Advertisement

Structure-Preserving Smooth Projective Hashing

  • Olivier Blazy
  • Céline Chevalier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10032)

Abstract

Smooth projective hashing has proven to be an extremely useful primitive, in particular when used in conjunction with commitments to provide implicit decommitment. This has lead to applications proven secure in the UC framework, even in presence of an adversary which can do adaptive corruptions, like for example Password Authenticated Key Exchange (\(\mathsf {PAKE}\)), and 1-out-of-m Oblivious Transfer (\(\textsf {OT} \)). However such solutions still lack in efficiency, since they heavily scale on the underlying message length.

Structure-preserving cryptography aims at providing elegant and efficient schemes based on classical assumptions and standard group operations on group elements. Recent trend focuses on constructions of structure-preserving signatures, which require message, signature and verification keys to lie in the base group, while the verification equations only consist of pairing-product equations. Classical constructions of Smooth Projective Hash Function suffer from the same limitation as classical signatures: at least one part of the computation (messages for signature, witnesses for SPHF) is a scalar.

In this work, we introduce and instantiate the concept of Structure-Preserving Smooth Projective Hash Function, and give as applications more efficient instantiations for one-round \(\mathsf {PAKE}\) and three-round \(\textsf {OT} \), and information retrieval thanks to Anonymous Credentials, all UC-secure against adaptive adversaries.

Keywords

Smooth projective hash functions Structure preserving Oblivious transfer Password authenticated key exchange UC Framework Credentials 

Supplementary material

References

  1. 1.
    Abdalla, M., Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D.: SPHF-friendly non-interactive commitments. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 214–234. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42033-7_12 CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Chevalier, C., Pointcheval, D.: Smooth projective hashing for conditionally extractable commitments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 671–689. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_39 CrossRefGoogle Scholar
  3. 3.
    Abe, M., Chase, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Constant-size structure-preserving signatures: generic constructions and simple assumptions. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 4–24. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34961-4_3 CrossRefGoogle Scholar
  4. 4.
    Abe, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Tagged one-time signatures: tight security and optimal tag size. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 312–331. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_20 CrossRefGoogle Scholar
  5. 5.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_12 CrossRefGoogle Scholar
  6. 6.
    Abe, M., Groth, J., Haralambiev, K., Ohkubo, M.: Optimal structure-preserving signatures in asymmetric bilinear groups. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 649–666. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_37 CrossRefGoogle Scholar
  7. 7.
    Abe, M., Groth, J., Ohkubo, M., Tibouchi, M.: Structure-preserving signatures from type II pairings. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 390–407. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44371-2_22 CrossRefGoogle Scholar
  8. 8.
    Abe, M., Groth, J., Ohkubo, M., Tibouchi, M.: Unified, minimal and selectively randomizable structure-preserving signatures. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 688–712. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54242-8_29 CrossRefGoogle Scholar
  9. 9.
    Ateniese, G., Camenisch, J., Hohenberger, S., de Medeiros, B.: Practical group signatures without random oracles. Cryptology ePrint Archive, Report 2005/385 (2005). http://eprint.iacr.org/2005/385
  10. 10.
    Barak, B., Canetti, R., Lindell, Y., Pass, R., Rabin, T.: Secure computation without authentication. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 361–377. Springer, Heidelberg (2005). doi: 10.1007/11535218_22 CrossRefGoogle Scholar
  11. 11.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). doi: 10.1007/3-540-45539-6_11 CrossRefGoogle Scholar
  12. 12.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72–84. IEEE Computer Society Press, May 1992Google Scholar
  13. 13.
    Ben Hamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: Efficient UC-secure authenticated key-exchange for algebraic languages. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 272–291. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_18 CrossRefGoogle Scholar
  14. 14.
    Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_25 CrossRefGoogle Scholar
  15. 15.
    Blazy, O., Chevalier, C.: Structure-preserving smooth projective hashing. Cryptology ePrint Archive, Report 2016/258 (2016). http://eprint.iacr.org/2016/258
  16. 16.
    Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: Analysis and improvement of Lindell’s UC-secure commitment schemes. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 534–551. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38980-1_34 CrossRefGoogle Scholar
  17. 17.
    Blazy, O., Chevalier, C.: Generic construction of uc-secure oblivious transfer. Cryptology ePrint Archive, Report 2015/560 (2015)Google Scholar
  18. 18.
    Blazy, O., Chevalier, C., Vergnaud, D.: Non-interactive zero-knowledge proofs of non-membership. Cryptology ePrint Archive, Report 2015/072 (2015). http://eprint.iacr.org/
  19. 19.
    Blazy, O., Pointcheval, D., Vergnaud, D.: Round-optimal privacy-preserving protocols with smooth projective hash functions. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 94–111. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_6 CrossRefGoogle Scholar
  20. 20.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_3 CrossRefGoogle Scholar
  21. 21.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_7 CrossRefGoogle Scholar
  22. 22.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001Google Scholar
  23. 23.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_2 CrossRefGoogle Scholar
  24. 24.
    Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005). doi: 10.1007/11426639_24 CrossRefGoogle Scholar
  25. 25.
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_22 CrossRefGoogle Scholar
  26. 26.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: 34th ACM STOC, pp. 494–503. ACM Press, May 2002Google Scholar
  27. 27.
    Chaum, D.: Showing credentials without identification. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 241–244. Springer, Heidelberg (1986). doi: 10.1007/3-540-39805-8_28 CrossRefGoogle Scholar
  28. 28.
    Choi, S.G., Katz, J., Wee, H., Zhou, H.-S.: Efficient, adaptively secure, and composable oblivious transfer with a single, global CRS. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 73–88. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36362-7_6 CrossRefGoogle Scholar
  29. 29.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). doi: 10.1007/BFb0055717 CrossRefGoogle Scholar
  30. 30.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). doi: 10.1007/3-540-46035-7_4 CrossRefGoogle Scholar
  31. 31.
    Damgård, I.B.: Payment systems and credential mechanisms with provable security against abuse by individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990). doi: 10.1007/0-387-34799-2_26 CrossRefGoogle Scholar
  32. 32.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). doi: 10.1007/3-540-39568-7_2 CrossRefGoogle Scholar
  33. 33.
    Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.: An algebraic framework for diffie-hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40084-1_8 CrossRefGoogle Scholar
  34. 34.
    Fischlin, M., Libert, B., Manulis, M.: Non-interactive and re-usable universally composable string commitments with adaptive security. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 468–485. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25385-0_25 CrossRefGoogle Scholar
  35. 35.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_33 CrossRefGoogle Scholar
  36. 36.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_24 CrossRefGoogle Scholar
  37. 37.
    Hofheinz, D., Müller-Quade, J.: Universally composable commitments using random oracles. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 58–76. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24638-1_4 CrossRefGoogle Scholar
  38. 38.
    Horvitz, O., Katz, J.: Universally-composable two-party computation in two rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74143-5_7 CrossRefGoogle Scholar
  39. 39.
    Jutla, C., Roy, A.: Smooth nizk arguments with applications to asymmetric uc-pake. Cryptology ePrint Archive, Report 2016/233 (2016). http://eprint.iacr.org/
  40. 40.
    Jutla, C.S., Roy, A.: Dual-system simulation-soundness with applications to uc-pake and more. Cryptology ePrint Archive, Report 2014/805 (2014)Google Scholar
  41. 41.
    Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 78–95. Springer, Heidelberg (2005). doi: 10.1007/11426639_5 CrossRefGoogle Scholar
  42. 42.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). doi: 10.1007/3-540-44987-6_29 CrossRefGoogle Scholar
  43. 43.
    Katz, J., Vaikuntanathan, V.: Smooth projective hashing and password-based authenticated key exchange from lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 636–652. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-10366-7_37 CrossRefGoogle Scholar
  44. 44.
    Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_18 CrossRefGoogle Scholar
  45. 45.
    Kiltz, E., Pan, J., Wee, H.: Structure-preserving signatures from standard assumptions, revisited. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 275–295. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_14 CrossRefGoogle Scholar
  46. 46.
    Li, N., Du, W., Boneh, D.: Oblivious signature-based envelope. In: Borowsky, E., Rajsbaum, S. (eds.) 22nd ACM PODC, pp. 182–189. ACM, Jul 2003Google Scholar
  47. 47.
    Lindell, Y.: Highly-efficient universally-composable commitments based on the DDH assumption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 446–466. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_25 CrossRefGoogle Scholar
  48. 48.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Kosaraju, S.R. (ed.) 12th SODA, pp. 448–457. ACM-SIAM, January 2001Google Scholar
  49. 49.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, pp. 427–437. ACM Press, May 1990Google Scholar
  50. 50.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_31 CrossRefGoogle Scholar
  51. 51.
    Rabin, M.O.: How to exchange secrets with oblivious transfer. Technical Report TR81, Harvard University (1981)Google Scholar
  52. 52.
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). doi: 10.1007/3-540-46766-1_35 Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Université de Limoges, XLimLimogesFrance
  2. 2.CRED, Université Panthéon-AssasParisFrance

Personalised recommendations