Regularly Lossy Functions and Applications

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10808)

Abstract

In STOC 2008, Peikert and Waters introduced a powerful primitive called lossy trapdoor functions (LTFs). In a nutshell, LTFs are functions that behave in one of two modes. In the normal mode, functions are injective and invertible with a trapdoor. In the lossy mode, functions statistically lose information about their inputs. Moreover, the two modes are computationally indistinguishable. In this work, we put forward a relaxation of LTFs, namely, regularly lossy functions (RLFs). Compared to LTFs, the functions in the normal mode are not required to be efficiently invertible or even unnecessary to be injective. Instead, they could also be lossy, but in a regular manner. We also put forward richer abstractions of RLFs, namely all-but-one regularly lossy functions (ABO-RLFs).

We show that (ABO)-RLFs admit efficient constructions from both a variety of number-theoretic assumptions and hash proof system (HPS) for subset membership problems satisfying natural algebraic properties. Thanks to the relaxations on functionality, the constructions enjoy shorter key size and better computational efficiency than that of (ABO)-LTFs.

We demonstrate the applications of (ABO)-RLFs in leakage-resilient cryptography.

  • As a special case of RLFs, lossy functions imply leakage-resilient injective one-way functions with optimal leakage rate \(1-o(1)\).

  • ABO-RLFs immediately imply leakage-resilient message authentication code (MAC) with optimal leakage rate \(1-o(1)\), though in a weak sense.

  • ABO-RLFs together with HPS give rise to leakage-resilient chosen-ciphertext (CCA) secure key encapsulation mechanisms (KEM) (this approach extends naturally to the identity-based setting). Combining the construction of ABO-RLFs from HPS, this gives the first leakage-resilient CCA-secure public-key encryption (PKE) with optimal leakage rate based solely on HPS, and thus goes beyond the barrier posed by Dodis et al. (Asiacrypt 2010).

Notes

Acknowledgement

We thank the anonymous reviewers of CT-RSA 2018 for their useful comments.

The first author is supported by the National Key Research and Development Plan (Grant No. 2016YFB0800403), the National Natural Science Foundation of China (Grant No. 61772522), Youth Innovation Promotion Association CAS and Key Research Program of Frontier Sciences, CAS (Grant No. QYZDB-SSW-SYS035). The second author is supported by the National Natural Science Foundation of China (Grant No. 61502400). The third author is supported by the National Natural Science Foundation of China (Grant No. 61602473) and the National Cryptography Development Fund (Grant No. MMJJ20170116).

References

  1. [ADW09a]
    Alwen, J., Dodis, Y., Wichs, D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 36–54. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_3 CrossRefGoogle Scholar
  2. [ADW09b]
    Alwen, J., Dodis, Y., Wichs, D.: Survey: leakage resilience and the bounded retrieval model. In: Kurosawa, K. (ed.) ICITS 2009. LNCS, vol. 5973, pp. 1–18. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14496-7_1 CrossRefGoogle Scholar
  3. [AGV09]
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_28 CrossRefGoogle Scholar
  4. [BFO08]
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random Oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_19 CrossRefGoogle Scholar
  5. [BG10]
    Brakerski, Z., Goldwasser, S.: Circular and leakage resilient public-key encryption under subgroup indistinguishability. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 1–20. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14623-7_1 CrossRefGoogle Scholar
  6. [BHHO08]
    Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision Diffie-Hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_7 CrossRefGoogle Scholar
  7. [BHSV98]
    Bellare, M., Halevi, S., Sahai, A., Vadhan, S.: Many-to-one trapdoor functions and their relation to public-key cryptosystems. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 283–298. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0055735 CrossRefGoogle Scholar
  8. [BL17]
    Boyen, X., Li, Q.: All-but-many lossy trapdoor functions from lattices and applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 298–331. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_11 CrossRefGoogle Scholar
  9. [BW10]
    Boyen, X., Waters, B.: Shrinking the keys of discrete-log-type lossy trapdoor functions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 35–52. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13708-2_3 CrossRefGoogle Scholar
  10. [CS02]
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_4 CrossRefGoogle Scholar
  11. [DHLW10]
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient public-key cryptography in the presence of key leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_35 CrossRefGoogle Scholar
  12. [DORS08]
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRefMATHGoogle Scholar
  13. [FGK+13]
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. J. Cryptol. 26(1), 39–74 (2013)MathSciNetCrossRefMATHGoogle Scholar
  14. [GPV08]
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)Google Scholar
  15. [HK07]
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_31 CrossRefGoogle Scholar
  16. [HLAWW13]
    Hazay, C., López-Alt, A., Wee, H., Wichs, D.: Leakage-resilient cryptography from minimal assumptions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 160–176. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_10 CrossRefGoogle Scholar
  17. [HLOV11]
    Hemenway, B., Libert, B., Ostrovsky, R., Vergnaud, D.: Lossy encryption: constructions from general assumptions and efficient selective opening chosen ciphertext security. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 70–88. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_4 CrossRefGoogle Scholar
  18. [HO12]
    Hemenway, B., Ostrovsky, R.: Extended-DDH and lossy trapdoor functions. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 627–643. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_37 CrossRefGoogle Scholar
  19. [Hof12]
    Hofheinz, D.: All-but-many lossy trapdoor functions. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 209–227. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_14 CrossRefGoogle Scholar
  20. [Hof13]
    Hofheinz, D.: Circular chosen-ciphertext security with compact ciphertexts. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 520–536. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_31 CrossRefGoogle Scholar
  21. [KD04]
    Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_26 CrossRefGoogle Scholar
  22. [KMO10]
    Kiltz, E., Mohassel, P., O’Neill, A.: Adaptive trapdoor functions and chosen-ciphertext security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 673–692. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_34 CrossRefGoogle Scholar
  23. [Kom16]
    Komargodski, I.: Leakage resilient one-way functions: the auxiliary-input setting. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 139–158. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53641-4_6 CrossRefGoogle Scholar
  24. [KOS17]
    Kiltz, E., O’Neill, A., Smith, A.D.: Instantiability of RSA-OAEP under chosen-plaintext attack. J. Cryptol. 30(3), 889–919 (2017)MathSciNetCrossRefMATHGoogle Scholar
  25. [KPSY09]
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_34 CrossRefGoogle Scholar
  26. [KV09]
    Katz, J., Vaikuntanathan, V.: Signature schemes with bounded leakage resilience. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 703–720. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_41 CrossRefGoogle Scholar
  27. [LWZ13]
    Liu, S., Weng, J., Zhao, Y.: Efficient public key cryptosystem resilient to key leakage chosen ciphertext attacks. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 84–100. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36095-4_6 CrossRefGoogle Scholar
  28. [MY10]
    Mol, P., Yilek, S.: Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 296–311. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13013-7_18 CrossRefGoogle Scholar
  29. [NS09]
    Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_2 CrossRefGoogle Scholar
  30. [PW08]
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC, pp. 187–196 (2008)Google Scholar
  31. [QL13]
    Qin, B., Liu, S.: Leakage-resilient chosen-ciphertext secure public-key encryption from hash proof system and one-time lossy filter. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 381–400. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42045-0_20 CrossRefGoogle Scholar
  32. [QL14]
    Qin, B., Liu, S.: Leakage-flexible CCA-secure public-key encryption: simple construction and free of pairing. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 19–36. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54631-0_2 CrossRefGoogle Scholar
  33. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93 (2005)Google Scholar
  34. [RS09]
    Rosen, A., Segev, G.: Chosen-ciphertext security via correlated products. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 419–436. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_25 CrossRefGoogle Scholar
  35. [Wee12]
    Wee, H.: Dual projective hashing and its applications — lossy trapdoor functions and more. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 246–262. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_16 CrossRefGoogle Scholar
  36. [XLL+13]
    Xue, H., Li, B., Lu, X., Jia, D., Liu, Y.: Efficient lossy trapdoor functions based on subgroup membership assumptions. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 235–250. Springer, Cham (2013).  https://doi.org/10.1007/978-3-319-02937-5_13 CrossRefGoogle Scholar
  37. [Zha16]
    Zhandry, M.: The magic of ELFs. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 479–508. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_18 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.National Engineering Laboratory for Wireless SecurityXi’an University of Posts and TelecommunicationsXi’anChina

Personalised recommendations