BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//project/author//NONSGML v1.0//EN
CALSCALE:GREGORIAN
BEGIN:VEVENT
DTEND:20230414T120000Z
UID:6d37a83dc2fbd4aa097bf7b24a072903-447
DTSTAMP:19700101T120014Z
DESCRIPTION:How to Play with Witness Encryption without the Theoretical Hassle (Or: weak forms of WE and good stuff we can get from them)
URL;VALUE=URI:https://www.csa.iisc.ac.in/newweb/event/447/how-to-play-with-witness-encryption-without-the-theoretical-hassle-or-weak-forms-of-we-and-good-stuff-we-can-get-from-them/
SUMMARY:Witness encryption (WE), allows one to encrypt a message to a statement for some NP language, such that any user holding a witness for it can decrypt the ciphertext. If we could construct this primitive, we would be able to do without certificate authorities, but also to use it as an extremely versatile building block in other cryptographic applications.
Unfortunately, from a theoretical standpoint, it is still unclear whether we will be able to instantiate a general-purpose witness encryption scheme from reliable assumptions soon (unless we go through iO).
In this talk we tackle the questions:
What are other weak-but-useful variants of WE that we can actually construct? And what efficiency properties would we require from them?
We discuss some recent works in this direction and their applications, in particular on forms of non-interactive (and reusable) MPC (Ben and Lin, TCC20), where parties can securely compute a function by broadcasting a single message, assuming only an encoding of their input exists on a bulletin board.

This talk is partly a presentation of the work in: https://eprint.iacr.org/2022/1510.pdf
DTSTART:20230414T120000Z
END:VEVENT
END:VCALENDAR