by an adversary even when it may corrupt up to t-1 signers and observe other valid signatures, where t is the threshold needed for a valid signature. While Sparkle+ has been proven secure for a predetermined set of corrupt signers and a limited adaptively chosen set of corrupt signers, a previous proof of fully adaptive security has been shown incorrect. We propose a novel hardness assumption under which Sparkle+ satisfies this security notion and even has a tight reduction that supports the desired key-length in practice. We aim to establish the hardness of this assumption in the elliptic-curve generic-group model.
Our contributions close important gaps in prior work and push advanced cryptographic primitives closer to practice.
Advisor:
Adam O'Neill