Moni Naor

Bio: Moni Naor is an academic researcher from Weizmann Institute of Science. The author has contributed to research in topics: Encryption & Cryptography. The author has an hindex of 102, co-authored 338 publications receiving 47090 citations. Previous affiliations of Moni Naor include IBM & Stanford University.

Universal Constructions and Robust Combiners for Indistinguishability Obfuscation and Witness Encryption

Abstract: Over the last few years a new breed of cryptographic primitives has arisen: on one hand they have previously unimagined utility and on the other hand they are not based on simple to state and tried out assumptions. With the on-going study of these primitives, we are left with several different candidate constructions each based on a different, not easy to express, mathematical assumptions, where some even turn out to be insecure. A combiner for a cryptographic primitive takes several candidate constructions of the primitive and outputs one construction that is as good as any of the input constructions. Furthermore, this combiner must be efficient: the resulting construction should remain polynomial-time even when combining polynomially many candidate. Combiners are especially important for a primitive where there are several competing constructions whose security is hard to evaluate, as is the case for indistinguishability obfuscation IO and witness encryption WE. One place where the need for combiners appears is in design of a universal construction, where one wishes to find "one construction to rule them all": an explicit construction that is secure if any construction of the primitive exists. In a recent paper, Goldwasser and Kalai posed as a challenge finding universal constructions for indistinguishability obfuscation and witness encryption. In this work we resolve this issue: we construct universal schemes for IO, and for witness encryption, and also resolve the existence of combiners for these primitives along the way. For IO, our universal construction and combiners can be built based on either assuming DDH, or assuming LWE, with security against subexponential adversaries. For witness encryption, we need only one-way functions secure against polynomial time adversaries.

Matching nuts and bolts

Abstract: We describe a procedure which may be helpful to any disorganized carpenter who has a mixed pile of bolts and nuts and wants to find the corresponding pairs of bolts and nuts. The procedure uses our (and the carpenter’s) ability to construct efficiently highly expanding graphs. The problem considered is given a collection of n bolts of distinct widths and n nuts such that there is a 1-1 correspondence between the nuts and bolts. The goal is to find for each bolt its corresponding nut by comparing nuts to bolts but not nuts to nuts or bolts to bolts. Our objective is to minimize the number of operations of this kind (as well as the total running time). The problem has a randomized algorithm similar to Quicksort. Our main result is an n(log n)O(1)∗Department of Mathematics, Raymond and Beverly Sackler Faculty of Exact Sciences, Tel Aviv University, Tel Aviv, Israel and AT & T Bell Labs, Murray Hill, NJ 07974, USA. e-mail: noga@math.tau.ac.il. Research supported in part by a United States Israel BSF Grant †Computer Science Division, University of California at Berkeley, Berkeley, CA 94720, USA. e-mail: blum@cs.berkeley.edu. Supported by NSF grant CCR92-01092. ‡Department of Computer Science, Raymond and Beverly Sackler Faculty of Exact Sciences, Tel Aviv University, Tel Aviv, Israel. e-mail: fiat@math.tau.ac.il. Research supported by a grant from the Israeli Academy of Sciences §Department of Computer Science, University of Arizona, USA. e-mail: kannan@cs.arizona.edu. ¶Department of Applied Mathematics and Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel. e-mail: naor@wisdom.weizmann.ac.il. Supported by an Alon Fellowship. ‖University of California at Berkeley Computer Science Division, and International Computer Science Institute at Berkeley. e-mail: rafail@melody.berkeley.edu. Supported by NSF postdoctoral fellowship and ICSI. Part of this work was done while visiting Tel Aviv University and Hebrew University of Jerusalem. time deterministic algorithm, based on expander graphs, for matching the bolts and the nuts.

History-Independent Cuckoo Hashing.

Abstract: Cuckoo hashing is an efficient and practical dynamic dictionary. It provides expected amortized constant update time, worst case constant lookup time, and good memory utilization. Various experiments demonstrated that cuckoo hashing is highly suitable for modern computer architectures and distributed settings, and offers significant improvements compared to other schemes. In this work we construct a practical history-independentdynamic dictionary based on cuckoo hashing. In a history-independent data structure, the memory representation at any point in time yields no information on the specific sequence of insertions and deletions that led to its current content, other than the content itself. Such a property is significant when preventing unintended leakage of information, and was also found useful in several algorithmic settings. Our construction enjoys most of the attractive properties of cuckoo hashing. In particular, no dynamic memory allocation is required, updates are performed in expected amortized constant time, and membership queries are performed in worst case constant time. Moreover, with high probability, the lookup procedure queries only two memory entries which are independent and can be queried in parallel. The approach underlying our construction is to enforce a canonical memory representation on cuckoo hashing. That is, up to the initial randomness, each set of elements has a unique memory representation.

Secret-Sharing for NP

Abstract: A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a “qualified” subset of parties can efficiently reconstruct the secret while any “unqualified” subset of parties cannot efficiently learn anything about the secret. The collection of “qualified” subsets is defined by a monotone Boolean function.

Implicit O (1) probe search

Abstract: Given a set of n elements from the domain $\{ {1, \cdots ,m} \}$, this paper investigates how to arrange them in a table of size n, so that searching for an element in the table can be done in constant time. Yao [J. Assoc. Comput. Mach., 28(1981), pp. 615–628] has shown that this cannot be done when the domain is sufficiently large as a function of n.This paper gives a constructive solution when the domain m is polynomial in n, the number of elements, as well as a nonconstructive proof for m no larger than exponential in ${\operatorname{poly}}(n)$. The authors improve upon a result of Yao and give better bounds on the maximum m for which implicit $O(1)$ probe search can be done. The results are achieved by showing the tight relationship between hashing and certain encoding problems called rainbows.

I and i

Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality. Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

Handbook of Applied Cryptography

Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

Random graphs

Abstract: We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

Identity-Based Encryption from the Weil Pairing

Abstract: We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.