Periodic Reporting for period 4 - FAFC (Foundations and Applications of Functional Cryptography)
Okres sprawozdawczy: 2021-08-01 do 2023-01-31
The Foundations and Applications of Functional Cryptography (FAFC) project aimed at making substantial progress toward realizing the premise of functional cryptography. By tackling challenging key problems in both the foundations and the applications of functional cryptography, we directed the majority of our effort toward addressing the following three fundamental objectives, which span a broad and interdisciplinary flavor of research directions: (1) Obtain a better understanding of functional cryptography's building blocks, (2) develop functional cryptographic tools and schemes based on well-studied assumptions, and (3) increase the usability of functional cryptographic systems via algorithmic techniques.
Realizing the premise of functional cryptography is of utmost importance not only to the development of modern cryptography, but in fact to our entire technological development, where fine-grained access to sensitive data plays an instrumental role. Moreover, our objectives are results have been tightly related to two of the most fundamental open problems in cryptography: Basing cryptography on widely-believed worst-case complexity assumptions, and basing public-key cryptography on private-key primitives. The results obtained as part of the FAFC project made substantial progress toward achieving the project’s challenging objectives, and have shed new light on these key problems. We strongly believe that the results obtained as part of the FAFC project will encourage additional follow-up research on our objectives and tightly related ones, and thus have a significant impact on our understanding of modern cryptography.
In particular, we view our work on the Minicrypt vs. Obfustopia problem, our work on out-of-band authentication, and our work on tight tradeoffs in searchable symmetric encryption, to be the most significant achievements in this project (covering each of the project’s three main objectives). The following paragraphs exemplify the flavor of our research within this project by providing a high-level overview of our achievements in each of these research directions.
From Minicrypt to Obfustopia via Private-Key Functional Encryption:
Private-key functional encryption enables fine-grained access to symmetrically-encrypted data. Although private-key functional encryption (supporting an unbounded number of keys and ciphertexts) seems significantly weaker than its public-key variant, its known realizations all rely on public-key functional encryption. At the same time, however, up until recently it was not known to imply any public-key primitive, demonstrating our poor understanding of this primitive. We show that quasi-polynomially secure private-key functional encryption bridges from sub-exponential security in Minicrypt all the way to Cryptomania, settling one of the main open problems in this line of research.
Out-of-Band Authenticated Group Key Exchange:
Detecting man-in-the-middle attacks during the initial generation of shared secrets is a major challenge that arises in many communication platforms offering end-to-end encrypted messaging, audio or video calls. Given the inherent ad-hoc nature of many of these popular platforms, out-of-band authenticated key-exchange protocols are widely deployed in the user-to-user setting. Such protocols enable two users to establish shared secrets while detecting man-in-the-middle attacks by employing an external channel through which users can manually authenticate one short value.
We initiate the study of out-of-band authentication in the group setting, and establish a tight tradeoff between the length of the out-of-band value (which is a crucial bottleneck, as the out-of-band channel is of low bandwidth) and the probability that a man-in-the-middle attack is undetected. We present both computationally and statistically secure protocols together with matching lower bounds. Moreover, the length of the out-of-band value in our computationally-secure protocol is nearly independent of the group size, and instantiating it in the random-oracle model yields a practically-relevant protocol.
Tight Tradeoffs in Searchable Symmetric Encryption:
We establish tight bounds on the tradeoff between the space overhead, locality, and read efficiency of Searchable Symmetric Encryption (SSE) schemes within two general frameworks that capture the memory access pattern underlying all existing schemes. First, we introduce the “pad-and-split” framework, refining that of Cash and Tessaro while still capturing the same existing schemes. Within our framework, we significantly strengthen their lower bound to match the tradeoff provided by the scheme of Demertzis and Papamanthou (SIGMOD '17) which is captured by our pad-and-split framework. Then, within the “statistical-independence” framework of Asharov et al., we show that their lower bound is essentially tight, settling a fundamental open problem in this area.