Advertisement

On Tightly Secure Non-Interactive Key Exchange

  • Julia Hesse
  • Dennis Hofheinz
  • Lisa Kohl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10992)

Abstract

We consider the reduction loss of security reductions for non-interactive key exchange (NIKE) schemes. Currently, no tightly secure NIKE schemes exist, and in fact Bader et al. (EUROCRYPT 2016) provide a lower bound (of \(\varOmega (n^2)\), where \(n\) is the number of parties an adversary interacts with) on the reduction loss for a large class of NIKE schemes.

We offer two results: the first NIKE scheme with a reduction loss of \(n/2\) that circumvents the lower bound of Bader et al., but is of course still far from tightly secure. Second, we provide a generalization of Bader et al.’s lower bound to a larger class of NIKE schemes (that also covers our NIKE scheme), with an adapted lower bound of \(n/2\) on the reduction loss. Hence, in that sense, the reduction for our NIKE scheme is optimal.

Notes

Acknowledgements

We would like to thank Kenny Paterson for collaboration at early stages of this work. Also, we would like to thank the anonymous reviewers of Crypto 2018 for their helpful comments.

References

  1. 1.
    Abe, M., Hofheinz, D., Nishimaki, R., Ohkubo, M., Pan, J.: Compact structure-preserving signatures with almost tight security. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part II. LNCS, vol. 10402, pp. 548–580. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63715-0_19CrossRefGoogle Scholar
  2. 2.
    Abe, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Tagged one-time signatures: tight security and optimal tag size. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 312–331. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36362-7_20CrossRefGoogle Scholar
  3. 3.
    Attrapadung, N., Hanaoka, G., Yamada, S.: A framework for identity-based encryption with almost tight security. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 521–549. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_22CrossRefGoogle Scholar
  4. 4.
    Bader, C., Jager, T., Li, Y., Schäge, S.: On the impossibility of tight cryptographic reductions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 273–304. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_10CrossRefGoogle Scholar
  5. 5.
    Bader, C., Hofheinz, D., Jager, T., Kiltz, E., Li, Y.: Tightly-secure authenticated key exchange. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part I. LNCS, vol. 9014, pp. 629–658. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46494-6_26CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_18CrossRefzbMATHGoogle Scholar
  7. 7.
    Blazy, O., Kiltz, E., Pan, J.: (Hierarchical) identity-based encryption from affine message authentication. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 408–425. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_23CrossRefGoogle Scholar
  8. 8.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (Extended Abstract). In: Proceedings of 20th ACM STOC, pp. 103–112. ACM Press, May 1988Google Scholar
  9. 9.
    Boneh, D., Venkatesan, R.: Breaking RSA may not be equivalent to factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054117CrossRefGoogle Scholar
  10. 10.
    Cash, D., Kiltz, E., Shoup, V.: The Twin Diffie-Hellman problem and applications. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127–145. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_8CrossRefGoogle Scholar
  11. 11.
    Chen, J., Wee, H.: Fully, (almost) tightly secure IBE and dual system groups. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 435–460. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_25CrossRefGoogle Scholar
  12. 12.
    Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_18CrossRefGoogle Scholar
  13. 13.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_4CrossRefGoogle Scholar
  14. 14.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.: An algebraic framework for Diffie-Hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_8CrossRefGoogle Scholar
  16. 16.
    Fleischhacker, N., Jager, T., Schröder, D.: On tight security proofs for Schnorr signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 512–531. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_27CrossRefGoogle Scholar
  17. 17.
    Freire, E.S.V., Hofheinz, D., Kiltz, E., Paterson, K.G.: Non-interactive key exchange. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 254–271. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36362-7_17CrossRefzbMATHGoogle Scholar
  18. 18.
    Garg, S., Bhaskar, R., Lokam, S.V.: Improved bounds on security reductions for discrete log based signatures. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 93–107. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_6CrossRefGoogle Scholar
  19. 19.
    Gay, R., Hofheinz, D., Kohl, L.: Kurosawa-Desmedt meets tight security. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 133–160. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_5CrossRefGoogle Scholar
  20. 20.
    Gay, R., Hofheinz, D., Kiltz, E., Wee, H.: Tightly CCA-secure encryption without pairings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 1–27. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_1CrossRefGoogle Scholar
  21. 21.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_33CrossRefGoogle Scholar
  22. 22.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Gong, J., Chen, J., Dong, X., Cao, Z., Tang, S.: Extended nested dual system groups, revisited. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016, Part I. LNCS, vol. 9614, pp. 133–163. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49384-7_6CrossRefGoogle Scholar
  24. 24.
    Guo, F., Chen, R., Susilo, W., Lai, J., Yang, G., Mu, Y.: Optimal security reductions for unique signatures: bypassing impossibilities with a counterexample. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part II. LNCS, vol. 10402, pp. 517–547. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63715-0_18CrossRefGoogle Scholar
  25. 25.
    Hesse, J., Hofheinz, D., Kohl, L.: On tightly secure non-interactive key exchange. In: IACR Cryptology ePrint Archive 2018, p. 237 (2018). http://eprint.iacr.org/2018/237
  26. 26.
    Hofheinz, D.: Adaptive partitioning. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10212, pp. 489–518. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56617-7_17CrossRefGoogle Scholar
  27. 27.
    Hofheinz, D.: Algebraic partitioning: fully compact and (almost) tightly secure cryptography. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016, Part I. LNCS, vol. 9562, pp. 251–281. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_11CrossRefzbMATHGoogle Scholar
  28. 28.
    Hofheinz, D., Jager, T.: Tightly secure signatures and public-key encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 590–607. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_35CrossRefGoogle Scholar
  29. 29.
    Hofheinz, D., Jager, T., Knapp, E.: Waters signatures with optimal security reduction. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 66–83. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_5CrossRefGoogle Scholar
  30. 30.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_31CrossRefGoogle Scholar
  31. 31.
    Hofheinz, D., Koch, J., Striecks, C.: Identity-based encryption with (almost) tight security in the multi-instance, multi-ciphertext setting. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 799–822. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_36CrossRefGoogle Scholar
  32. 32.
    Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 537–553. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_32CrossRefGoogle Scholar
  33. 33.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_29CrossRefGoogle Scholar
  34. 34.
    Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM CCS 03, pp. 155–164. ACM Press, October 2003Google Scholar
  35. 35.
    Lewko, A., Waters, B.: Why proving HIBE systems secure is difficult. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 58–76. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_4CrossRefGoogle Scholar
  36. 36.
    Libert, B., Peters, T., Joye, M., Yung, M.: Compactly hiding linear spans. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 681–707. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_28CrossRefGoogle Scholar
  37. 37.
    Libert, B., Joye, M., Yung, M., Peters, T.: Concise multi-challenge CCA-secure encryption and signatures with almost tight security. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 1–21. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45608-8_1CrossRefGoogle Scholar
  38. 38.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of 22nd ACM STOC, pp. 427–437. ACM Press, May 1990Google Scholar
  39. 39.
    Seurin, Y.: On the exact security of Schnorr-type signatures in the random oracle model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 554–571. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_33CrossRefzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Technische Universität DarmstadtDarmstadtGermany
  2. 2.Karlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations