• PDF / 423,126 Bytes
• 36 Pages / 439.37 x 666.142 pts Page_size
• 80 Downloads / 186 Views

DOWNLOAD

REPORT

MIT, Cambridge, MA, USA {shafi,saleet}@csail.mit.edu 2 Weizmann Institute of Science, Rehovot, Israel 3 Northeastern University, Boston, MA, USA [email protected]

Abstract. We introduce two new cryptographic notions in the realm of public and symmetric key encryption. – Encryption with invisible edits is an encryption scheme with two tiers of users: “privileged” and “unprivileged”. Privileged users know a key pair (pk, sk) and “unprivileged” users know a key pair (pke , ske ) which is associated with an underlying edit e to be applied to messages encrypted. When an unprivileged user attempts to decrypt a ciphertext generated by a privileged user of an underlying plaintext m, it will be decrypted to an edited m = Edit(m, e). Here, Edit is a supported edit function and e is a description of the particular edit. A user shouldn’t be able to tell whether he’s an unprivileged or a privileged user. – An encryption with deniable edits is an encryption scheme which allows a user who owns a ciphertext c encrypting a large corpus of data m under a secret key sk, to generate an alternative but legitimate looking secret key skc,e that decrypts c to an “edited” version of the data m = Edit(m, e). This generalizes classical receiver deniable encryption, which is a special case of deniable edits where the edit function completely replaces the original data. The new flexibility allows to design solutions with much smaller key sizes than required in classical receiver deniable encryption allowing the key size to only scale with the description size of the edit e which can be much smaller than the plaintext data m. We construct encryption schemes with deniable and invisible edits for any polynomial-time computable edit function under minimal assumptions: in the public-key setting we require the existence of standard public-key encryption and in the symmetric-key setting require the existence of oneway functions. The solutions to both problems use common ideas, however there is a significant conceptual difference between deniable edits and invisible edits. Whereas encryption with deniable edits enables a user to modify the meaning of a single ciphertext in hindsight, the goal of encryption with invisible edits is to enable ongoing modifications of multiple ciphertexts.

c International Association for Cryptologic Research 2017  Y. Kalai and L. Reyzin (Eds.): TCC 2017, Part I, LNCS 10677, pp. 305–340, 2017. https://doi.org/10.1007/978-3-319-70500-2_11

306

1

S. Goldwasser et al.

Introduction

In this paper, we introduce two novel cryptographic notions in the realm of public and symmetric key encryption: Encryption with invisible edits (IEdit) and Encryption with deniable edits (DEdit). We construct both asymmetric and symmetric key versions of IEdit and DEdit schemes, under minimal assumptions using the machinery of garbled circuits. In particular, we can get such schemes in the public-key setting using only public key encryption and in the symmetric-key setting using only oneway functions. Our constructions rely on a simple but deli

Recommend Documents

Organic Matter: The Whole Truth and Nothing but the Truth

187 48 14MB

The Concept of Truth

202 73 390KB

Close to the Truth

179 20 216KB

Truth predicates, truth bearers, and their variants

186 62 482KB

The Truth About Happiness

220 96 2MB

Dirac. Beauty Is Truth, Truth Beauty

205 11 6MB

Unifying the Philosophy of Truth

208 24 5MB

The Truth about False Consciousness

193 92 135KB

Ground-Truth

172 35 47MB

Tracing Humor in Edited News Headlines

179 96 8MB

Timeless Truth

191 11 2MB

Serviceology for Designing the Future Selected and Edited Papers of

163 118 22MB