PPE Circuits for Rational Polynomials
Pages 2738 - 2757
Abstract
Pairings are a powerful algebraic setting for realizing cryptographic functionalities. One challenge for cryptographers who design pairing systems is that the complexity of many systems in terms of the number of group elements and equations to verify has been steadily increasing over the past decade and is approaching the point of being unwieldy. To combat this challenge, multiple independent works have utilized computers to help with the system design. One common design task that researchers seek to automate is summarized as follows: given a description of a set of trusted elements T (e.g., a public key) and a set of untrusted elements U (e.g., a signature), automatically generate an algorithm that verifies U with respect to T using the pairing and group operations. To date, none of the prior automation works for this task have support for solutions with rational polynomials in the exponents despite many pairing constructions employing them (e.g., Boneh-Boyen signatures, Gentry's IBE, Dodis-Yampolskiy VRF). We demonstrate how to support this essential class of pairing systems for automated exploration. Specifically, we present a solution for automatically generating a verification algorithm with novel support for rational polynomials. The class of verification algorithms we consider in this work is called PPE Circuits (introduced in [HVW20]). Intuitively, a PPE Circuit is a circuit supporting pairing and group operations, which can test whether a set of elements U verifies with respect to a set of elements T. We provide a formalization of the problem, an algorithm for searching for a PPE Circuit supporting rational polynomials, a software implementation, and a detailed performance evaluation. Our implementation was tested on over three dozen schemes, including over ten test cases that our tool can handle, but prior tools could not. For all test cases where a PPE Circuit exists, the tool produced a solution in three minutes or less.
References
[1]
Masayuki Abe, Melissa Chase, Bernardo David, Markulf Kohlweiss, Ryo Nishimaki, and Miyako Ohkubo. 2012a. Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions. Cryptology ePrint Archive, Report 2012/285. https://eprint.iacr.org/2012/285 .
[2]
Masayuki Abe, Melissa Chase, Bernardo David, Markulf Kohlweiss, Ryo Nishimaki, and Miyako Ohkubo. 2012b. Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions. In ASIACRYPT.
[3]
Masayuki Abe, Jens Groth, Miyako Ohkubo, and Takeya Tango. 2014a. Converting Cryptographic Schemes from Symmetric to Asymmetric Bilinear Groups. In Advances in Cryptology - CRYPTO. Springer, 241--260.
[4]
Masayuki Abe, Jens Groth, Miyako Ohkubo, and Mehdi Tibouchi. 2014b. Structure-Preserving Signatures from Type II Pairings. In Advances in Cryptology - CRYPTO 2014. 390--407.
[5]
Masayuki Abe, Fumitaka Hoshino, and Miyako Ohkubo. 2016. Design in Type-I, Run in Type-III: Fast and Scalable Bilinear-Type Conversion Using Integer Programming. In Advances in Cryptology - CRYPTO. Springer, 387--415.
[6]
Joseph A. Akinyele, Gilles Barthe, Benjamin Gr� goire, Benedikt Schmidt, and Pierre-Yves Strub. 2014a. Certified Synthesis of Efficient Batch Verifiers. In IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society, 153--165.
[7]
Joseph A. Akinyele, Christina Garman, and Susan Hohenberger. 2015. Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes. In ACM SIGSAC Conference on Computer and Communications Security. ACM, 1370--1381.
[8]
Joseph A. Akinyele, Matthew Green, and Susan Hohenberger. 2013. Using SMT solvers to automate design tasks for encryption and signature schemes. In ACM SIGSAC Conference on Computer and Communications Security. ACM, 399--410.
[9]
Joseph A. Akinyele, Matthew Green, Susan Hohenberger, and Matthew W. Pagano. 2012. Machine-generated algorithms, proofs and software for the batch verification of digital signature schemes. In the ACM Conference on Computer and Communications Security. ACM, 474--487.
[10]
Joseph A. Akinyele, Matthew Green, Susan Hohenberger, and Matthew W. Pagano. 2014b. Machine-generated algorithms, proofs and software for the batch verification of digital signature schemes. Journal of Computer Security, Vol. 22, 6 (2014), 867--912.
[11]
Jos� Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Matthew Campagna, Ernie Cohen, Benjamin Gr� goire, Vitor Pereira, Bernardo Portela, Pierre-Yves Strub, and Serdar Tasiran. 2019 a. A Machine-Checked Proof of Security for AWS Key Management Service. In CCS. 63--78.
[12]
Jos� Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Francois Dupressoir, Benjamin Gr� goire, Vincent Laporte, and Vitor Pereira. 2017. A Fast and Verified Software Stack for Secure Function Evaluation. In CCS 2017 .
[13]
Jos� Bacelar Almeida, Cecile Baritel-Ruet, Manuel Barbosa, Gilles Barthe, Francois Dupressoir, Benjamin Gr� goire, Vincent Laporte, Tiago Oliveira, Alley Stoughton, and Pierre-Yves Strub. 2019 b. Machine-Checked Proofs for Cryptographic Standards: Indifferentiability of Sponge and Secure High-Assurance Implementations of SHA-3. In CCS. 1607--1622.
[14]
Miguel Ambrona, Gilles Barthe, Romain Gay, and Hoeteck Wee. 2017. Attribute-Based Encryption in the Generic Group Model: Automated Proofs and New Constructions. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 647--664.
[15]
Miguel Ambrona, Gilles Barthe, and Benedikt Schmidt. 2016. Automated Unbounded Analysis of Cryptographic Constructions in the Generic Group Model. In Advances in Cryptology - EUROCRYPT. Springer, 822--851.
[16]
Manuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, and Bryan Parno. 2019. SoK: Computer-Aided Cryptography. Cryptology ePrint Archive, Report 2019/1393. https://eprint.iacr.org/2019/1393 .
[17]
Gilles Barthe, Juan Manuel Crespo, Yassine Lakhnech, and Benedikt Schmidt. 2015a. Mind the Gap: Modular Machine-Checked Proofs of One-Round Key Exchange Protocols. In Advances in Cryptology - EUROCRYPT. Springer, 689--718.
[18]
Gilles Barthe, Francois Dupressoir, Benjamin Gregoire, Alley Stoughton, and Pierre-Yves Strub. 2018a. EasyCrypt: Computer-Aided Cryptographic Proofs. https://www.easycrypt.info/trac/.
[19]
Gilles Barthe, Edvard Fagerholm, Dario Fiore, John C. Mitchell, Andre Scedrov, and Benedikt Schmidt. 2014. Automated Analysis of Cryptographic Assumptions in Generic Group Models. In Advances in Cryptology - CRYPTO. Springer, 95--112.
[20]
Gilles Barthe, Edvard Fagerholm, Dario Fiore, Andre Scedrov, Benedikt Schmidt, and Mehdi Tibouchi. 2015b. Strongly-Optimal Structure Preserving Signatures from Type II Pairings: Synthesis and Lower Bounds. In Public-Key Cryptography - PKC. 355--376.
[21]
Gilles Barthe, Xiong Fan, Joshua Gancher, Benjamin Gr�goire, Charlie Jacomme, and Elaine Shi. 2018b. Symbolic Proofs for Lattice-Based Cryptography. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS. ACM, 538--555.
[22]
Gilles Barthe, Benjamin Gr�goire, and Santiago Zanella B�guelin. 2009. Formal certification of code-based cryptographic proofs. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 90--101.
[23]
Gilles Barthe, Benjamin Gr� goire, and Benedikt Schmidt. 2015c. Automated Proofs of Pairing-Based Cryptography. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1156--1168.
[24]
Bruno Blanchet. 2006. A Computationally Sound Mechanized Prover for Security Protocols. In 2006 IEEE Symposium on Security and Privacy. IEEE Computer Society, 140--154.
[25]
Dan Boneh and Xavier Boyen. 2004 a. Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. In Advances in Cryptology - EUROCRYPT. Springer, 223--238.
[26]
Dan Boneh and Xavier Boyen. 2004 b. Secure Identity Based Encryption Without Random Oracles. In CRYPTO. Springer, 443--459.
[27]
Dan Boneh and Xavier Boyen. 2004 c. Short Signatures Without Random Oracles. In EUROCRYPT.
[28]
Dan Boneh, Xavier Boyen, and Eu-Jin Goh. 2005. Hierarchical Identity Based Encryption with Constant Size Ciphertext. In Advances in Cryptology - EUROCRYPT 2005. 440--456.
[29]
Dan Boneh and Matthew K. Franklin. 2001. Identity-Based Encryption from the Weil Pairing. In Advances in Cryptology - CRYPTO. Springer, 213--229.
[30]
Dan Boneh, Ben Lynn, and Hovav Shacham. 2001. Short Signatures from the Weil Pairing. In ASIACRYPT. Springer, 514--532.
[31]
Xavier Boyen and Brent Waters. 2006 a. Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles). In Advances in Cryptology - CRYPTO. Springer, 290--307.
[32]
Xavier Boyen and Brent Waters. 2006 b. Compact Group Signatures Without Random Oracles. In Advances in Cryptology - EUROCRYPT 2006. 427--444.
[33]
Jan Camenisch and Anna Lysyanskaya. 2004. Signature Schemes and Anonymous Credentials from Bilinear Maps. In Advances in Cryptology - CRYPTO. Springer, 56--72.
[34]
Ran Canetti, Alley Stoughton, and Mayank Varia. 2019. EasyUC: Using EasyCrypt to Mechanize Proofs of Universally Composable Security. In IEEE Computer Security Foundations Symposium, CSF 2019.
[35]
Yevgeniy Dodis. 2003. Efficient Construction of (Distributed) Verifiable Random Functions. In Public Key Cryptography - PKC. Springer, 1--17.
[36]
Yevgeniy Dodis and Aleksandr Yampolskiy. 2005. A Verifiable Random Function with Short Proofs and Keys. In Proceedings of the 8th International Conference on Theory and Practice in Public Key Cryptography (PKC'05).
[37]
Craig Gentry. 2006 a. Practical Identity-Based Encryption Without Random Oracles. In EUROCRYPT. Springer.
[38]
Craig Gentry. 2006 b. Practical Identity-Based Encryption Without Random Oracles. In Advances in Cryptology - EUROCRYPT. Springer, 445--464.
[39]
Craig Gentry and Alice Silverberg. 2002. Hierarchical ID-Based Cryptography. In Advances in Cryptology - ASIACRYPT. Springer, 548--566.
[40]
Vipul Goyal. 2007. Reducing Trust in the PKG in Identity Based Cryptosystems. In Advances in Cryptology - CRYPTO. Springer, 430--447.
[41]
Vipul Goyal, Steve Lu, Amit Sahai, and Brent Waters. 2008. Black-box accountable authority identity-based encryption. In Proceedings of the 2008 ACM Conference on Computer and Communications Security. ACM, 427--436.
[42]
Matthew Green and Susan Hohenberger. 2007. Blind Identity-Based Encryption and Simulatable Oblivious Transfer. In Advances in Cryptology - ASIACRYPT. Springer, 265--282.
[43]
Jens Groth and Amit Sahai. 2008. Efficient non-interactive proof systems for bilinear groups. In EUROCRYPT. Springer, 415--432.
[44]
Helene Haagh, Aleksandr Karbyshev, Sabine Oechsner, Bas Spitters, and Pierre-Yves Strub. 2018. Computer-Aided Proofs for Multiparty Computation with Active Security. In IEEE Computer Security Foundations Symposium, CSF 2018.
[45]
Viet Tung Hoang, Jonathan Katz, and Alex J. Malozemoff. 2015. Automated Analysis and Synthesis of Authenticated Encryption Schemes. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 84--95.
[46]
Susan Hohenberger and Satyanarayana Vusirikala. 2019. Are These Pairing Elements Correct? Automated Verification and Applications. In ACM Conference on Computer and Communications Security.
[47]
Susan Hohenberger, Satyanarayana Vusirikala, and Brent Waters. 2020. PPE Circuits: Formal Definition to Software Automation. In ACM Conference on Computer and Communications Security.
[48]
Tibor Jager. 2015. Verifiable Random Functions from Weaker Assumptions. In Theory of Cryptography - 12th Theory of Cryptography Conference, TCC. Springer, 121--143.
[49]
Duc-Phong Le and Alban Gabillon. 2007. A New Multisignature Scheme based on Strong Diffie-Hellman Assumption. In Conference on security in network architecture and information systems.
[50]
Anna Lysyanskaya. 2002. Unique Signatures and Verifiable Random Functions from the DH-DDH Separation. In Advances in Cryptology - CRYPTO. Springer, 597--612.
[51]
Alex J. Malozemoff, Jonathan Katz, and Matthew D. Green. 2014. Automated Analysis and Synthesis of Block-Cipher Modes of Operation. In IEEE 27th Computer Security Foundations Symposium. IEEE Computer Society, 140--152.
[52]
Roberto Metere and Changyu Dong. 2017. Automated Cryptographic Analysis of the Pedersen Commitment Scheme. In MMM-ACNS 2017.
[53]
David Naccache. 2005. Secure and Practical Identity-Based Encryption. IACR Cryptology ePrint Archive (2005). http://eprint.iacr.org/2005/369
[54]
Yannis Rouselakis and Brent Waters. 2013. Practical constructions and new proof methods for large universe attribute-based encryption. In 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS. ACM, 463--474.
[55]
Eftychios Theodorakis and John C. Mitchell. 2018. Semantic Security Invariance under Variant Computational Assumptions. IACR Cryptol. ePrint Arch., Vol. 2018 (2018), 51. http://eprint.iacr.org/2018/051
[56]
Brent Waters. 2005. Efficient Identity-Based Encryption Without Random Oracles. In EUROCRYPT. Springer, 114--127.
[57]
Brent Waters. 2009. Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions. In CRYPTO. Springer, 619--636.
Index Terms
- PPE Circuits for Rational Polynomials
Recommendations
PPE Circuits: Formal Definition to Software Automation
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications SecurityPairing-based cryptography is widely used for its efficiency and functionality. When designing pairing-based schemes, one common task is to devise algorithms for verifying a set of untrusted group elements with respect to a set of trusted group ...
Towards provably secure proxy signature scheme based on Isomorphisms of Polynomials
Proxy signatures are important cryptosystems that are widely adopted in different applications. Most of the proxy signature schemes so far are based on the hardness of integer factoring, discrete logarithm, and/or elliptic curve. However, Peter Shor ...
Efficient Selective Identity-Based Encryption Without�Random Oracles
We construct two efficient Identity-Based Encryption (IBE) systems that admit selective-identity security reductions without random oracles in groups equipped with a bilinear map. Selective-identity secure IBE is a slightly weaker security model than ...
Comments
Information & Contributors
Information
Published In
November 2021
3558 pages
ISBN:9781450384544
DOI:10.1145/3460120
- General Chairs:
- Yongdae Kim,
- Jong Kim,
- Program Chairs:
- Giovanni Vigna,
- Elaine Shi
Copyright � 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 November 2021
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Office of Naval Research
- Packard Foundation
- UT Austin Provost Fellowship
- National Science Foundation
Conference
CCS '21
Sponsor:
CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security
November 15 - 19, 2021
Virtual Event, Republic of Korea
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 246Total Downloads
- Downloads (Last 12 months)99
- Downloads (Last 6 weeks)22
Reflects downloads up to 22 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in