Learn More
We show how to efficiently compile any given circuit C into a leakage-resistant circuit C' such that any function on the wires of C' that leaks information during a computation C'(x) yields advantage in computing the product of |C'|<sup>&#937;(1)</sup> elements of the alternating group A<sub>u</sub>. In combination with new compression bounds for(More)
In this work, we put forward a new class of polynomial-time attacks on the original multi-linear maps of Garg, Gentry, and Halevi (2013). Previous polynomial-time attacks on GGH13 were " zeroizing " attacks that generally required the availability of low-level encodings of zero. Most significantly, such zeroizing attacks were not applicable to candidate(More)
  • Bruce R Woodley, Jonathan P, Stephen P B O Yd, Antony C F Raser-Smith, Stephen M Rock, Andrew Conway +36 others
  • 2001
ii I certify that I have read this dissertation and that in my opinion it is fully adequate, in scope and quality, as a disser-tation for the degree of Doctor of Philosophy. I certify that I have read this dissertation and that in my opinion it is fully adequate, in scope and quality, as a disser-tation for the degree of Doctor of Philosophy. I certify that(More)
We reduce non-deterministic time T ≥ 2 n to a 3SAT instance φ of quasilinear size |φ| = T · log O(1) T such that there is an explicit circuit C that on input an index i of log |φ| bits outputs the ith clause, and each output bit of C depends on O(1) input bits. The previous best result was C in NC 1. Even in the simpler setting of polynomial size |φ| =(More)
Recently, the work of Garg et al. (FOCS 2013) gave the first candidate general-purpose ob-fuscator. This construction is built upon multilinear maps, also called a graded encoding scheme. Several subsequent works have shown that variants of this obfuscator achieves the highest notion of security (VBB security) against " purely algebraic " attacks, namely(More)
This article takes a new step towards closing the gap between pseudorandom functions (PRF) and their popular, bounded-input-length counterparts. This gap is both quantitative, because these counterparts are more efficient than PRF in various ways, and methodological, because these counterparts usually fit in the substitution-permutation network paradigm(More)
Recent devastating attacks by Cheon et al. [Eurocrypt'15] and others have highlighted significant gaps in our intuition about security in candidate multilinear map schemes, and in candidate obfuscators that use them. The new attacks, and some that were previously known, are typically called " zeroizing " attacks because they all crucially rely on the(More)
All known candidate indistinguishibility obfuscation (iO) schemes rely on candidate multi-linear maps. Until recently, the strongest proofs of security available for iO candidates were in a generic model that only allows " honest " use of the multilinear map. Most notably, in this model the zero-test procedure only reveals whether an encoded element is 0,(More)