Advertisement

Journal of Cryptology

, Volume 30, Issue 4, pp 1187–1237 | Cite as

Reproducible Circularly Secure Bit Encryption: Applications and Realizations

Article
  • 251 Downloads

Abstract

We give generic constructions of several fundamental cryptographic primitives based on a new encryption primitive that combines circular security for bit encryption with the so-called reproducibility property (Bellare et al. in Public key cryptography—PKC 2003, vol. 2567, pp. 85–99, Springer, 2003). At the heart of our constructions is a novel technique which gives a way of de-randomizing reproducible public-key bit encryption schemes and also a way of reducing one-wayness conditions of a constructed trapdoor function family (TDF) to circular security of the base scheme. The main primitives that we build from our encryption primitive include k-wise one-way TDFs (Rosen and Segev in SIAM J Comput 39(7):3058–3088, 2010), chosen-ciphertext-attack-secure encryption and deterministic encryption. Our results demonstrate a new set of applications of circularly secure encryption beyond fully homomorphic encryption and symbolic soundness. Finally, we show the plausibility of our assumptions by showing that the decisional Diffie–Hellman-based circularly secure scheme of Boneh et al. (Advances in cryptology—CRYPTO 2008, vol. 5157, Springer, 2008) and the subgroup indistinguishability-based scheme of Brakerski and Goldwasser (Advances in cryptology—CRYPTO 2010, vol. 6223, pp. 1–20, Springer, 2010) are both reproducible.

Keywords

Circular security Correlated-input security Trapdoor functions (Non-)shielding CCA construction Deterministic encryption 

Notes

Acknowledgements

We would like to thank Venkatesh Srinivasan for comments on an earlier version of this paper. We are also grateful to the anonymous reviewers for their comments that improved the presentation of this paper.

References

  1. 1.
    A. Akavia, S. Goldwasser, and V. Vaikuntanathan. Simultaneous hardcore bits and cryptography against memory attacks, in O. Reingold, editor, Proceedings of the Theory of Cryptography, 6th Theory of Cryptography Conference, TCC 2009, San Francisco, CA, USA, March 15–17, 2009. Lecture Notes in Computer Science, vol. 5444 (Springer, 2009), pp. 474–495Google Scholar
  2. 2.
    B. Applebaum. Key-dependent message security: Generic amplification and completeness. J. Cryptol., 27(3):429–451, 2014MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    B. Applebaum, D. Cash, C. Peikert, and A. Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems, in S. Halevi, editor, Proceedings of the Advances in Cryptology—CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2009. Lecture Notes in Computer Science, vol. 5677 (Springer, 2009), pp. 595–618Google Scholar
  4. 4.
    B. Barak, I. Haitner, D. Hofheinz, and Y. Ishai. Bounded key-dependent message security, in H. Gilbert, editor, Proceedings of the Advances in Cryptology—EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30–June 3, 2010. Lecture Notes in Computer Science, vol. 6110 (Springer, 2010), pp. 423–444Google Scholar
  5. 5.
    M. Bellare, A. Boldyreva, and A. ONeill. Deterministic and efficiently searchable encryption, in A. Menezes, editor, Proceedings of the Advances in Cryptology—CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2007. Lecture Notes in Computer Science, vol. 4622 (Springer, 2007), pp. 535–552Google Scholar
  6. 6.
    M. Bellare, A. Boldyreva, and J. Staddon. Randomness re-use in multi-recipient encryption schemeas, in Y. Desmedt, editor, Proceedings of the Public Key Cryptography—PKC 2003, 6th International Workshop on Theory and Practice in Public Key Cryptography, Miami, FL, USA, January 6–8, 2003. Lecture Notes in Computer Science, vol. 2567 (Springer, 2003), pp. 85–99Google Scholar
  7. 7.
    M. Bellare, M. Fischlin, A. ONeill, and T. Ristenpart. Deterministic encryption: Definitional equivalences and constructions without random oracles. In Wagner [41], pp. 360–378Google Scholar
  8. 8.
    E. Birrell, K.-M. Chung, R. Pass, and S. Telang. Randomness-dependent message security, in A. Sahai, editor, Proceedings of the Theory of Cryptography, The Tenth Theory of Cryptography Conference, TCC 2013, Tokyo, Japan, March 3–6, 2013. Lecture Notes in Computer Science, vol. 7785 (Springer, 2013), pp. 700–720Google Scholar
  9. 9.
    J. Black, P. Rogaway, and T. Shrimpton. Encryption-scheme security in the presence of key-dependent messages, in K. Nyberg and H.M. Heys, editors, Selected Areas in Cryptography, 9th Annual International Workshop, SAC 2002, St. John’s, Newfoundland, Canada, August 15–16, 2002. Revised Papers, Lecture Notes in Computer Science, vol. 2595 (Springer, 2002), pp. 62–75Google Scholar
  10. 10.
    A. Boldyreva, S. Fehr, and A. ONeill. On notions of security for deterministic encryption, and efficient constructions without random oracles. In Wagner [41], pp. 335–359Google Scholar
  11. 11.
    D. Boneh, R. Canetti, S. Halevi, and J. Katz. Chosen-ciphertext security from identity-based encryption. SIAM J. Comput., 36(5):1301–1328, 2006MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    D. Boneh, S. Halevi, M. Hamburg, and R. Ostrovsky. Circular-secure encryption from decision diffie–hellman. In Wagner [41], pp. 108–125Google Scholar
  13. 13.
    Z. Brakerski and S. Goldwasser. Circular and leakage resilient public-key encryption under subgroup indistinguishability—(or: Quadratic residuosity strikes back), in T. Rabin, editor, Proceedings of the Advances in Cryptology—CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15–19, 2010. Lecture Notes in Computer Science, vol. 6223 (Springer, 2010), pp. 1–20Google Scholar
  14. 14.
    Z. Brakerski, S. Goldwasser, and Y. T. Kalai. Black-box circular-secure encryption beyond affine functions. IACR Cryptol. ePrint Arch. 2009:485, 2009.MATHGoogle Scholar
  15. 15.
    Z. Brakerski, S. Goldwasser, and Y. T. Kalai. Black-box circular-secure encryption beyond affine functions, in Y. Ishai, editor, Proceedings of the Theory of Cryptography, 8th Theory of Cryptography Conference, TCC 2011, Providence, RI, USA, March 28–30, 2011. Lecture Notes in Computer Science, vol. 6597 (Springer, 2011), pp. 201–218Google Scholar
  16. 16.
    Z. Brakerski and G. Segev. Better security for deterministic public-key encryption: The auxiliary-input setting. J. Cryptol., 27(2):210–247, 2014MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    J. Camenisch, N. Chandran, and V. Shoup. A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks, in A. Joux, editor, Proceedings of the Advances in Cryptology—EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26–30, 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 351–368Google Scholar
  18. 18.
    J. Camenisch and A. Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation, in B. Pfitzmann, editor, Proceeding of the Advances in Cryptology—EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, May 6–10, 2001. Lecture Notes in Computer Science, vol. 2045 (Springer, 2001), pp. 93–118Google Scholar
  19. 19.
    S. G. Choi and H. Wee. Lossy trapdoor functions from homomorphic reproducible encryption. Inf. Process. Lett., 112(20):794–798, 2012MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Y. Dodis, S. Goldwasser, Y. T. Kalai, C. Peikert, and V. Vaikuntanathan. Public-key encryption schemes with auxiliary inputs. In Micciancio [31], pp. 361–381Google Scholar
  21. 21.
    Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput., 38(1):97–139, 2008MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    D. M. Freeman, O. Goldreich, E. Kiltz, A. Rosen, and G. Segev. More constructions of lossy and correlation-secure trapdoor functions. J. Cryptol., 26(1):39–74, 2013MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    B. Fuller, A. ONeill, and L. Reyzin. A unified approach to deterministic encryption: New constructions and a connection to computational entropy. J. Cryptol., 28(3):671–717, 2015MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Y. Gertner, T. Malkin, and S. Myers. Towards a separation of semantic and CCA security for public key encryption, in S.P. Vadhan, editor, Proceedings of the Theory of Cryptography, 4th Theory of Cryptography Conference, TCC 2007, Amsterdam, The Netherlands, February 21–24, 2007. Lecture Notes in Computer Science, vol. 4392 (Springer, 2007), pp. 434–455Google Scholar
  25. 25.
    Y. Gertner, T. Malkin, and O. Reingold. On the impossibility of basing trapdoor functions on trapdoor predicates, in M. Naor, editor, 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, Las Vegas, Nevada, USA, October 14–17, 2001 (IEEE Computer Society, 2001), pp. 126–135Google Scholar
  26. 26.
    O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions, in D.S. Johnson, editor, Proceedings of the 21st Annual ACM Symposium on Theory of Computing, Seattle, Washigton, USA, May 14–17, 1989 (ACM, 1989), pp. 25–32Google Scholar
  27. 27.
    B. Hemenway and R. Ostrovsky. Building injective trapdoor functions from oblivious transfer. Electron. Colloq. Comput. Complex. (ECCC), 17:127, 2010Google Scholar
  28. 28.
    B. Hemenway and R. Ostrovsky. Building lossy trapdoor functions from lossy encryption, in K. Sako and P. Sarkar, editors, Proceedings of the Advances in Cryptology—ASIACRYPT 2013, 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, December 1–5, 2013. Lecture Notes in Computer Science, Part II, vol. 8270 (Springer, 2013), pp. 241–260Google Scholar
  29. 29.
    D. Hofheinz. Circular chosen-ciphertext security with compact ciphertexts, in T. Johansson and P.Q. Nguyen, editors, Proceedings of the Advances in Cryptology—EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26–30, 2013. Lecture Notes in Computer Science, vol. 7881 (Springer, 2013), pp. 520–536Google Scholar
  30. 30.
    T. Malkin, I. Teranishi, and M. Yung. Efficient circuit-size independent public key encryption with KDM security, in K.G. Paterson, editor, Proceedings of the Advances in Cryptology—EUROCRYPT 2011, 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15–19, 2011. Lecture Notes in Computer Science, vol. 6632 (Springer, 2011), pp. 507–526Google Scholar
  31. 31.
    D. Micciancio, editor. Proceedings of the Theory of Cryptography, 7th Theory of Cryptography Conference, TCC 2010, Zurich, Switzerland, February 9–11, 2010. Lecture Notes in Computer Science, vol. 5978 (Springer, 2010)Google Scholar
  32. 32.
    S. Myers and A. Shelat. Bit encryption is complete, in D. Spielman, editor, 50th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2009, Atlanta, Georgia, USA, October 25–27, 2009 (IEEE Computer Society, 2009), pp. 607–616Google Scholar
  33. 33.
    M. Naor and G. Segev. Public-key cryptosystems resilient to key leakage. SIAM J. Comput., 41(4):772–814, 2012MathSciNetCrossRefMATHGoogle Scholar
  34. 34.
    N. Nisan and D. Zuckerman. Randomness is linear in space. J. Comput. Syst. Sci., 52(1):43–52, 1996MathSciNetCrossRefMATHGoogle Scholar
  35. 35.
    P. Paillier. Public-key cryptosystems based on composite degree residuosity classes, in J. Stern, editor, Proceeding of the Advances in Cryptology—EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, Czech Republic, May 2–6, 1999. Lecture Notes in Computer Science, vol. 1592 (Springer, 1999), pp. 223–238Google Scholar
  36. 36.
    C. Peikert and B. Waters. Lossy trapdoor functions and their applications. SIAM J. Comput., 40(6):1803–1844, 2011MathSciNetCrossRefMATHGoogle Scholar
  37. 37.
    O. Reingold, L. Trevisan, and S. Vadhan. Notions of reducibility between cryptographic primitives, in M. Naor, editor, Proceedings of the Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, Cambridge, MA, USA, February 19–21, 2004. Lecture Notes in Computer Science, vol. 2951 (Springer, 2004), pp. 1–20Google Scholar
  38. 38.
    A. Rosen and G. Segev. Chosen-ciphertext security via correlated products. SIAM J. Comput., 39(7):3058–3088, 2010MathSciNetCrossRefMATHGoogle Scholar
  39. 39.
    R. D. Rothblum. On the circular security of bit-encryption, in A. Sahai, editor, Proceedings of the Theory of Cryptography, The Tenth Theory of Cryptography Conference, TCC 2013, Tokyo, Japan, March 3–6, 2013. Lecture Notes in Computer Science, vol. 7785 (Springer, 2013), pp. 579–598Google Scholar
  40. 40.
    Y. Vahlis. Two is a crowd? a black-box separation of one-wayness and security under correlated inputs. In Micciancio [31], pp. 165–182Google Scholar
  41. 41.
    D. Wagner, editor. Proceedings of the Advances in Cryptology—CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2008. Lecture Notes in Computer Science, vol. 5157 (Springer, 2008)Google Scholar
  42. 42.
    H. Wee. Dual projective hashing and its applicationslossy trapdoor functions and more, in D. Pointcheval and T. Johansson, editors, Proceedings of the Advances in Cryptology—EUROCRYPT 2012, 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15–19, 2012. Lecture Notes in Computer Science, vol. 7237 (Springer, 2012), pp. 246–262Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity College LondonLondonUK
  2. 2.Department of Computer ScienceUniversity of VictoriaVictoriaCanada

Personalised recommendations