The Magic of ELFs

Article
  • 8 Downloads

Abstract

We introduce the notion of an Extremely Lossy Function (ELF). An ELF is a family of functions with an image size that is tunable anywhere from injective to having a polynomial-sized image. Moreover, for any efficient adversary, for a sufficiently large polynomial r (necessarily chosen to be larger than the running time of the adversary), the adversary cannot distinguish the injective case from the case of image size r. We develop a handful of techniques for using ELFs, and show that such extreme lossiness is useful for instantiating random oracles in several settings. In particular, we show how to use ELFs to build secure point function obfuscation with auxiliary input, as well as polynomially many hardcore bits for any one-way function. Such applications were previously known from strong knowledge assumptions—for example, polynomially many hardcore bits were only known from differing inputs obfuscation, a notion whose plausibility has been seriously challenged. We also use ELFs to build a simple hash function with output intractability, a new notion we define that may be useful for generating common reference strings. Next, we give a construction of ELFs relying on the exponential hardness of the decisional Diffie–Hellman problem, which is plausible in elliptic curve groups. Combining with the applications above, our work gives several practical constructions relying on qualitatively different—and arguably better—assumptions than prior works.

Keywords

Point obfuscation Random oracle instantiation Hardcore functions 

References

  1. 1.
    P. Ananth, D. Boneh, S. Garg, A. Sahai, M. Zhandry, Differing-inputs obfuscation and applications. Cryptology ePrint Archive, Report 2013/689, 2013. http://eprint.iacr.org/2013/689
  2. 2.
    A. Akavia, S. Goldwasser, V. Vaikuntanathan, Simultaneous hardcore bits and cryptography against memory attacks, in O. Reingold, editor, TCC 2009: 6th Theory of Cryptography Conference, volume 5444 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, March 15–17, 2009), pp. 474–495Google Scholar
  3. 3.
    D. Apon, Y. Huang, J. Katz, A.J. Malozemoff, Implementing cryptographic program obfuscation. Cryptology ePrint Archive, Report 2014/779, 2014. http://eprint.iacr.org/2014/779
  4. 4.
    E. Boyle, K.-M. Chung, R. Pass. On extractability obfuscation, in Y. Lindell, editor, TCC 2014: 11th Theory of Cryptography Conference, volume 8349 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, San Diego, CA, USA, February 24–26, 2014), pp. 52–73Google Scholar
  5. 5.
    N. Bitansky, R. Canetti, O. Paneth, A. Rosen, On the existence of extractable one-way functions, in D.B. Shmoys, editor, 46th Annual ACM Symposium on Theory of Computing (ACM Press, New York, NY, USA, May 31–June 3, 2014), pp. 505–514Google Scholar
  6. 6.
    C. Brzuska, P. Farshim, A. Mittelbach, Indistinguishability obfuscation and UCEs: the case of computationally unpredictable sources, in J.A. Garay, R. Gennaro, editors, Advances in Cryptology—CRYPTO 2014, Part I, volume 8616 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 17–21, 2014), pp. 188–205Google Scholar
  7. 7.
    I. Berman, I. Haitner, From non-adaptive to adaptive pseudorandom functions, in R. Cramer, editor, TCC 2012: 9th Theory of Cryptography Conference, volume 7194 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Taormina, Sicily, Italy, March 19–21, 2012), pp. 357–368Google Scholar
  8. 8.
    F. Böhl, D. Hofheinz, T. Jager, J. Koch, J.H. Seo, C. Striecks, Practical signatures from standard assumptions, in T. Johansson, P.Q. Nguyen, editors, Advances in Cryptology—EUROCRYPT 2013, volume 7881 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Athens, Greece, May 26–30, 2013), pp. 461–485Google Scholar
  9. 9.
    M. Bellare, V.T. Hoang, S. Keelveedhi, Instantiating random oracles via UCEs, in R. Canetti, J.A. Garay, editors, Advances in Cryptology—CRYPTO 2013, Part II, volume 8043 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 18–22, 2013), pp. 398–415Google Scholar
  10. 10.
    N. Bitansky, O. Paneth, Point obfuscation and 3-round zero-knowledge, in R. Cramer, editor, TCC 2012: 9th Theory of Cryptography Conference, volume 7194 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Taormina, Sicily, Italy, March 19–21, 2012), pp. 190–208Google Scholar
  11. 11.
    M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in V. Ashby, editor, ACM CCS 93: 1st Conference on Computer and Communications Security (ACM Press, Fairfax, Virginia, USA, November 3–5, 1993), pp. 62–73Google Scholar
  12. 12.
    M. Bellare, I. Stepanovs, S. Tessaro, Poly-many hardcore bits for any one-way function and a framework for differing-inputs obfuscation, in P. Sarkar, T. Iwata, editors, Advances in Cryptology—ASIACRYPT 2014, Part II, volume 8874 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014), pp. 102–121Google Scholar
  13. 13.
    M. Bellare, I. Stepanovs, S. Tessaro, Contention in cryptoland: obfuscation, leakage and UCE, in E. Kushilevitz, T. Malkin, editors, TCC 2016-A: 13th Theory of Cryptography Conference, Part II, volume 9563 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Tel Aviv, Israel, January 10–13, 2016), pp. 542–564Google Scholar
  14. 14.
    D. Boneh, M. Zhandry, Secure signatures and chosen ciphertext security in a quantum computing world, in R. Canetti, J.A. Garay, editors, Advances in Cryptology—CRYPTO 2013, Part II, volume 8043 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 18–22, 2013), pp. 361–379Google Scholar
  15. 15.
    R. Canetti, Towards realizing random oracles: hash functions that hide all partial information, in B.S. Kaliski Jr., editor, Advances in Cryptology—CRYPTO’97, volume 1294 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 17–21, 1997), pp. 455–469Google Scholar
  16. 16.
    R. Canetti, Y. Chen, L. Reyzin, On the correlation intractability of obfuscated pseudorandom functions, in E. Kushilevitz, T. Malkin, editors, TCC 2016-A: 13th Theory of Cryptography Conference, Part I, volume 9562 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Tel Aviv, Israel, January 10–13, 2016), pp. 389–415Google Scholar
  17. 17.
    R. Canetti, O. Goldreich, S. Halevi. The random oracle methodology, revisited (preliminary version), in 30th Annual ACM Symposium on Theory of Computing (ACM Press, Dallas, Texas, USA, May 23–26, 1998), pp. 209–218Google Scholar
  18. 18.
    R. Canetti, D. Micciancio, O. Reingold, Perfectly one-way probabilistic hash functions (preliminary version), in 30th Annual ACM Symposium on Theory of Computing (ACM Press, Dallas, Texas, USA, May 23–26, 1998), pp. 131–140Google Scholar
  19. 19.
    S. Dziembowski, K. Pietrzak, Leakage-resilient cryptography, in 49th Annual Symposium on Foundations of Computer Science (IEEE Computer Society Press, Philadelphia, Pennsylvania, USA, October 25–28, 2008), pp. 293–302Google Scholar
  20. 20.
    Y. Dodis, A. Smith, Correcting errors without leaking partial information, in H.N. Gabow, R. Fagin, editors, 37th Annual ACM Symposium on Theory of Computing (ACM Press, Baltimore, Maryland, USA, May 22–24, 2005), pp. 654–663Google Scholar
  21. 21.
    N. Döttling, D. Schröder, Efficient pseudorandom functions via on-the-fly adaptation, in R. Gennaro, M.J.B. Robshaw, editors, Advances in Cryptology—CRYPTO 2015, Part I, volume 9215 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 16–20, 2015), pp. 329–350Google Scholar
  22. 22.
    D.M. Freeman, O. Goldreich, E. Kiltz, A. Rosen, G. Segev, More constructions of lossy and correlation-secure trapdoor functions, in P.Q. Nguyen, D. Pointcheval, editors, PKC 2010: 13th International Conference on Theory and Practice of Public Key Cryptography, volume 6056 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Paris, France, May 26–28, 2010), pp. 279–295Google Scholar
  23. 23.
    S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters. Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual Symposium on Foundations of Computer Science (IEEE Computer Society Press, Berkeley, CA, USA, October 26–29, 2013), pp. 40–49Google Scholar
  24. 24.
    S. Garg, C. Gentry, S. Halevi, D. Wichs, On the implausibility of differing-inputs obfuscation and extractable witness encryption with auxiliary input, in J.A. Garay, R. Gennaro, editors, Advances in Cryptology—CRYPTO 2014, Part I, volume 8616 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 17–21, 2014), pp. 518–535Google Scholar
  25. 25.
    S. Garg, C. Gentry, A. Sahai, B. Waters, Witness encryption and its applications, in D. Boneh, T. Roughgarden, J. Feigenbaum, editors, 45th Annual ACM Symposium on Theory of Computing (ACM Press, Palo Alto, CA, USA, June 1–4, 2013), pp. 467–476Google Scholar
  26. 26.
    S. Goldwasser, Y.T. Kalai, Cryptographic assumptions: a position paper, in E. Kushilevitz, T. Malkin, editors, TCC 2016-A: 13th Theory of Cryptography Conference, Part I, volume 9562 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Tel Aviv, Israel, January 10–13, 2016), pp. 505–522Google Scholar
  27. 27.
    O. Goldreich, L.A. Levin, A hard-core predicate for all one-way functions, in 21st Annual ACM Symposium on Theory of Computing (ACM Press, Seattle, Washington, USA, May 15–17, 1989), pp. 25–32Google Scholar
  28. 28.
    O. Goldreich, Foundations of Cryptography: Basic Tools, vol. 1 (Cambridge University Press, Cambridge, UK, 2001)CrossRefMATHGoogle Scholar
  29. 29.
    C. Gentry, D. Wichs, Separating succinct non-interactive arguments from all falsifiable assumptions, in L. Fortnow, S.P. Vadhan, editors, 43rd Annual ACM Symposium on Theory of Computing (ACM Press, San Jose, California, USA, June 6–8, 2011), pp. 99–108Google Scholar
  30. 30.
    D. Hofheinz, T. Jager, D. Khurana, A. Sahai, B. Waters, M. Zhandry, How to generate and use universal samplers. Cryptology ePrint Archive, Report 2014/507, 2014. http://eprint.iacr.org/2014/507.
  31. 31.
    S. Hohenberger, A. Sahai, B. Waters, Replacing a random oracle: Full domain hash from indistinguishability obfuscation, in P.Q. Nguyen, E. Oswald, editors, Advances in Cryptology—-EUROCRYPT 2014, volume 8441 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Copenhagen, Denmark, May 11–15, 2014), pp. 201–220Google Scholar
  32. 32.
    R. Impagliazzo, L.A. Levin, M. Luby, Pseudo-random generation from one-way functions (extended abstracts), in 21st Annual ACM Symposium on Theory of Computing (ACM Press, Seattle, Washington, USA, May 15–17, 1989), pp. 12–24Google Scholar
  33. 33.
    H. Krawczyk, T. Rabin, C. signatures, in ISOC Network and Distributed System Security Symposium—NDSS 2000 (The Internet Society, San Diego, California, USA, February 2–4, 2000)Google Scholar
  34. 34.
    M. Naor, On cryptographic assumptions and challenges (invited talk), in D. Boneh, editor, Advances in Cryptology—CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 17–21, 2003), pp. 96–109Google Scholar
  35. 35.
    M. Naor, G. Segev, Public-key cryptosystems resilient to key leakage, in S. Halevi, editor, Advances in Cryptology—CRYPTO 2009, volume 5677 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 16–20, 2009), pp. 18–35Google Scholar
  36. 36.
    K. Pietrzak, A. Rosen, G. Segev, Lossy functions do not amplify well, in R. Cramer, editor, TCC 2012: 9th Theory of Cryptography Conference, volume 7194 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Taormina, Sicily, Italy, March 19–21, 2012), pp. 458–475Google Scholar
  37. 37.
    S. Patel, G.S. Sundaram, An efficient discrete log pseudo random generator, in H. Krawczyk, editor, Advances in Cryptology—CRYPTO’98, volume 1462 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Santa Barbara, CA, USA, August 23–27, 1998), pp. 304–317Google Scholar
  38. 38.
    C. Peikert, B. Waters, Lossy trapdoor functions and their applications, in R.E. Ladner, C. Dwork, editors, 40th Annual ACM Symposium on Theory of Computing (ACM Press, Victoria, British Columbia, Canada, May 17–20, 2008), pp. 187–196Google Scholar
  39. 39.
    V. Rao, Adaptive multiparty non-interactive key exchange without setup in the standard model. Cryptology ePrint Archive, Report 2014/910, 2014. http://eprint.iacr.org/2014/910
  40. 40.
    A. Rosen, G. Segev, Chosen-ciphertext security via correlated products, in O. Reingold, editor, TCC 2009: 6th Theory of Cryptography Conference, volume 5444 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, March 15–17, 2009), pp. 419–436Google Scholar
  41. 41.
    D.R. Simon, Finding collisions on a one-way street: can secure hash functions be based on general assumptions? in K. Nyberg, editor, Advances in Cryptology—-EUROCRYPT’98, volume 1403 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Espoo, Finland, May 31 – June 4, 1998), pp. 334–345Google Scholar
  42. 42.
    A.W. Schrift, A. Shamir, The discrete log is very discreet, in 22nd Annual ACM Symposium on Theory of Computing (ACM Press, Baltimore, Maryland, USA, May 14–16, 1990), pp. 405–415Google Scholar
  43. 43.
    A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in D.B. Shmoys, editor, 46th Annual ACM Symposium on Theory of Computing (ACM Press, New York, NY, USA, May 31–June 3, 2014), pp. 475–484Google Scholar
  44. 44.
    J.L. Villar, Optimal reductions of some decisional problems to the rank problem, in X. Wang, K. Sako, editors, Advances in Cryptology—ASIACRYPT 2012, volume 7658 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Beijing, China, December 2–6, 2012), pp. 80–97Google Scholar
  45. 45.
    H. Wee, On obfuscating point functions, in H.N. Gabow, R. Fagin, editors, 37th Annual ACM Symposium on Theory of Computing (ACM Press, Baltimore, Maryland, USA, May 22–24, 2005), pp. 523–532Google Scholar
  46. 46.
    A. Young, M. Yung, Kleptography: using cryptography against cryptography, in W. Fumy, editor, Advances in Cryptology—EUROCRYPT’97, volume 1233 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Konstanz, Germany, May 11–15, 1997), pp. 62–74Google Scholar
  47. 47.
    M. Zhandry, How to construct quantum random functions, in 53rd Annual Symposium on Foundations of Computer Science (IEEE Computer Society Press, New Brunswick, NJ, USA, October 20–23, 2012), pp. 679–687Google Scholar
  48. 48.
    M. Zhandry, How to avoid obfuscation using witness PRFs, in E. Kushilevitz, T. Malkin, editors, TCC 2016-A: 13th Theory of Cryptography Conference, Part II, volume 9563 of Lecture Notes in Computer Science (Springer, Heidelberg, Germany, Tel Aviv, Israel, January 10–13, 2016), pp. 421–448Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.MITCambridgeUSA
  2. 2.Princeton UniversityPrincetonUSA

Personalised recommendations