Advertisement

Adversary-Dependent Lossy Trapdoor Function from Hardness of Factoring Semi-smooth RSA Subgroup Moduli

  • Takashi YamakawaEmail author
  • Shota Yamada
  • Goichiro Hanaoka
  • Noboru Kunihiro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9815)

Abstract

Lossy trapdoor functions (LTDFs), proposed by Peikert and Waters (STOC’08), are known to have a number of applications in cryptography. They have been constructed based on various assumptions, which include the quadratic residuosity (QR) and decisional composite residuosity (DCR) assumptions, which are factoring-based decision assumptions. However, there is no known construction of an LTDF based on the factoring assumption or other factoring-related search assumptions. In this paper, we first define a notion of adversary-dependent lossy trapdoor functions (ad-LTDFs) that is a weaker variant of LTDFs. Then we construct an ad-LTDF based on the hardness of factorizing RSA moduli of a special form called semi-smooth RSA subgroup (SS) moduli proposed by Groth (TCC’05). Moreover, we show that ad-LTDFs can replace LTDFs in many applications. Especially, we obtain the first factoring-based deterministic encryption scheme that satisfies the security notion defined by Boldyreva et al. (CRYPTO’08) without relying on a decision assumption. Besides direct applications of ad-LTDFs, by a similar technique, we construct a chosen ciphertext secure public key encryption scheme whose ciphertext overhead is the shortest among existing schemes based on the factoring assumption w.r.t. SS moduli.

Keywords

Oblivious Transfer Probabilistic Polynomial Time Probabilistic Polynomial Time Algorithm Probabilistic Polynomial Time Adversary Quadratic Residuosity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgment

We would like to thank the anonymous reviewers and members of the study group “Shin-Akarui-Angou-Benkyou-Kai” for their helpful comments. Especially, we would like to thank the reviewer of EUROCRYPT 2016 who suggested to use the term “adversary-dependent” instead of “generalized”, and Atsushi Takayasu for giving us useful comments on the Coppersmith theorem. This work was supported by CREST, JST and JSPS KAKENHI Grant Number 14J03467.

References

  1. 1.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic encryption: definitional equivalences and constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 360–378. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364–383 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Coron, J.-S., Joux, A., Mandal, A., Naccache, D., Tibouchi, M.: Cryptanalysis of the RSA subgroup assumption from TCC 2005. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 147–155. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Crandall, R., Pomerance, C.: Prime Numbers: A Computational Perspective, 2nd edn. Springer, New York (2005)zbMATHGoogle Scholar
  10. 10.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 279–295. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: STOC, pp. 25–32 (1989)Google Scholar
  13. 13.
    Groth, J.: Cryptography in subgroups of \(Z_n^*\). In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 50–65. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Hanaoka, G., Matsuda, T., Schuldt, J.C.N.: On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 812–831. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58(301), 13–30 (1963)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 637–653. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Hofheinz, D., Kiltz, E.: Practical chosen ciphertext secure encryption from factoring. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 313–332. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Kiltz, E., Mohassel, P., O’Neill, A.: Adaptive trapdoor functions and chosen-ciphertext security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 673–692. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Kiltz, E., O’Neill, A., Smith, A.: Instantiability of RSA-OAEP under chosen-plaintext attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295–313. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Lenstra Jr., H.W.: Factoring integers with elliptic curves. Ann. Math. 126(3), 649–673 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Lu, X., Li, B., Liu, Y.: How to remove the exponent GCD in HK09. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 239–248. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  24. 24.
    Lu, X., Li, B., Mei, Q., Liu, Y.: Improved efficiency of chosen ciphertext secure encryption from factoring. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 34–45. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  25. 25.
    Mei, Q., Li, B., Lu, X., Jia, D.: Chosen ciphertext secure encryption under factoring assumption revisited. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 210–227. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  26. 26.
    Naccache, D., Stern, J.: A new public key cryptosystem based on higher residues. In: ACM Conference on Computer and Communications Security, pp. 59–66 (1998)Google Scholar
  27. 27.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC, pp. 187–196 (2008)Google Scholar
  28. 28.
    Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over gf(p) and its cryptographic significance (corresp.). IEEE Trans. Inf. Theor. 24(1), 106–110 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Pollard, J.M.: Theorems of factorization and primality testing. In: Proceedings of the cambridge philosophical society, vol. 76, pp. 521–528 (1974)Google Scholar
  30. 30.
    Pollard, J.M.: A monte carlo method for factorization. BIT 15, 331–334 (1975)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Pollard, J.M.: Monte Carlo methods for index computation (mod p). Math. Comput. 32, 918–924 (1978)MathSciNetzbMATHGoogle Scholar
  32. 32.
    Raghunathan, A., Segev, G., Vadhan, S.: Deterministic public-key encryption for adaptively chosen plaintext distributions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 93–110. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  33. 33.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84–93 (2005)Google Scholar
  34. 34.
    Shanks, D.: Class number, a theory of factorization, and genera. In: 1969 Number Theory Institute (Proceedings of the Symposium Pure Mathematics, vol. XX, State University New York, Stony Brook, N.Y., 1969), pp. 415–440, Providence, R.I (1971)Google Scholar
  35. 35.
    Trevisan, L., Vadhan, S.P.: Extracting randomness from samplable distributions. In: 41st Annual Symposium on Foundations of Computer Science, FOCS 2000, 12–14 November 2000, Redondo Beach, California, USA, pp. 32–42 (2000)Google Scholar
  36. 36.
    Xue, H., Li, B., Lu, X., Jia, D., Liu, Y.: Efficient lossy trapdoor functions based on subgroup membership assumptions. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 235–250. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  37. 37.
    Yamakawa, T., Yamada, S., Nuida, K., Hanaoka, G., Kunihiro, N.: Chosen ciphertext security on hard membership decision groups: the case of semi-smooth subgroups of quadratic residues. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 558–577. Springer, Heidelberg (2014)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Takashi Yamakawa
    • 1
    • 2
    Email author
  • Shota Yamada
    • 2
  • Goichiro Hanaoka
    • 2
  • Noboru Kunihiro
    • 1
  1. 1.The University of TokyoChibaJapan
  2. 2.National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan

Personalised recommendations