Communication Lower Bounds of Key-Agreement Protocols

Slide Note
Embed
Share

Key-agreement protocols play a vital role in secure communication between parties. This document explores lower bounds of key-agreement protocols through density increment arguments, idealization of symmetric primitives, Merkle puzzles, and the impact of communication bits between Alice and Bob. Various lower bounds, upper bounds, and contributions to improving protocol security are discussed, emphasizing the importance of communication efficiency and security guarantees.

zatz802
zatz802 Follow

Uploaded on Sep 21, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. 1 Communication Lower Bounds of Key-Agreement Protocols via Density Increment Arguments Mi-Ying (Miryam) Huang Xinyu Mao GuangxuYang Jiapeng Zhang

  2. Key-Agreement Protocols in the ROM 2 Idealization of symmetric primitives E.g., one-way function, collision- resistant hash function Random function ?: ? [?] Attacker Alice Bob Communication Ouput ???? Ouput ???? Correctness: ????= ????(w.h.p.) Security: any attacker sees the transcript and makes a few queries cannot guess ????.

  3. Upper Bounds:Merkle Puzzle [Merkle 78] 3 Sample ?1, ,? ? Query the oracle to get ? ?1, ,? ? [?] Sample ?1, ,? ? Query the oracle to get ? ?1, ,? ? [?] Random function ?: ? [?] ? ?1, ,? ? Send ? ?? If ? ?.?.? ?? = ?(??) Send ? ?1, ,? ? ? ?? Output ???? ?? Ouput ???? ?? Correctness: Merkle puzzle only provides a quadratic gap between the efficiency of the honest parties and the attacker. Set ? 10 2, ?1, ,? ?1, ,? If ? is large enough, ????= ????w.h.p. Security: the shared key ? is uniformly distributed The attacker should makes at least ( 2) queries. = 1 w.h.p. by birthday paradox. Can we do better ? [Noam23] proposed a variant of the Merkle Puzzle with perfect completeness and the same security.

  4. Previous Lower bounds: 4 Impagliazzo and Rudich [IR89] Any key agreement protocol where Alice and Bob each make queries can be broken by the attacker with O( 6) queries. Intersection queries Barak and Mahmoody [BM09] Heavy queries Any key agreement protocol where Alice and Bob each make queries can be broken by the attacker with O( 2) queries. Pr[q Q(V)] . Merkel Puzzle is optimal w.r.t.query complexity of the attacker! The heavy query techniques have found wide applications in the context of black-box separations and the power of random oracles in secure two-party computation [KSY11, BKSY11, MP12, DSLMM11, MMP14, HOZ13].

  5. Communication Lower bounds 5 The amount of communication bits betweenAlice and Bob is also Important in practice! For example,in Merkle s Puzzles, Alice and Bob need to exchange ( ) bits. Conjecture [HMOYR18] Any -query and c bits communication KA non-adaptive protocols could be broken by the attacker with ?(c )-queries. Non-adaptive: Alice and Bob decide their queries before protocol execution, i.e., their queries are fully determined by their internal randomness. Theorem [HMOYR18] Any -query and c bits communication KA non-adaptive two rounds protocols could be broken by the attacker with ?(c )-queries. Heavy queries and analyze the communication cost via ad hoc techniques

  6. Our Contribution 6 MainTheorem Any -query and c bits communication KA non-adaptive and prefect completeness protocols could be broken by the attacker with ?(c )-queries. The protocol in [Noam23] is optimal. Perfect Completeness: Pr ????= ???? = 1 Technical contribution: 1 Correlated queries:the queries are not only heavy queries but also highly related to communication transcripts. 2 Analyze the communication cost via density increment arguments.

  7. Correlated Queries Correlated Query Let ? be a transcript and ? be the current queries of the attacker .We say S ? is ?-correlated w.r.t. attacker s view ?,? if ? ? ? |??,??,? ? ? ? | ??,??,?,? ? Algorithm of the attacker: Initialize ? = 0 and ? = . While exists S ? is ?-correlated w.r.t. the attack s view ?,? with ? : Query ? on ? and receive ? ? . Update ? = ? ?,? ? and ? = ? + 1. How to bound the expected number of iterations? Output ? = max ? (??,??,?)|?,?[????(?) = ?] . Pr ? {0,1} (??,??,?)|?,?is the distribution of all possible execution condition on communication transcript ? and queries ?.

  8. Density IncrementArgument Density Function Let ? be a transcript and ? be the queries of the attacker, the density function (?,?) is defined as follows: ?,? = ? ? |??,??,? ? ?| ??,??,?,? Lemma 1: The expected number of iterations of the algorithm is ?(CC( )/?). .. ?, ?,?1 ?2 ?,?1 ?,?1 ?? By Chain Rule, the density function decreases at least ? in expectation after ?-correlated queries in each iteration. Notice that the density function is always non-negative since ? is a uniform distribution condition on (??,??,?). ?, ? Thus,the expected number of iterations given ? is protocol is E? [ ?, and the expected number of iterations given ] ? ? ??,??,?) ? ? ??,??,?, ) ?( ) ??( ) ? ? ? ?

  9. Summary and Proof Outline MainTheorem Any -query and c bits communication KA non-adaptive and prefect completeness protocols could be broken by the attacker with ?(c )-queries. The proof outline is as follows: Algorithm: The attacker queries the ?-correlated queries in each iteration and outputs the majority of the possible output based on it s view ?,? . Lemma 1: The expected number of iterations of the algorithm is ?(CC( )/?). Proved by density increment arguments. Lemma 2: The success probability of the algorithm is at least 1 ?. Proved by the rectangle view in communication complexity. We omitted the proof in this talk

  10. Open Problems MainTheorem Any -query and c bits communication KA non-adaptive and prefect completeness protocols could be broken by the attacker with ?(c )-queries. Imperfect completeness? Adaptive protocols? Other applications via our density increment argument or correlated queries? Thank you for listening

Related


Understanding Tail Bounds in Probability for Computing

Understanding Tail Bounds in Probability for Computing

thorne
Strong Average-Case Circuit Lower Bounds: A Brief Overview

Strong Average-Case Circuit Lower Bounds: A Brief Overview

adriana
Understanding Upper and Lower Bounds in Mathematics

Understanding Upper and Lower Bounds in Mathematics

netherland_a
Understanding Lower Bounds in the Cell Probe Model

Understanding Lower Bounds in the Cell Probe Model

real885
Additive Combinatorics Approach to Log-Rank Conjecture in Communication Complexity

Additive Combinatorics Approach to Log-Rank Conjecture in Communication Complexity

mah_for
Understanding Rounding and Estimating: Upper and Lower Bounds Example

Understanding Rounding and Estimating: Upper and Lower Bounds Example

kennedy
Understanding Upper and Lower Bounds in Rounding and Estimating

Understanding Upper and Lower Bounds in Rounding and Estimating

tana
Understanding Upper and Lower Bounds in Measurements

Understanding Upper and Lower Bounds in Measurements

dduff
Lower Bounds for Small Depth Arithmetic Circuits

Lower Bounds for Small Depth Arithmetic Circuits

zyla_48
Secure Composition of Key Exchange Protocols

Secure Composition of Key Exchange Protocols

forb_470
Understanding Real Analysis: Intervals, Bounds, and Problem-solving

Understanding Real Analysis: Intervals, Bounds, and Problem-solving

aloysius
Understanding Real Analysis: Intervals, Bounds, and Problem Solving

Understanding Real Analysis: Intervals, Bounds, and Problem Solving

kylan
Investigating Power and Area Reduction Bounds in 3D Integration

Investigating Power and Area Reduction Bounds in 3D Integration

karina
Insights into Advanced Algorithmic Problems

Insights into Advanced Algorithmic Problems

rowdy
Advanced Techniques for Heavy Hitters Detection in Insertion Streams

Advanced Techniques for Heavy Hitters Detection in Insertion Streams

rougeau_c
Communication Protocols for System Integration

Communication Protocols for System Integration

fro_sta
Update on SWAG Protocols and New NICE TA Progress Report

Update on SWAG Protocols and New NICE TA Progress Report

lowie
Understanding Consistency Protocols in Distributed Systems

Understanding Consistency Protocols in Distributed Systems

rune
Overview of CARICOM-Colombia Trade Agreement

Overview of CARICOM-Colombia Trade Agreement

wizard
CARICOM-Costa Rica Free Trade Agreement Overview Presentation

CARICOM-Costa Rica Free Trade Agreement Overview Presentation

eliora
Private Social Services Sector Collective Agreement Summary 2023-2025

Private Social Services Sector Collective Agreement Summary 2023-2025

cornelia
EMC Tar-Pamlico Phase IV Agreement Water Quality Committee Details

EMC Tar-Pamlico Phase IV Agreement Water Quality Committee Details

chni906
Acceptance of Amended AFRA Agreement in Parliament: Overview

Acceptance of Amended AFRA Agreement in Parliament: Overview

roscoe
Collective Agreement Highlights for CUPE Local 716 Richmond School District 38 (2022-2025)

Collective Agreement Highlights for CUPE Local 716 Richmond School District 38 (2022-2025)

ursula

More Related Content

Comparison of SPI and I2C Communication in Embedded Systems
Comparison of SPI and I2C Communication in Embedded Systems
Understanding Tail Bounds and Inequalities in Probability Theory
Understanding Tail Bounds and Inequalities in Probability Theory
Generalization Bounds and Algorithms in Machine Learning
Generalization Bounds and Algorithms in Machine Learning
Understanding Rule 4: Ball In Play, Dead Ball, Out of Bounds
Understanding Rule 4: Ball In Play, Dead Ball, Out of Bounds
Leakage-Resilient Key Exchange and Seed Extractors in Cryptography
Leakage-Resilient Key Exchange and Seed Extractors in Cryptography
Mastering Subject-Verb Agreement for Clear Communication
Mastering Subject-Verb Agreement for Clear Communication
Lower Allen Township Public Safety Ad Hoc Committee Fire/Rescue Services Presentation
Lower Allen Township Public Safety Ad Hoc Committee Fire/Rescue Services Presentation
Understanding Big-Oh Notation in Time Complexity Analysis
Understanding Big-Oh Notation in Time Complexity Analysis
Understanding Stability and Generalization in Machine Learning
Understanding Stability and Generalization in Machine Learning
Quantum Query Complexity Measures for Symmetric Functions
Quantum Query Complexity Measures for Symmetric Functions
Numerical Abstract Domain with Max Operator in Timing Analysis
Numerical Abstract Domain with Max Operator in Timing Analysis
Analysis on Oil's Impact on Civil War and State Weakness
Analysis on Oil's Impact on Civil War and State Weakness
Exploring Circuit Size Bounds in Complexity Theory
Exploring Circuit Size Bounds in Complexity Theory
Effective Communication Skills for Healthcare Professionals
Effective Communication Skills for Healthcare Professionals
Taming Adaptivity in YOSO Protocols: The Modular Way
Taming Adaptivity in YOSO Protocols: The Modular Way
Overview of Identification Protocols in CS255 by Dan Boneh
Overview of Identification Protocols in CS255 by Dan Boneh
Towards Practical Generic Zero-Knowledge Protocols
Towards Practical Generic Zero-Knowledge Protocols
Effective Communication Skills in Business Environment
Effective Communication Skills in Business Environment
Mastering Subject-Verb Agreement
Mastering Subject-Verb Agreement
Strategic Communications Planning for Educational Leadership
Strategic Communications Planning for Educational Leadership
Understanding Communication and Sign Language
Understanding Communication and Sign Language
Effective Communication Strategies in Business Environments
Effective Communication Strategies in Business Environments
Mastering Effective Communication Skills in Daily Life
Mastering Effective Communication Skills in Daily Life
Kaiser Permanente Alliance National Agreement Summary 2021
Kaiser Permanente Alliance National Agreement Summary 2021