TY - GEN
T1 - Succinct randomized encodings and their applications
AU - Bitansky, Nir
AU - Garg, Sanjam
AU - Lin, Huijia
AU - Pass, Rafael
AU - Telang, Sidharth
N1 - Publisher Copyright:
© Copyright 2015 ACM.
PY - 2015/6/14
Y1 - 2015/6/14
N2 - A randomized encoding allows to express a "complex" computation, given by a function f and input x, by a "simple to compute" randomized representation f(x) whose distribution encodes f(x), while revealing nothing else regarding f and x. Existing randomized encodings, geared mostly to allow encoding with low parallel-complexity, have proven instrumental in various strong applications such as multiparty computation and parallel cryptography. This work focuses on another natural complexity measure: the time required to encode. We construct succinct randomized encodings where the time to encode a computation, given by a program Π and input x, is essentially independent of Π's time complexity, and only depends on its space complexity, as well as the size of its input, output, and description. The scheme guarantees computational privacy of (Π,x), and is based on indistinguishability obfuscation for a relatively simple circuit class, for which there exist instantiations based on polynomial hardness assumptions on multi-linear maps. We then invoke succinct randomized encodings to obtain several strong applications, including: • Succinct indistinguishability obfuscation, where the obfuscated program iO(Π) computes the same function as Π for inputs x of apriori-bounded size. Obfuscating Π is roughly as fast as encoding the computation of Π on any such input x. Here we also require subexponentially-secure indistinguishability obfuscation for circuits. • Succinct functional encryption, where a functional decryption key corresponding to Π allows decrypting Π(x) from encryptions of any plaintext x of apriori-bounded size. Key derivation is as fast as encoding the corresponding computation. • Succinct reusable garbling, a stronger form of randomized encodings where any number of inputs x can be encoded separately of Π, independently of Π's time and space complexity. • Publicly-verifiable 2-message delegation where verifying the result of a long computation given by Π and input x is as fast as encoding the corresponding computation. We also show how to transform any 2-message delegation scheme to an essentially non-interactive system where the verifier message is reusable. Previously, succinct randomized encodings or any of the above applications were only known based on various non-standard knowledge assumptions. At the heart of our techniques is a generic method of compressing a piecemeal garbled computation, without revealing anything about the secret randomness utilized for garbling.
AB - A randomized encoding allows to express a "complex" computation, given by a function f and input x, by a "simple to compute" randomized representation f(x) whose distribution encodes f(x), while revealing nothing else regarding f and x. Existing randomized encodings, geared mostly to allow encoding with low parallel-complexity, have proven instrumental in various strong applications such as multiparty computation and parallel cryptography. This work focuses on another natural complexity measure: the time required to encode. We construct succinct randomized encodings where the time to encode a computation, given by a program Π and input x, is essentially independent of Π's time complexity, and only depends on its space complexity, as well as the size of its input, output, and description. The scheme guarantees computational privacy of (Π,x), and is based on indistinguishability obfuscation for a relatively simple circuit class, for which there exist instantiations based on polynomial hardness assumptions on multi-linear maps. We then invoke succinct randomized encodings to obtain several strong applications, including: • Succinct indistinguishability obfuscation, where the obfuscated program iO(Π) computes the same function as Π for inputs x of apriori-bounded size. Obfuscating Π is roughly as fast as encoding the computation of Π on any such input x. Here we also require subexponentially-secure indistinguishability obfuscation for circuits. • Succinct functional encryption, where a functional decryption key corresponding to Π allows decrypting Π(x) from encryptions of any plaintext x of apriori-bounded size. Key derivation is as fast as encoding the corresponding computation. • Succinct reusable garbling, a stronger form of randomized encodings where any number of inputs x can be encoded separately of Π, independently of Π's time and space complexity. • Publicly-verifiable 2-message delegation where verifying the result of a long computation given by Π and input x is as fast as encoding the corresponding computation. We also show how to transform any 2-message delegation scheme to an essentially non-interactive system where the verifier message is reusable. Previously, succinct randomized encodings or any of the above applications were only known based on various non-standard knowledge assumptions. At the heart of our techniques is a generic method of compressing a piecemeal garbled computation, without revealing anything about the secret randomness utilized for garbling.
UR - http://www.scopus.com/inward/record.url?scp=84952703663&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84952703663&partnerID=8YFLogxK
U2 - 10.1145/2746539.2746574
DO - 10.1145/2746539.2746574
M3 - Conference contribution
AN - SCOPUS:84952703663
T3 - Proceedings of the Annual ACM Symposium on Theory of Computing
SP - 439
EP - 448
BT - STOC 2015 - Proceedings of the 2015 ACM Symposium on Theory of Computing
PB - Association for Computing Machinery
T2 - 47th Annual ACM Symposium on Theory of Computing, STOC 2015
Y2 - 14 June 2015 through 17 June 2015
ER -