Black-Box Separations for One-More (Static) CDH and Its Generalization

  • Jiang Zhang
  • Zhenfeng Zhang
  • Yu Chen
  • Yanfei Guo
  • Zongyang Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8874)

Abstract

As one-more problems are widely used in both proving and analyzing the security of various cryptographic schemes, it is of fundamental importance to investigate the hardness of the one-more problems themselves. Bresson et al. (CT-RSA ’08) first showed that it is difficult to rely the hardness of some one-more problems on the hardness of their “regular” ones. Pass (STOC ’11) then gave a stronger black-box separation showing that the hardness of some one-more problems cannot be based on standard assumptions using black-box reductions. However, since previous works only deal with one-more problems whose solution can be efficiently checked, the relation between the hardness of the one-more (static) CDH problem over non-bilinear groups and other hard problems is still unclear. In this work, we give the first impossibility results showing that black-box reductions cannot be used to base the hardness of the one-more (static) CDH problem (over groups where the DDH problem is still hard) on any standard hardness assumption. Furthermore, we also extend the impossibility results to a class of generalized “one-more” problems, which not only subsume/strengthen many existing separations for traditional one-more problems, but also give new separations for many other interesting “one-more” problems.

Keywords

Blind Signature Test Algorithm Security Parameter Discrete Logarithm Problem Impossibility Result 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Feigenbaum, J., Kilian, J.: On hiding information from an oracle. Journal of Computer and System Sciences 39(1), 21–50 (1989)CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. Journal of Cryptology 22(1), 1–61 (2009)CrossRefMATHMathSciNetGoogle Scholar
  4. 4.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The power of RSA inversion oracles and the security of Chaum’s RSA-based blind signature scheme. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 309–328. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. Journal of Cryptology 16(3), 185–215 (2003)CrossRefMATHMathSciNetGoogle Scholar
  6. 6.
    Bellare, M., Neven, G.: Transitive signatures: new schemes and proofs. IEEE Transactions on Information Theory 51(6), 2133–2151 (2005)CrossRefMATHMathSciNetGoogle Scholar
  7. 7.
    Bellare, M., Palacio, A.: GQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162–177. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Venkatesan, R.: Breaking RSA may not be equivalent to factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Bresson, E., Monnerat, J., Vergnaud, D.: Separation results on the “one-more” computational problems. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 71–87. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Brown, D.R.L.: Irreducibility to the one-more evaluation problems: More may be less. Cryptology ePrint Archive, Report 2007/435 (2007)Google Scholar
  12. 12.
    Brown, D.R.L., Gallant, R.P.: The static Diffie-Hellman problem. Cryptology ePrint Archive, Report 2004/306 (2004)Google Scholar
  13. 13.
    Canard, S., Gouget, A., Traoré, J.: Improvement of efficiency in (unconditional) anonymous transferable e-cash. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 202–214. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Canetti, R., Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Adaptive security for threshold cryptosystems. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 98–115. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  15. 15.
    Canetti, R., Lin, H., Pass, R.: Adaptive hardness and composable security in the plain model from standard assumptions. In: FOCS, pp. 541–550 (2010)Google Scholar
  16. 16.
    Cash, D., Kiltz, E., Shoup, V.: The twin Diffie-Hellman problem and applications. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127–145. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO, pp. 199–203 (1982)Google Scholar
  18. 18.
    Chen, Y., Huang, Q., Zhang, Z.: Sakai-ohgishi-kasahara identity-based non-interactive key exchange scheme, revisited. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 274–289. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  19. 19.
    De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear complexity. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 143–159. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Deng, Y., Goyal, V., Sahai, A.: Resolving the simultaneous resettability conjecture and a new non-black-box simulation strategy. In: FOCS, pp. 251–260 (2009)Google Scholar
  21. 21.
    Dodis, Y., Haitner, I., Tentes, A.: On the instantiability of hash-and-sign RSA signatures. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 112–132. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  22. 22.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. Journal of the ACM 51(6), 851–898 (2004)CrossRefMATHMathSciNetGoogle Scholar
  23. 23.
    Fiore, D., Schröder, D.: Uniqueness is a different story: Impossibility of verifiable random functions from trapdoor permutations. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 636–653. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Fischlin, M.: Black-box reductions and separations in cryptography. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 413–422. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  25. 25.
    Fischlin, M., Fleischhacker, N.: Limitations of the meta-reduction technique: The case of Schnorr signatures. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 444–460. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  26. 26.
    Fischlin, M., Schröder, D.: On the impossibility of three-move blind signature schemes. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 197–215. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Garg, S., Bhaskar, R., Lokam, S.V.: Improved bounds on security reductions for discrete log based signatures. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 93–107. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC, pp. 99–108 (2011)Google Scholar
  29. 29.
    Granger, R.: On the static Diffie-Hellman problem on elliptic curves over extension fields. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 283–302. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Herranz, J., Laguillaumie, F.: Blind ring signatures secure under the chosen-target-CDH assumption. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 117–130. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Joux, A., Lercier, R., Naccache, D., Thomé, E.: Oracle-assisted static Diffie-Hellman is easier than discrete logarithms. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 351–367. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  32. 32.
    Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  33. 33.
    Katz, J., Schröder, D., Yerukhimovich, A.: Impossibility of blind signatures from one-way permutations. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 615–629. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  34. 34.
    Koblitz, N., Menezes, A.: Another look at non-standard discrete log and Diffie-Hellman problems. Cryptology ePrint Archive, Report 2007/442 (2007)Google Scholar
  35. 35.
    Okamoto, T., Pointcheval, D.: The Gap-problems: A new class of problems for the security of cryptographic schemes. In: Kim, K.-C. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  36. 36.
    Paillier, P., Vergnaud, D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  37. 37.
    Pass, R.: Limits of provable security from standard assumptions. In: STOC, pp. 109–118 (2011)Google Scholar
  38. 38.
    Pass, R., Venkitasubramaniam, M.: On constant-round concurrent zero-knowledge. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 553–570. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  39. 39.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000)CrossRefMATHGoogle Scholar
  40. 40.
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: FOCS, pp. 366–375 (2002)Google Scholar
  41. 41.
    Richardson, R., Kilian, J.: On the concurrent composition of zero-knowledge proofs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 415–431. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  42. 42.
    Seurin, Y.: On the exact security of Schnorr-type signatures in the random oracle model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 554–571. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Jiang Zhang
    • 1
  • Zhenfeng Zhang
    • 1
  • Yu Chen
    • 2
  • Yanfei Guo
    • 1
  • Zongyang Zhang
    • 3
  1. 1.Trusted Computing and Information Assurance Laboratory, State Key Laboratory of Computer Science, Institute of SoftwareChinese Academy of SciencesP.R. China
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesP.R. China
  3. 3.National Institute of Advanced Industrial Science and Technology (AIST)Japan

Personalised recommendations