- This event has passed.
M.S. Defense: Peter Fenteany
April 26 @ 3:00 pm - 4:30 pm EDT
Title: “Same Point Composable and Nonmalleable Obfuscated Point Functions”
Major Advisor: Dr. Benjamin Fuller
Associate Advisors: Dr. Alexander Russell, Dr. Walter Krawec
Date/Time: Monday, April 26, 2021, 3:00 pm
Monday, Apr 26, 2021 3:00 pm | 1 hour 30 minutes | (UTC-04:00) Eastern Time (US & Canada) Meeting number: 120 524 4642
Join by video system
You can also dial 18.104.22.168 and enter your meeting number.
Join by phone
+1-415-655-0002 US Toll
Access code: 120 524 4642
A point obfuscator is an obfuscated program that indicates if a user enters a previously stored password. A digital locker is stronger: outputting a key if a user enters a previously stored password. The real-or-random transform allows one to build a digital locker from a composable point obfuscator (Canetti and Dakdouk, Eurocrypt 2008). Ideally, both objects would be nonmalleable, detecting adversarial tampering. Appending a noninteractive zero knowledge proof of knowledge adds nonmalleability in the common random string CRS) model. Komargodski and Yogev (Eurocrypt, 2018) built a nonmalleable point obfuscator without a CRS. We show a lemma in their proof is false, leaving security of their construction unclear. Bartusek, Ma, and Zhandry (Crypto, 2019) used similar techniques and introduced another nonmalleable point function; their obfuscator is not secure if the same point is obfuscated twice. Thus, there was no composable and nonmalleable point function to instantiate the real-or-random construction. Our primary contribution is a nonmalleable point obfuscator that can be composed any polynomial number of times with the same point (which must be known ahead of time). Security relies on the assumption used in Bartusek, Ma, and Zhandry. This construction enables a digital locker that is nonmalleable with respect to the input password. As a secondary contribution, we introduce a key encoding step to detect tampering on the key. This step combines nonmalleable codes and seed-dependent condensers. The seed for the condenser must be public and not tampered, so this can be achieved in the CRS model. The password distribution may depend on the condenser’s seed as long as it is efficiently sampleable. This construction is black box in the underlying point obfuscation. Nonmalleability for the password is ensured for functions that can be represented as low degree polynomials. Key nonmalleability is inherited from the class of functions prevented by the nonmalleable code.