Periodic Reporting for period 4 - FAFC (Foundations and Applications of Functional Cryptography)
Período documentado: 2021-08-01 hasta 2023-01-31
Modern cryptography has successfully followed an "all-or-nothing" design paradigm over the years. For example, the most fundamental task of data encryption requires that encrypted data be fully recoverable using the encryption key, but be completely useless without it. Nowadays, however, this paradigm is insufficient for a wide variety of evolving applications, and a more subtle approach is urgently needed. This has motivated the cryptography community to put forward a vision of "functional cryptography": Designing cryptographic primitives that allow fine-grained access to sensitive data.
The Foundations and Applications of Functional Cryptography (FAFC) project aimed at making substantial progress toward realizing the premise of functional cryptography. By tackling challenging key problems in both the foundations and the applications of functional cryptography, we directed the majority of our effort toward addressing the following three fundamental objectives, which span a broad and interdisciplinary flavor of research directions: (1) Obtain a better understanding of functional cryptography's building blocks, (2) develop functional cryptographic tools and schemes based on well-studied assumptions, and (3) increase the usability of functional cryptographic systems via algorithmic techniques.
Realizing the premise of functional cryptography is of utmost importance not only to the development of modern cryptography, but in fact to our entire technological development, where fine-grained access to sensitive data plays an instrumental role. Moreover, our objectives are results have been tightly related to two of the most fundamental open problems in cryptography: Basing cryptography on widely-believed worst-case complexity assumptions, and basing public-key cryptography on private-key primitives. The results obtained as part of the FAFC project made substantial progress toward achieving the project’s challenging objectives, and have shed new light on these key problems. We strongly believe that the results obtained as part of the FAFC project will encourage additional follow-up research on our objectives and tightly related ones, and thus have a significant impact on our understanding of modern cryptography.
The Foundations and Applications of Functional Cryptography (FAFC) project aimed at making substantial progress toward realizing the premise of functional cryptography. By tackling challenging key problems in both the foundations and the applications of functional cryptography, we directed the majority of our effort toward addressing the following three fundamental objectives, which span a broad and interdisciplinary flavor of research directions: (1) Obtain a better understanding of functional cryptography's building blocks, (2) develop functional cryptographic tools and schemes based on well-studied assumptions, and (3) increase the usability of functional cryptographic systems via algorithmic techniques.
Realizing the premise of functional cryptography is of utmost importance not only to the development of modern cryptography, but in fact to our entire technological development, where fine-grained access to sensitive data plays an instrumental role. Moreover, our objectives are results have been tightly related to two of the most fundamental open problems in cryptography: Basing cryptography on widely-believed worst-case complexity assumptions, and basing public-key cryptography on private-key primitives. The results obtained as part of the FAFC project made substantial progress toward achieving the project’s challenging objectives, and have shed new light on these key problems. We strongly believe that the results obtained as part of the FAFC project will encourage additional follow-up research on our objectives and tightly related ones, and thus have a significant impact on our understanding of modern cryptography.
At the beginning of the FAFC project, the cryptography community was still rather far from realizing the functional cryptography vision. We argued that the landscape of our current knowledge in this area must urgently change. During the lifetime of the FAFC project, we gained substantial progress toward each of our three main objectives, enabling the cryptographic community to better understand functional cryptography. Our results have been published in top conferences and journals (most notably, in the flagship conferences of the International Association for Cryptologic Research), and have already led to follow-up work by leading researchers in the cryptography community.
In particular, we view our work on the Minicrypt vs. Obfustopia problem, our work on out-of-band authentication, and our work on tight tradeoffs in searchable symmetric encryption, to be the most significant achievements in this project (covering each of the project’s three main objectives). The following paragraphs exemplify the flavor of our research within this project by providing a high-level overview of our achievements in each of these research directions.
From Minicrypt to Obfustopia via Private-Key Functional Encryption:
Private-key functional encryption enables fine-grained access to symmetrically-encrypted data. Although private-key functional encryption (supporting an unbounded number of keys and ciphertexts) seems significantly weaker than its public-key variant, its known realizations all rely on public-key functional encryption. At the same time, however, up until recently it was not known to imply any public-key primitive, demonstrating our poor understanding of this primitive. We show that quasi-polynomially secure private-key functional encryption bridges from sub-exponential security in Minicrypt all the way to Cryptomania, settling one of the main open problems in this line of research.
Out-of-Band Authenticated Group Key Exchange:
Detecting man-in-the-middle attacks during the initial generation of shared secrets is a major challenge that arises in many communication platforms offering end-to-end encrypted messaging, audio or video calls. Given the inherent ad-hoc nature of many of these popular platforms, out-of-band authenticated key-exchange protocols are widely deployed in the user-to-user setting. Such protocols enable two users to establish shared secrets while detecting man-in-the-middle attacks by employing an external channel through which users can manually authenticate one short value.
We initiate the study of out-of-band authentication in the group setting, and establish a tight tradeoff between the length of the out-of-band value (which is a crucial bottleneck, as the out-of-band channel is of low bandwidth) and the probability that a man-in-the-middle attack is undetected. We present both computationally and statistically secure protocols together with matching lower bounds. Moreover, the length of the out-of-band value in our computationally-secure protocol is nearly independent of the group size, and instantiating it in the random-oracle model yields a practically-relevant protocol.
Tight Tradeoffs in Searchable Symmetric Encryption:
We establish tight bounds on the tradeoff between the space overhead, locality, and read efficiency of Searchable Symmetric Encryption (SSE) schemes within two general frameworks that capture the memory access pattern underlying all existing schemes. First, we introduce the “pad-and-split” framework, refining that of Cash and Tessaro while still capturing the same existing schemes. Within our framework, we significantly strengthen their lower bound to match the tradeoff provided by the scheme of Demertzis and Papamanthou (SIGMOD '17) which is captured by our pad-and-split framework. Then, within the “statistical-independence” framework of Asharov et al., we show that their lower bound is essentially tight, settling a fundamental open problem in this area.
In particular, we view our work on the Minicrypt vs. Obfustopia problem, our work on out-of-band authentication, and our work on tight tradeoffs in searchable symmetric encryption, to be the most significant achievements in this project (covering each of the project’s three main objectives). The following paragraphs exemplify the flavor of our research within this project by providing a high-level overview of our achievements in each of these research directions.
From Minicrypt to Obfustopia via Private-Key Functional Encryption:
Private-key functional encryption enables fine-grained access to symmetrically-encrypted data. Although private-key functional encryption (supporting an unbounded number of keys and ciphertexts) seems significantly weaker than its public-key variant, its known realizations all rely on public-key functional encryption. At the same time, however, up until recently it was not known to imply any public-key primitive, demonstrating our poor understanding of this primitive. We show that quasi-polynomially secure private-key functional encryption bridges from sub-exponential security in Minicrypt all the way to Cryptomania, settling one of the main open problems in this line of research.
Out-of-Band Authenticated Group Key Exchange:
Detecting man-in-the-middle attacks during the initial generation of shared secrets is a major challenge that arises in many communication platforms offering end-to-end encrypted messaging, audio or video calls. Given the inherent ad-hoc nature of many of these popular platforms, out-of-band authenticated key-exchange protocols are widely deployed in the user-to-user setting. Such protocols enable two users to establish shared secrets while detecting man-in-the-middle attacks by employing an external channel through which users can manually authenticate one short value.
We initiate the study of out-of-band authentication in the group setting, and establish a tight tradeoff between the length of the out-of-band value (which is a crucial bottleneck, as the out-of-band channel is of low bandwidth) and the probability that a man-in-the-middle attack is undetected. We present both computationally and statistically secure protocols together with matching lower bounds. Moreover, the length of the out-of-band value in our computationally-secure protocol is nearly independent of the group size, and instantiating it in the random-oracle model yields a practically-relevant protocol.
Tight Tradeoffs in Searchable Symmetric Encryption:
We establish tight bounds on the tradeoff between the space overhead, locality, and read efficiency of Searchable Symmetric Encryption (SSE) schemes within two general frameworks that capture the memory access pattern underlying all existing schemes. First, we introduce the “pad-and-split” framework, refining that of Cash and Tessaro while still capturing the same existing schemes. Within our framework, we significantly strengthen their lower bound to match the tradeoff provided by the scheme of Demertzis and Papamanthou (SIGMOD '17) which is captured by our pad-and-split framework. Then, within the “statistical-independence” framework of Asharov et al., we show that their lower bound is essentially tight, settling a fundamental open problem in this area.
Each of the main results achieved as part of the FAFC project has advanced the field of cryptography beyond state-of-the-art. In each of our research directions, we either addressed open problems that were either already posed by leading researchers in our community (and remained unsolved until our work) or introduced well-motivated and challenging new problems, and have made progress towards solving them (in some cases, even solved them completely). Our results were published at top-tier cryptography conferences and journals, and have led to follow-up work by leading researchers in the cryptography community.