watermarking cryptographic functionalities from standard ...functionality-preserving: on input a...
Post on 01-Jan-2021
1 Views
Preview:
TRANSCRIPT
Watermarking Cryptographic Functionalities from Standard Lattice Assumptions
Sam Kim and David J. Wu
Stanford University
Digital Watermarking
CRYPTO 2017
CRYPTO 2017 CRYPTO 2017
CRYPTO 2017
Often used to identify owner of content and prevent unauthorized distribution
Digital Watermarking
CRYPTO 2017
CRYPTO 2017 CRYPTO 2017
CRYPTO 2017
âą Content is (mostly) viewable
Digital Watermarking
CRYPTO 2017
CRYPTO 2017 CRYPTO 2017
CRYPTO 2017
âą Content is (mostly) viewableâą Watermark difficult to remove (without destroying the image)
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Embed a âmarkâ within a program
If mark is removed, then program is destroyed
Two main algorithms:âą Mark wsk, đ¶ â đ¶âČ: Takes a circuit đ¶ and outputs a marked circuit đ¶âČ
âą Verify wsk, đ¶âČ â 0,1 : Tests whether a circuit đ¶âČ is marked or not
Two main algorithms:âą Mark wsk, đ¶ â đ¶âČ: Takes a circuit đ¶ and outputs a marked circuit đ¶âČ
âą Verify wsk, đ¶âČ â 0,1 : Tests whether a circuit đ¶âČ is marked or not
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Embed a âmarkâ within a program
If mark is removed, then program is destroyed
Both marking and verification require a secret
watermarking key wsk
Two main algorithms:âą Mark wsk, đ¶ â đ¶âČ: Takes a circuit đ¶ and outputs a marked circuit đ¶âČ
âą Verify wsk, đ¶âČ â 0,1 : Tests whether a circuit đ¶âČ is marked or not
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Embed a âmarkâ within a program
If mark is removed, then program is destroyed
Extends to setting where watermark can be an
(arbitrary) string [See paper]
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Functionality-preserving: On input a program (modeled as a circuit đ¶), the Mark algorithm outputs a circuit đ¶âČ where:
đ¶ đ„ = đ¶âČ(đ„)on all but a negligible fraction of inputs đ„
Mark
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Functionality-preserving: On input a program (modeled as a circuit đ¶), the Mark algorithm outputs a circuit đ¶âČ where:
đ¶ đ„ = đ¶âČ(đ„)on all but a negligible fraction of inputs đ„
MarkPerfect functionality-preserving impossible assuming obfuscation [BGIRSVY12]
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Unremovability: Given a marked program đ¶, no efficient adversary can construct a circuit đ¶âČ where
âą đ¶âČ đ„ = đ¶(đ„) on all but a negligible fraction of inputs đ„âą Verify wsk, đ¶âČ = 1
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Unremovability: Given a marked program đ¶, no efficient adversary can construct a circuit đ¶âČ where
âą đ¶âČ đ„ = đ¶(đ„) on all but a negligible fraction of inputs đ„âą Verify wsk, đ¶âČ = 1
Adversary has completeflexibility in crafting đ¶âČ
Adversary given access to marking oracle
[Also require unforgeability; see paper for details]
Watermarking Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
âą Notion only achievable for functions that are not learnableâą Focus has been on cryptographic functions
pseudorandom function
PRF(đ,â )
pseudorandom function
PRF(đ,â )
Watermarking Cryptographic Programs[NSS99, BGIRSVY01, HMW07, YF11, Nis13, CHNVW16, BLW17]
CRYPTO
Mark
âą Focus of this work: watermarking PRFs [CHNVW16, BLW17]
âą Enables watermarking of symmetric primitives built from PRFs (e.g., encryption, MACs, etc.)
pseudorandom function
PRF(đ,â )
pseudorandom function
PRF(đ,â )
Main Result
CRYPTO
Mark
This work: Under standard lattice assumptions, there exists a (secretly)-verifiable watermarkable family of PRFs.
đŠ2đŠ1
đŠ3
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3
domain range
PRF key
Step 1: Evaluate PRF on test points đ„1, đ„2, đ„3 (part of the watermarking secret key)
đŠ1đŠ2
đŠ3
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3
domain range
PRF key
Step 2: Derive a pair (đ„â, đŠâ) from đŠ1, đŠ2, đŠ3
đ„â, đŠâ
đŠ1đŠ2
đŠ3
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3
domain range
PRF key
Step 2: Derive a pair (đ„â, đŠâ) from đŠ1, đŠ2, đŠ3
đ„â, đŠâ
Need different đ„â for different programs â otherwise easy to
remove if adversary sees watermarked keys of its choosing
đ„â
đŠ1đŠ2
đŠ3
PRF đ, đ„â
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3
domain range
PRF key
đ„â, đŠâ
Step 3: âMarked keyâ is a circuit that implements the PRF at all points, except at đ„â, the output is changed to đŠâ
đŠ1đŠ2
đŠ3đŠâ
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3đ„â
domain range
marked key
Step 3: âMarked keyâ is a circuit that implements the PRF at all points, except at đ„â, the output is changed to đŠâ
PRF đ, đ„â
đŠ1đŠ2
đŠ3đŠâ
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3đ„â
domain range
marked key
Step 3: âMarked keyâ is a circuit that implements the PRF at all points, except at đ„â, the output is changed to đŠâ
PRF đ, đ„â
Defer implementation details for nowâŠ
đŠ1đŠ2
đŠ3đŠâ
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3đ„â
domain range
marked key
Verification: Evaluate function at đ„1, đ„2, đ„3, derive (đ„â, đŠâ) and check if the value at đ„â matches đŠâ
PRF đ, đ„â
Defer implementation details for nowâŠ
đŠ1đŠ2
đŠ3đŠâ
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3đ„â
marked key
Defer implementation details for nowâŠ
Functionality-preserving: function differs at a single pointâ
đŠ1đŠ2
đŠ3đŠâ
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đ„1đ„2
đ„3đ„â
marked key
Unremovable: as long as adversary cannot tell that đ„â, đŠâ is âspecialâ
Defer implementation details for nowâŠ
Functionality-preserving: function differs at a single pointâ
â
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
đŠâđ„â
How to implement this functionality?
Prior solutions: use obfuscation to hide đ„â, đŠâ
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
How to implement this functionality?
Prior solutions: use obfuscation to hide đ„â, đŠâ
Obfuscated program has PRF key embedded inside and outputs PRF(đ, đ„) on all inputs đ„ â đ„â
and đŠâ when đ„ = đ„â
đ đ„â,đŠâ (đ„):
âą if đ„ = đ„â, output đŠâ
âą else, output PRF(đ, đ„)
Obfuscated program:
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
How to implement this functionality?
Prior solutions: use obfuscation to hide đ„â, đŠâ
Obfuscated program has PRF key embedded inside and outputs PRF(đ, đ„) on all inputs đ„ â đ„â
and đŠâ when đ„ = đ„â
đ đ„â,đŠâ (đ„):
âą if đ„ = đ„â, output đŠâ
âą else, output PRF(đ, đ„)
Obfuscated program:
Essentially relies on secretly re-programming
the value at đ„â
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
Prior solutions: use obfuscation to hide đ„â, đŠâ
Obfuscated program has PRF key embedded inside and outputs PRF(đ, đ„) on all inputs đ„ â đ„â
and đŠâ when đ„ = đ„â
Key technical challenge: How to hide đ„â, đŠâ within the watermarked key (without obfuscation)?
đ đ„â,đŠâ (đ„):
âą if đ„ = đ„â, output đŠâ
âą else, output PRF(đ, đ„)
Obfuscated program:
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
Prior solutions: use obfuscation to hide đ„â, đŠâ
Obfuscated program has PRF key embedded inside and outputs PRF(đ, đ„) on all inputs đ„ â đ„â
and đŠâ when đ„ = đ„â
Key technical challenge: How to hide đ„â, đŠâ within the watermarked key (without obfuscation)?
đ đ„â,đŠâ (đ„):
âą if đ„ = đ„â, output đŠâ
âą else, output PRF(đ, đ„)
Obfuscated program:
Has an obfuscation flavor: need to embed a secret inside a piece of code that cannot be removed
Blueprint for Watermarking PRFs [CHNVW16, BLW17]
Prior solutions: use obfuscation to hide đ„â, đŠâ
Obfuscated program has PRF key embedded inside and outputs PRF(đ, đ„) on all inputs đ„ â đ„â
and đŠâ when đ„ = đ„â
This work: Under standard lattice assumptions, there exists a (secretly)-verifiable watermarkable family of PRFs.
đ đ„â,đŠâ (đ„):
âą if đ„ = đ„â, output đŠâ
âą else, output PRF(đ, đ„)
Obfuscated program:
Starting Point: Private Puncturable PRFs [BLW17, BKM17, CC17]
đŠâđ„â
âą Watermarked PRF implements PRF at all but a single point
âą Structurally very similar to a puncturable PRF [BW13, BGI13, KPTZ13]
Puncturable PRF:
Punctuređ„â
PRF key punctured key
Starting Point: Private Puncturable PRFs [BLW17, BKM17, CC17]
đŠâđ„â
âą Watermarked PRF implements PRF at all but a single point
âą Structurally very similar to a puncturable PRF [BW13, BGI13, KPTZ13]
Puncturable PRF:
Punctuređ„â
Can be used to evaluate the PRF on all points đ„ â đ„â
PRF key punctured key
Starting Point: Private Puncturable PRFs [BLW17, BKM17, CC17]
Punctuređ„â
PRF key punctured key
Recall general approach for watermarking:
1. Derive đ„â, đŠâ from input/output behavior of PRF
2. Give out a key that agrees with PRF everywhere, except has value
đŠâ at đ„ = đ„â PRF key punctured at đ„â
However, punctured key does not necessarily hide đ„â, which allows adversary to remove watermark
Starting Point: Private Puncturable PRFs [BLW17, BKM17, CC17]
Punctuređ„â
PRF key punctured key
Recall general approach for watermarking:
1. Derive đ„â, đŠâ from input/output behavior of PRF
2. Give out a key that agrees with PRF everywhere, except has value
đŠâ at đ„ = đ„â PRF key punctured at đ„â
Punctured keys typically do not provide flexibility in programming value at
punctured point: difficult to test if a program is watermarked or not
However, punctured key does not necessarily hide đ„â, which allows adversary to remove watermark
Starting Point: Private Puncturable PRFs [BLW17, BKM17, CC17]
Punctuređ„â
PRF key punctured key
Problem 1: Punctured keys do not hide the punctured point đ„â
âą Use private puncturable PRFs
Problem 2: Difficult to test whether a value is the result of using a
punctured key to evaluate at the punctured point
Starting Point: Private Puncturable PRFs [BLW17, BKM17, CC17]
Punctuređ„â
PRF key punctured key
Problem 1: Punctured keys do not hide the punctured point đ„â
âą Use privately puncturable PRFs
Problem 2: Difficult to test whether a value is the result of using a
punctured key to evaluate at the punctured point
In existing lattice-based private puncturable PRF constructions [BKM17, CC17], value of punctured key at punctured point is a deterministic function of
the PRF key
Starting Point: Private Puncturable PRFs [BLW17, BKM17, CC17]
Punctuređ„â
PRF key punctured key
Problem 1: Punctured keys do not hide the punctured point đ„â
âą Use privately puncturable PRFs
Problem 2: Difficult to test whether a value is the result of using a
punctured key to evaluate at the punctured point
âą Relax programmability requirement
Private Translucent PRFs
đŠ2đŠ1
đŠ3
đ„1đ„2
đ„3
PRF key
đ„â
PRF đ, đ„â
Private puncturable PRF family with the property that output of any punctured key on a punctured point lies in a sparse, hidden subspace
Private Translucent PRFs
đŠ2đŠ1
đŠ3
đ„1đ„2
đ„3
punctured key
Private puncturable PRF family with the property that output of any punctured key on a punctured point lies in a sparse, hidden subspace
đ„âđŠâ
Private Translucent PRFs
đŠ2đŠ1
đŠ3
đ„1đ„2
đ„3
punctured key
Private puncturable PRF family with the property that output of any punctured key on a punctured point lies in a sparse, hidden subspace
đ„âđŠâ
Secret testing key associated with the PRF family can be used to test for membership in the hidden subspace
Private Translucent PRFs
đŠ2đŠ1
đŠ3
đ„1đ„2
đ„3
punctured key
đ„âđŠâ
âą Values in special set looks indistinguishable from a random value (without secret testing key)
âą Indistinguishable even though it is easy to sample values from the set
Sets satisfying such properties are called
translucent [CDNO97]
Watermarking from Private Translucent PRFs
đŠ2đŠ1
đŠ3
đ„1đ„2
đ„3
PRF key
đ„â
PRF đ, đ„â
Watermarking secret key (wsk): test points đ„1, ⊠, đ„đand testing key for private translucent PRF
Watermarking from Private Translucent PRFs
đŠ2đŠ1
đŠ3
đ„1đ„2
đ„3
đ„â
To mark a PRF key đ, derive special point đ„â and puncture đ at đ„â; watermarked key is a program that evaluates using
the punctured key
marked key
đŠâ
Watermarking from Private Translucent PRFs
đŠ2đŠ1
đŠ3
đ„1đ„2
đ„3
đ„â
To test whether a program đ¶âČ is watermarked, derive test point đ„â
and check whether đ¶âČ đ„â is in the translucent set (using the testing key for the private translucent PRF)
marked key
đŠâ
Constructing Private Translucent PRFs
Learning with Errors (LWE) [Reg05]:
đšŐRâ€đđĂđ, đŐ
Râ€đđ, đŐ
Rđđ, đŐ
Râ€đđ
đš, đđđš + đđ â đš, đđ
Homomorphic Matrix Encodings [BGGHNSVV14]
A way to encode đ„ â 0,1 â as a collection of LWE samplestake LWE matrices đš1, ⊠, đšâ â â€đ
đĂđ and a secret đ â â€đđ:
Homomorphic Matrix Encodings [BGGHNSVV14]
A way to encode đ„ â 0,1 â as a collection of LWE samplestake LWE matrices đš1, ⊠, đšâ â â€đ
đĂđ and a secret đ â â€đđ:
đđ đš1 + đ„1 â đź + đ1encoding of đ„1 with respect to đš1
đź denotes a special âgadgetâ matrix
LWE matrix associated with each
input bit
Homomorphic Matrix Encodings [BGGHNSVV14]
A way to encode đ„ â 0,1 â as a collection of LWE samplestake LWE matrices đš1, ⊠, đšâ â â€đ
đĂđ and a secret đ â â€đđ:
đđ đš1 + đ„1 â đź + đ1
đđ đšâ + đ„â â đź + đâ
âź
đź denotes a special âgadgetâ matrix
LWE matrix associated with each
input bit
encoding of đ„1 with respect to đš1
Homomorphic Matrix Encodings [BGGHNSVV14]
A way to encode đ„ â 0,1 â as a collection of LWE samplestake LWE matrices đš1, ⊠, đšâ â â€đ
đĂđ and a secret đ â â€đđ:
đđ đš1 + đ„1 â đź + đ1
đđ đšâ + đ„â â đź + đâ
âź đđ đšđ + đ đ„ â đź + noise
Encodings support homomorphic operations
Function of đ and đš1, ⊠, đšâ
đź denotes a special âgadgetâ matrix
LWE matrix associated with each
input bit
Puncturable PRFs from LWE [BV15]
đđ đš1 + đ„1 â đź + đ1
đđ đšâ + đ„â â đź + đâ
âź đđ đšđ + đ đ„ â đź + noise
For any function đ, two ways to (approximately) compute đđđšđâą Directly given the LWE secret đ and public matrices đš1, ⊠, đšââą Homomorphically given encodings đđ đšđ + đ„đ â đź
âą Works as long as đ đ„ = 0
Puncturable PRFs from LWE [BV15]
đđ đš1 + đ„1 â đź + đ1
đđ đšâ + đ„â â đź + đâ
âź đđ đšđ + đ đ„ â đź + noise
For puncturing at đ„â, let đđ„ đ„â = eq đ„, đ„â be the equality function
âą PRF evaluation at đ„ with secret key đ: PRF đ, đ„ â චà¶đđđšđđ„ đ
Puncturable PRFs from LWE [BV15]
đđ đš1 + đ„1 â đź + đ1
đđ đšâ + đ„â â đź + đâ
âź đđ đšđ + đ đ„ â đź + noise
For puncturing at đ„â, let đđ„ đ„â = eq đ„, đ„â be the equality function
âą PRF evaluation at đ„ with secret key đ: PRF đ, đ„ â චà¶đđđšđđ„ đ
To evaluate at đ„, homomorphically compute đšđđ„
Puncturable PRFs from LWE [BV15]
đđ đš1 + đ„1 â đź + đ1
đđ đšâ + đ„â â đź + đâ
âź đđ đšđ + đ đ„ â đź + noise
For puncturing at đ„â, let đđ„ đ„â = eq đ„, đ„â be the equality function
âą PRF evaluation at đ„ with secret key đ: PRF đ, đ„ â චà¶đđđšđđ„ đ
âą Punctured key consists of encodings of bits of đ„â
âą Allows computing đđ đšđđ„ + eq đ„, đ„â â đź + noise for all đ„
Puncturable PRFs from LWE [BV15]
đđ đš1 + đ„1 â đź + đ1
đđ đšâ + đ„â â đź + đâ
âź đđ đšđ + đ đ„ â đź + noise
For puncturing at đ„â, let đđ„ đ„â = eq đ„, đ„â be the equality function
âą PRF evaluation at đ„ with secret key đ: PRF đ, đ„ â චà¶đđđšđđ„ đ
âą Punctured key consists of encodings of bits of đ„â
âą Allows computing đđ đšđđ„ + eq đ„, đ„â â đź + noise for all đ„
Enables evaluation at all đ„except when đ„ = đ„â
Privately Puncturable PRFs [BKM17]
đđ đš1 + đ„1â â đź + đ1
đđ đšâ + đ„ââ â đź + đâ
âź
Evaluating PRF using punctured key requires knowledge of đ„â
Key idea in [BKM17]: encrypt the punctured point using an FHE scheme and homomorphically evaluate the equality function
Evaluating using punctured key outputs
đđđšđđ„ + đđđ
2â eq đ„, đ„â + đ â đź + đâČ
PRF đ, đ„ â චà¶đđđšđđ„ đ
Privately Puncturable PRFs [BKM17]
Evaluating PRF using punctured key requires knowledge of đ„â
Evaluating using punctured key outputs
đđđšđđ„ + đđđ
2â eq đ„, đ„â + đ â đź + đâČ
PRF đ, đ„ â චà¶đđđšđđ„ đ
Value after FHE evaluation and
decryption
đđ đš1 + đ„1â â đź + đ1
đđ đšâ + đ„ââ â đź + đâ
âź
Key idea in [BKM17]: encrypt the punctured point using an FHE scheme and homomorphically evaluate the equality function
Privately Puncturable PRFs [BKM17]
Evaluating PRF using punctured key requires knowledge of đ„â
Evaluating using punctured key outputs
đđđšđđ„ + đđđ
2â eq đ„, đ„â + đ â đź + đâČ
Rounding away the FHE error: small if đ is short and we restrict to low-
norm columns of đź
PRF đ, đ„ â චà¶đđđšđđ„ đ
đđ đš1 + đ„1â â đź + đ1
đđ đšâ + đ„ââ â đź + đâ
âź
Key idea in [BKM17]: encrypt the punctured point using an FHE scheme and homomorphically evaluate the equality function
Private Translucent PRFs
Evaluating using a punctured key yields
đđ đšđđ„ + đ€ â eq đ„, đ„â + đ â đź đźâ1 đ« + noise
Change real PRF evaluation: PRF đ, đ„ â චà¶đđđšđđ„đźâ1(đ«)
đ
Use a different scaling factor in FHE scheme
(instead of ΀đ 2)
Private Translucent PRFs
Evaluating using a punctured key yields
đđ đšđđ„đźâ1 đ« + đ€ â eq đ„, đ„â + đ â đ« + noise
Change real PRF evaluation: PRF đ, đ„ â චà¶đđđšđđ„đźâ1(đ«)
đ
When đ„ = đ„â, this becomes චà¶đđ đšđđ„đźâ1 đ« +đ€đ«
đ
Can choose đ€ (part of the punctured key) to tweak the
value at punctured point
Private Translucent PRFs
If đ„ = đ„â, evaluating using the punctured key yields චà¶đđ đšđđ„đźâ1 đ« +đ€đ«
đ
Key idea: sum up multiple evaluations with different multiples đ€đ and đ«đ yields
áš á§
đ
đđ đšđđ„đźâ1 đ« +đ€đđ«đ
đ
= චà¶đđđŸđ
Output at punctured point is an LWE sample with respect to đŸ (fixed public
matrix) â critical for implementing a translucent set
Private Translucent PRFs
If đ„ = đ„â, evaluating using the punctured key yields චà¶đđ đšđđ„đźâ1 đ« +đ€đ«
đ
Key idea: sum up multiple evaluations with different multiples đ€đ and đ«đ yields
áš á§
đ
đđ đšđđ„đźâ1 đ« +đ€đđ«đ
đ
= චà¶đđđŸđ
Testing key is a short vector đ where đŸđ = 0:
චà¶đđđŸđ, đ â චà¶đđđŸđ
đ= 0
[See paper for details]
watermarking[CHNVW16, BLW17]
private puncturable PRFs [BKM17, CC17]
Conclusions
lattice-based assumptions
indistinguishability obfuscation
this work
watermarking (via private translucent PRFs)
private puncturable PRFs [BKM17, CC17]
Conclusions
lattice-based assumptions
indistinguishability obfuscation
Open Problems
Publicly-verifiable watermarking without obfuscation?âą Current best construction relies on iO [CHNVW16]
Additional applications of private translucent PRFs?
Thank you!
http://eprint.iacr.org/2017/380
top related