Results

**1 - 4**of**4**### Delegating RAM Computations

, 2015

"... In the setting of cloud computing a user wishes to delegate its data, as well as computations over this data, to a cloud provider. Each computation may read and modify the data, and these modi-fications should persist between computations. Minding the computational resources of the cloud, delegated ..."

Abstract
- Add to MetaCart

In the setting of cloud computing a user wishes to delegate its data, as well as computations over this data, to a cloud provider. Each computation may read and modify the data, and these modi-fications should persist between computations. Minding the computational resources of the cloud, delegated computations are modeled as RAM programs. In particular, the delegated computations’ running time may be sub-linear, or even exponentially smaller than the memory size. We construct a two-message protocol for delegating RAM computations to an untrusted cloud. In our protocol, the user saves a short digest of the delegated data. For every delegated compu-tation, the cloud returns, in addition to the computation’s output, the digest of the modified data, and a proof that the output and digest were computed correctly. When delegating a T-time RAM computation M with security parameter k, the cloud runs in time T · poly(k) and the user in time poly(|M | , log T, k). Our protocol is secure assuming super-polynomial hardness of the Learning with Error (LWE) assumption. Security holds even when the delegated computations are chosen adaptively as a function of the data and output of previous computations. We note that RAM delegation schemes are an improved variant of memory delegation schemes

### Succinct Adaptive Garbled RAM

, 2015

"... We show how to garble a large persistent database and then garble, one by one, a sequence of adaptively and adversarially chosen RAM programs that query and modify the database in arbitrary ways. Still, it is guaranteed that the garbled database and programs reveal only the outputs of the programs w ..."

Abstract
- Add to MetaCart

(Show Context)
We show how to garble a large persistent database and then garble, one by one, a sequence of adaptively and adversarially chosen RAM programs that query and modify the database in arbitrary ways. Still, it is guaranteed that the garbled database and programs reveal only the outputs of the programs when run in sequence on the database. The runtime, space requirements and description size of the garbled programs are proportional only to those of the plaintext programs and the security parameter. We assume indistinguishability obfuscation for circuits and poly-to-one collision-resistant hash functions. The latter can be constructed based on standard algebraic assumptions such as the hardness of discrete log or factoring. In contrast, all previous garbling schemes with persistent data were shown secure only in the static setting where all the programs are known in advance. As an immediate application, our scheme is the first to provide a way to outsource large databases to untrusted servers, and later query and update the database over time in a private and verifiable way, with complexity and description size proportional to those of the unprotected queries. Our scheme extends the non-adaptive RAM garbling scheme of Canetti and Holmgren [ITCS 2016]. We also define and use a new primitive, called adaptive accumulators, which is an adaptive alternative

### Patchable Obfuscation

, 2015

"... In this work, we introduce patchable obfuscation: our notion adapts the notion of indistinguishability obfuscation (iO) to a very general setting where obfuscated software evolves over time. We model this broadly by considering software patches P as arbitrary Turing Machines that take as input the d ..."

Abstract
- Add to MetaCart

In this work, we introduce patchable obfuscation: our notion adapts the notion of indistinguishability obfuscation (iO) to a very general setting where obfuscated software evolves over time. We model this broadly by considering software patches P as arbitrary Turing Machines that take as input the description of a Turing Machine M, and output a new Turing Machine description M ′ = P (M). Thus, a short patch P can cause changes everywhere in the descrip-tion of M and can even cause the description length of the machine to increase by an arbitrary polynomial amount. We further consider the setting where a patch is applied not just to a single machine M, but to an unbounded set of machines (M1,...,Mt) to yield (P (M1),..., P (Mt). We call this multi-program patchable obfuscation. We consider both patchable obfuscation and multi-program patchable obfuscation in a setting where there are an unbounded number of patches that can be adaptively chosen by an adversary. We show that sub-exponentially secure iO for circuits and sub-exponentially secure one-way functions imply patchable obfuscation; and we show that sub-exponentially secure iO for circuits, sub-exponentially secure one-way functions, and sub-exponentially secure DDH imply multi-

### Indistinguishability Obfuscation with Constant Size Overhead

, 2015

"... Present constructions of indistinguishability obfuscation (iO) create obfuscated programs where the size of the obfuscated program is at least a factor of a security parameter larger than the size of the original program. In this work, we construct the first iO scheme that achieves only a constant m ..."

Abstract
- Add to MetaCart

Present constructions of indistinguishability obfuscation (iO) create obfuscated programs where the size of the obfuscated program is at least a factor of a security parameter larger than the size of the original program. In this work, we construct the first iO scheme that achieves only a constant multiplic-tive overhead (in fact, the constant is 2) in the size of the program. The security of our construction requires the existence of sub-exponentially secure iO for circuits (that has any polynomial multiplicative overhead in the circuit size) and one-way functions.