Advertisement

Designs, Codes and Cryptography

, Volume 86, Issue 11, pp 2525–2547 | Cite as

Practical witness encryption for algebraic languages or how to encrypt under Groth–Sahai proofs

  • David Derler
  • Daniel Slamanig
Article
  • 64 Downloads

Abstract

Witness encryption (\(\mathsf{WE}\)) is a recent powerful encryption paradigm, which allows to encrypt a message using the description of a hard problem (a word in an \({\mathbf{NP}}\)-language) and someone who knows a solution to this problem (a witness) is able to efficiently decrypt the ciphertext. Recent work thereby focuses on constructing \(\mathsf{WE}\) for \({\mathbf{NP}}\) complete languages (and thus \({\mathbf{NP}}\)). While this rich expressiveness allows flexibility w.r.t. applications, it makes existing instantiations impractical. Thus, it is interesting to study practical variants of \(\mathsf{WE}\) schemes for subsets of \({\mathbf{NP}}\) that are still expressive enough for many cryptographic applications. We show that such \(\mathsf{WE}\) schemes can be generically constructed from smooth projective hash functions (\(\mathsf {SPHF}\)s). In terms of concrete instantiations of \(\mathsf {SPHF}\)s (and thus \(\mathsf{WE}\)), we target languages of statements proven in the popular Groth–Sahai (\(\mathsf {GS}\)) non-interactive witness-indistinguishable/zero-knowledge proof framework. This allows us to provide a novel way to encrypt. In particular, encryption is with respect to a \(\mathsf {GS}\) proof and efficient decryption can only be done by the respective prover. The so obtained constructions are entirely practical. To illustrate our techniques, we apply them in context of privacy-preserving exchange of information.

Keywords

Witness encryption Smooth projective hash functions Groth–Sahai proofs Encryption Privacy 

Mathematics Subject Classification

68P25 94A60 

Notes

Acknowledgements

The authors have been supported by EU H2020 Project Prismacloud, Grant Agreement No. 644962. We thank various anonymous referees for their valuable comments.

References

  1. 1.
    Abdalla M., Chevalier C., Pointcheval D.: Smooth projective hashing for conditionally extractable commitments. In: Advances in Cryptology—CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Proceedings, pp. 671–689 (2009).Google Scholar
  2. 2.
    Abdalla M., Benhamouda F., Pointcheval D.: Disjunctions for hash proof systems: new constructions and applications. In: Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part II, pp. 69–100 (2015).  https://doi.org/10.1007/978-3-662-46803-6_3.Google Scholar
  3. 3.
    Abusalah H., Fuchsbauer G., Pietrzak K.: Offline witness encryption. In: Applied Cryptography and Network Security—14th International Conference, ACNS 2016, Guildford, UK, June 19–22, 2016. Proceedings, pp. 285–303 (2016).  https://doi.org/10.1007/978-3-319-39555-5_16.Google Scholar
  4. 4.
    Akinyele J.A., Garman C., Hohenberger S.: Automating fast and secure translations from type-I to type-III pairing schemes. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12–6, 2015, pp. 1370–1381 (2015)Google Scholar
  5. 5.
    Bellare M., Hoang V.T.: Adaptive witness encryption and asymmetric password-based cryptography. IACR Cryptol. ePrint Arch. 2013, 704 (2013).zbMATHGoogle Scholar
  6. 6.
    Bellare M., Fuchsbauer G.: Policy-based signatures. In: Public-Key Cryptography—PKC 2014—17th International Conference on Practice and Theory in Public-Key Cryptography, Buenos Aires, Argentina, March 26–28, 2014, Proceedings, pp. 520–537 (2014).  https://doi.org/10.1007/978-3-642-54631-0_30.CrossRefGoogle Scholar
  7. 7.
    Bellare M., Hoang V.T.: Adaptive witness encryption and asymmetric password-based cryptography. In: Public-Key Cryptography—PKC 2015—18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, March 30–April 1, 2015, Proceedings, pp. 308–331 (2015).Google Scholar
  8. 8.
    Benhamouda F., Blazy O., Chevalier C., Pointcheval D., Vergnaud D.: Efficient UC-secure authenticated key-exchange for algebraic languages. In: PKC. LNCS, vol. 7778, pp. 272–291. Springer (2013).Google Scholar
  9. 9.
    Benhamouda F., Blazy O., Chevalier C., Pointcheval D., Vergnaud D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Advances in Cryptology—CRYPTO 2013—33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2013, Proceedings, Part I, pp. 449–475 (2013).Google Scholar
  10. 10.
    Blazy O., Chevalier C.: Structure-preserving smooth projective hashing. In: Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part II, pp. 339–369 (2016).  https://doi.org/10.1007/978-3-662-53890-6_12.CrossRefGoogle Scholar
  11. 11.
    Boneh D., Franklin M.K.: Identity-based encryption from the weil pairing. In: Advances in Cryptology—CRYPTO 2001, 21st Annual International Cryptology Conference, pp. 213–229 (2001).CrossRefGoogle Scholar
  12. 12.
    Boneh D., Boyen X., Shacham H.: Short group signatures. In: Advances in Cryptology—CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 2004, Proceedings, pp. 41–55 (2004).Google Scholar
  13. 13.
    Canetti R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14–17 October 2001, Las Vegas, NV, USA, pp. 136–145 (2001).Google Scholar
  14. 14.
    Chen Y., Zhang Z.: Publicly evaluable pseudorandom functions and their applications. In: Security and Cryptography for Networks—9th International Conference, SCN 2014, Amalfi, Italy, September 3–5, 2014, Proceedings, pp. 115–134 (2014).  https://doi.org/10.1007/978-3-319-10879-7_8.Google Scholar
  15. 15.
    Chevalier C., Fouque P., Pointcheval D., Zimmer S.: Optimal randomness extraction from a Diffie-Hellman element. In: Advances in Cryptology—EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26–30, 2009, Proceedings, pp. 572–589 (2009).Google Scholar
  16. 16.
    Cramer R., Shoup V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Advances in Cryptology—CRYPTO ’98, 18th Annual International Cryptology Conference, Santa Barbara, California, USA, August 23–27, 1998, Proceedings, pp. 13–25 (1998).Google Scholar
  17. 17.
    Cramer R., Shoup V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Advances in Cryptology—EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, The Netherlands, April 28–May 2, 2002, Proceedings, pp. 45–64 (2002).Google Scholar
  18. 18.
    Crescenzo G.D., Ostrovsky R., Rajagopalan S.: Conditional oblivious transfer and timed-release encryption. In: Advances in Cryptology—EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2–6, 1999, Proceeding, pp. 74–89 (1999).Google Scholar
  19. 19.
    Escala A., Herold G., Kiltz E., Ràfols C., Villar J.L.: An algebraic framework for Diffie-Hellman assumptions. In: Advances in Cryptology—CRYPTO 2013—33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2013, Proceedings, Part II, pp. 129–147 (2013).  https://doi.org/10.1007/978-3-642-40084-1_8.CrossRefGoogle Scholar
  20. 20.
    Faonio A., Nielsen J.B., Venturi D.: Predictable arguments of knowledge. In: Public-Key Cryptography—PKC 2017—20th IACR International Conference on Practice and Theory in Public-Key Cryptography, Amsterdam, The Netherlands, March 28–31, 2017, Proceedings, Part I, pp. 121–150 (2017).  https://doi.org/10.1007/978-3-662-54365-8_6.Google Scholar
  21. 21.
    Garg S., Gentry C., Halevi S., Raykova M., Sahai A., Waters B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: 54th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2013, 26–29 October, 2013, Berkeley, CA, USA, pp. 40–49 (2013).Google Scholar
  22. 22.
    Garg S., Gentry C., Sahai A., Waters B.: Witness encryption and its applications. In: Symposium on Theory of Computing Conference, STOC’13, Palo Alto, CA, USA, June 1–4, 2013, pp. 467–476 (2013).Google Scholar
  23. 23.
    Garg S., Gentry C., Halevi S., Wichs D.: On the implausibility of differing-inputs obfuscation and extractable witness encryption with auxiliary input. In: Advances in Cryptology—CRYPTO 2014—34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2014, Proceedings, Part I, pp. 518–535 (2014).Google Scholar
  24. 24.
    Gennaro R., Lindell Y.: A framework for password-based authenticated key exchange 1. ACM Trans. Inf. Syst. Secur. 9(2), 181–234 (2006).  https://doi.org/10.1145/1151414.1151418.CrossRefGoogle Scholar
  25. 25.
    Gentry C., Lewko A.B., Waters B.: Witness encryption from instance independent assumptions. In: Advances in Cryptology—CRYPTO 2014—34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2014, Proceedings, Part I, pp. 426–443 (2014).Google Scholar
  26. 26.
    Goldwasser S., Micali S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984).MathSciNetCrossRefGoogle Scholar
  27. 27.
    Goldwasser S., Kalai Y.T., Popa R.A., Vaikuntanathan V., Zeldovich N.: How to run turing machines on encrypted data. In: Advances in Cryptology—CRYPTO 2013—33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18–22, 2013. Proceedings, Part II, pp. 536–553 (2013).Google Scholar
  28. 28.
    Groth J., Sahai A.: Efficient non-interactive proof systems for bilinear groups. Cryptology ePrint Arch., Report 2007/155 (2007).Google Scholar
  29. 29.
    Groth J., Sahai A.: Efficient non-interactive proof systems for bilinear groups. In: Advances in Cryptology—EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 415–432 (2008).Google Scholar
  30. 30.
    Håstad J., Impagliazzo R., Levin L.A., Luby M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999).MathSciNetCrossRefGoogle Scholar
  31. 31.
    Jager T.: How to build time-lock encryption. IACR Cryptol. ePrint Arch. 2015, 478 (2015).Google Scholar
  32. 32.
    Jarecki S.: Practical covert authentication. In: Public-Key Cryptography—PKC 2014—17th International Conference on Practice and Theory in Public-Key Cryptography, Buenos Aires, Argentina, March 26–28, 2014, Proceedings, pp. 611–629 (2014).Google Scholar
  33. 33.
    Jarecki S., Liu X.: Private mutual authentication and conditional oblivious transfer. In: Advances in Cryptology—CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009, Proceedings, pp. 90–107 (2009).Google Scholar
  34. 34.
    Katz J., Lindell Y.: Introduction to modern cryptography. Chapman and Hall/CRC Press, Boca Raton (2007).CrossRefGoogle Scholar
  35. 35.
    Katz J., Vaikuntanathan V.: Round-optimal password-based authenticated key exchange. In: Theory of Cryptography—8th Theory of Cryptography Conference, TCC 2011, Providence, RI, USA, March 28–30, 2011, Proceedings, pp. 293–310 (2011).Google Scholar
  36. 36.
    Kiayias A., Tsiounis Y., Yung M.: Group encryption. In: Advances in Cryptology—ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, pp. 181–199 (2007).Google Scholar
  37. 37.
    Kiltz E., Pietrzak K., Stam M., Yung M.: A new randomness extraction paradigm for hybrid encryption. In: Advances in Cryptology—EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 590–609 (2009).CrossRefGoogle Scholar
  38. 38.
    Kurosawa K., Desmedt Y.: A new paradigm of hybrid encryption scheme. In: Advances in Cryptology—CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 2004, Proceedings, pp. 426–442 (2004).Google Scholar
  39. 39.
    Liu J., Kakvi S.A., Warinschi B.: Extractable witness encryption and timed-release encryption from bitcoin. IACR Cryptol. ePrint Arch. 482, 2016 (2015).Google Scholar
  40. 40.
    Rivest R.L., Shamir A., Wagner D.A.: Time-Lock Puzzles and Timed-Release Crypto. Technical Report. Massachusetts Institute of Technology, Cambridge (1996).Google Scholar
  41. 41.
    Sahai A., Waters B.: Fuzzy identity-based encryption. In: Advances in Cryptology—EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473 (2005).Google Scholar
  42. 42.
    Wee H.: Efficient chosen-ciphertext security via extractable hash proofs. In: Advances in Cryptology—CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 2010, Proceedings, pp. 314–332 (2010).Google Scholar
  43. 43.
    Zhandry, M.: How to avoid obfuscation using witness PRFs. In: Theory of Cryptography—13th International Conference, TCC 2016-A, LNCS, vol. 9563, pp. 421–448. Springer (2016).  https://doi.org/10.1007/978-3-662-49099-0_16.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.IAIKGraz University of TechnologyGrazAustria
  2. 2.AIT Austrian Institute of TechnologyViennaAustria

Personalised recommendations