Interactivity in Constructive Cryptography : Modeling and Applications to Updatable Encryption and Private Information Retrieval
In this work, we extend the Constructive Cryptography (CC) framework introduced by Maurer in 2011 so as to handle interactive protocols. We design and construct a so-called {\em Interactive Server Memory Resource} (ISMR), that is an augmented version of the basic instantiation of a client-server pro...
Gespeichert in:
Veröffentlicht in: | arXiv.org 2022-04 |
---|---|
Hauptverfasser: | , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | In this work, we extend the Constructive Cryptography (CC) framework introduced by Maurer in 2011 so as to handle interactive protocols. We design and construct a so-called {\em Interactive Server Memory Resource} (ISMR), that is an augmented version of the basic instantiation of a client-server protocol in CC, namely the Server Memory Resource. We then apply our ISMR construction to two types of interactive cryptographic protocols for remote storage : Updatable Encryption (UE) and Private Information Retrieval (PIR). Concerning UE, our results are a composable version of those protocols, clarifying the security guarantees achieved by {\em any} UE scheme. Namely, we give the relevant security notion to consider according to a given leakage context. Letting USMR denote our ISMR adapted to the UE application, we prove that \(\mathsf{IND}\text{-}\mathsf{UE}\text{-}\mathsf{CPA}\) security is sufficient for a secure construction of a confidential USMR that hides the age of ciphertexts; and \(\mathsf{IND}\text{-}(\mathsf{ENC}+\mathsf{UPD})\text{-}\mathsf{CPA}\) security is sufficient for a secure construction of a confidential USMR in case of unrestricted leakage. As a consequence, contrary to what was claimed before, the \(\mathsf{IND}\text{-}\mathsf{UE}\) security notion is not always stronger than the \(\mathsf{IND}\text{-}(\mathsf{ENC+UPD})\) one. Concerning PIR, we also give a composable version of PIR protocols, yielding a unique model that unifies different notions of PIR : IT-PIR, C-PIR, one- or multi- server PIR. Using the flexibility of CC, we are also able to model PIR variants, such as SPIR. |
---|---|
ISSN: | 2331-8422 |