Tools for Simulating Features of Composite Order Bilinear

Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting Allison Lewko

Types of Bilinear Groups Prime Order: Composite Order:

Pros and Cons Composite Order Groups: Prime Order Groups: Orthogonal Subgroups Smaller group order Coprime Orders Faster pairings Simple assumptions Large group order Lack of extra structure Slow pairings

Goal Composite Order Groups Prime Order Groups

[LO STW 10 0] [OT 1 ] Prior State of Affairs [BGN 05] [BSW 06] [KSW 08] ] 09 [W Ad Hoc Results General translation [F 10]

Challenge Prime Order Groups Composite Order Groups Proof construction

What Features Do Proofs Need? Orthogonal Subgroups: Expand/Contract With Computational Assumptions Hidden Parameters: Public Parameters Internal View V|PP - random variable - has some entropy V Simulator Attacker

Building Orthogonality in Prime Order

Progress So Far ?

Exploiting Coprimality Chinese Remainder Theorem simulator attacker

Goal Replace coprimality, CRT Alternate mechanism for hiding parameters

Tool: Dual Pairing Vector Spaces [OT 08, 09]

Orthogonal Subspaces with DPVS orthogonal Orthogonality across bases, not within!

Hidden Parameters with DPVS Can’t detect change! Not Everything! What can be determined about hidden vectors?

Expanding/Contracting with DPVS

Demonstration: Boneh-Boyen IBE

Sketch of Proof Subspace Assumption Decryption Failure! Dual System Encryption

Further Applications Lewko-Waters Unbounded HIBE - Natural prime order construction - Security from DLIN - Simpler proof

Summary q Dual pairing vector spaces 1. orthogonality 2. parameter hiding q Subspace assumption 1. simulated subgroup decision 2. implied by DLIN General tools for translating dual system encryption proofs

Thanks for your attention. Questions?