报告1题目:More Efficient Zero-Knowledge Protocols over ℤ_{2^k} via Galois Rings
报告1时间:5月18号上午9:30-10:30
报告1地点:学院101会议室
报告1摘要:A recent line of works on zero-knowledge (ZK) protocols with a vector oblivious linear function evaluation (VOLE)-based offline phase provides a new paradigm for scalable ZK protocols featuring fast proving and small prover memory. Very recently, Baum et al. (Crypto’23) proposed the VOLE-in-the-head technique, allowing such protocols to become publicly verifiable. Many practically efficient protocols for proving circuit satisfiability over any Galois field are implemented, while protocols over rings ℤ_{2^k} are significantly lagging behind, with only a proof-of-concept pioneering work called Appenzeller to Brie (CCS’21) and a first proposal called Mozℤ_{2^k}arella (Crypto’22). The ring ℤ_{2^{32}} or ℤ_{2^{64}} , though highly important (it captures computation in real-life programming and the computer architectures such as CPU words), presents non-trivial difficulties because, for example, unlike Galois fields F_{2^k} , the fraction of units in ℤ_{2^k} is 1/2. In this work, we first construct ZK protocols over a high degree Galois ring extension of ℤ_{2^k} (fraction of units close to 1) and then convert them to ℤ_{2^k} efficiently using amortization techniques. Our results greatly change the landscape of ZK protocols over ℤ_{2^k}.
(1) We propose a competing ZK protocol that has many advantages over the state-of-the-art Mozℤ_{2^k} are lla. We remove the undesirable dependence of communication complexity on the security parameter, and achieve (strict) linear communication complexity. Furthermore, our protocol has better concrete efficiency. For 40, 80 bits soundness on 32, 64-bit CPUs, we offer 1.15×–2.9× improvements in communication.
(2) Inspired by the recently proposed interactive message authentication code technique (Weng et al., CCS’22), we construct a constant round ZK protocol over ℤ_{2^k} with sublinear (in the circuit size) communication complexity, which was previously achieved only over fields.
(3) We adapt the VOLE-in-the-head technique, and apply it to our first ZK protocol, yielding the first publicly verifiable non-interactive ZK over ℤ_{2^k} with linear communication complexity. Also, we show that the pseudorandom correlation generator approach (incompatible with VOLE-in-the-head) can be adapted to efficiently implement VOLE over Galois rings, with analysis of the hardness of underlying assumptions.
报告人1:林富春,现为上海交通大学助理研究员,博士毕业于新加坡南洋理工大学(Nanyang Technological University),先后在加拿大卡尔加里大学(University of Calgary)和英国帝国理工学院(Imperial College London)从事博士后研究,在编码与密码领域取得一系列重要成果:(1)基于代数格的安全编码和密码方面成果在信息论顶级期刊《IEEE Trans. Information Theory》、《中国科学》等国内外学术期刊发表;(2)基于代数编码的安全编码和密码协议方面成果在“四大安全顶会”之一的CCS、INFOCOM等国际学术会议发表;(3)秘密共享与安全多方计算方面成果在“三大密码会”的Crypto、ASIACRYPT、ITCS、ITC等国际学术会议发表。参与编写由国际CRC出版社出版的《Physical Layer Security in Wireless Communications》著作,主要负责“Coding for wiretap channels”部分编写;担任FOCS、EUROCRYPT、ASIACRYPT、IEEE Trans. IT等编码与密码领域著名国际学术会议或期刊的审稿人。
报告2题目:Generic Construction of Trace-and-Revoke Inner Product Functional Encryption
报告2时间:5月18号上午10:30-11:30
报告2地点:学院101会议室
报告2内容简介:叛逆者追踪(traitor tracing)系统是一种多接收方加密,允许权威机构或任意方(在公共可追踪性的情况下)识别出合谋创建了盗版解码器的恶意用户(叛逆者)。 跟踪和撤销(trace-and-revoke)系统是叛逆者跟踪系统的扩展,其中,存在一个用户撤销机制,用来撤销用户(例如,叛逆者)的解密能力。追踪和撤销系统在广播加密(BE)、基于身份加密(IBE)和基于属性加密(ABE)下得到了广泛的研究,但在函数加密(FE)下研究较少。 本报告将介绍我们构造的一个可追踪和可撤销内积函数加密通用性方案,该工作发表在ESORICS 2022。
报告人2:罗富财,现为浙江工商大学副研究员。主要从事公钥密码、格密码、全同态加密以及可证明安全理论的基础理论和应用研究。在CCF 推荐会议和期刊上以第一作者身份发表近20篇论文,包括 IEEE Transactions on Information Forensics and Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Mobile Computing, Designs, Codes and Cryptography,Theoretical Computer Science, The Computer Journal, ESORICS 2022。主持一项国家自然科学基金青年项目。