Skip to main content

Cryptographic Primitives with Hinting Property

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2022 (ASIACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13791))

  • 882 Accesses

Abstract

A hinting PRG is a (potentially) stronger variant of PRG with a “deterministic” form of circular security with respect to the seed of the PRG (Koppula and Waters, CRYPTO 2019). Hinting PRGs enable many cryptographic applications, most notably CCA-secure public-key encryption and trapdoor functions. In this paper, we study cryptographic primitives with the hinting property, yielding the following results:

  • We present a novel and conceptually simpler approach for designing hinting PRGs from certain decisional assumptions over cyclic groups or isogeny-based group actions, which enables simpler security proofs as compared to the existing approaches for designing such primitives.

  • We introduce hinting weak PRFs, a natural extension of the hinting property to weak PRFs, and show how to realize circular/KDM-secure symmetric-key encryption from any hinting weak PRF. We demonstrate that our simple approach for building hinting PRGs can be extended to realize hinting weak PRFs from the same set of decisional assumptions.

  • We propose a stronger version of the hinting property, which we call the functional hinting property, that guarantees security even in the presence of hints about functions of the secret seed/key. We show how to instantiate functional hinting PRGs and functional hinting weak PRFs for certain (families of) functions by building upon our simple techniques for realizing plain hinting PRGs/weak PRFs. We also demonstrate the applicability of a functional hinting weak PRF with certain algebraic properties in realizing KDM-secure public-key encryption in a black-box manner.

  • Finally, we show the first black-box separation between hinting weak PRFs (and hinting PRGs) from public-key encryption using simple realizations of these primitives given only a random oracle.

S. Patranabis—Work done while at VISA Research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The original definition of hinting PRG in [KW19] uses an additional output element \(z_0\in Y\) which has no hint about the seed of the PRG. We omit this element from the definition of hinting PRG here for simplicity of exposition.

  2. 2.

    Specifically, the authors of [KW19] use the set \(\{ 0,1 \}^{\ell }\) for each block (where \(\ell \) is fixed during the setup) whereas we use a sufficiently large (efficiently representable) set Y. Our definition allows defining hinting PRG in a setting where Y does not necessarily have a compact representation, i.e., when each element of Y is represented using more than \({\log {| Y |}}\) bits (which is the case for isogeny-based group actions). One can obtain a hinting PRG with bit-string blocks by using a suitable (statistical) extractor.

  3. 3.

    For any matrix with \(n + 1\) rows, we number rows from 0 to n.

  4. 4.

    Note that given any vector of group elements \([\textbf{v}] \in \mathbb {G}^n\) and any vector \(\textbf{s}\in \{ 0,1 \}^n\), one can efficiently compute \([\langle \textbf{v}, \textbf{s}\rangle ]\) without the need to solve the discrete log problem.

  5. 5.

    This is simply Lemma 2 with \(k = n + 1\), where we wrote the first row separately.

  6. 6.

    As before, we number rows from 0 to n.

  7. 7.

    Note that we cannot use the bit representation of an element of X to generate a group element G without using extractor, because for some EGAs (and in particular for isogeny-based group actions), elements of X do not have compact represenation.

  8. 8.

    \(\textbf{m}_i\) denotes the i row of \(\textbf{M}\).

  9. 9.

    Note that given any matrix of group elements \([\textbf{M}] \in \mathbb {G}^{n \times n}\) and any binary vector \(\textbf{s}\in \{ 0,1 \}^n\), one can efficiently compute \([\textbf{s}^t \textbf{M}\textbf{s}]\).

  10. 10.

    Note that this is simply Lemma 3 with \(n^2 + 1\) samples.

  11. 11.

    Note that we are using Lemma 3 with \(Q \cdot n^2 = {{\,\textrm{poly}\,}}(\lambda )\) samples.

References

  1. Alamati, N., De Feo, L., Montgomery, H., Patranabis, S.: Cryptographic group actions and applications. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part II. LNCS, vol. 12492, pp. 411–439. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_14

    Chapter  Google Scholar 

  2. Alamati, N., Montgomery, H., Patranabis, S.: Symmetric primitives with structured secrets. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part I. LNCS, vol. 11692, pp. 650–679. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_23

    Chapter  Google Scholar 

  3. Applebaum, B.: Key-dependent message security: generic amplification and completeness. J. Cryptol. 27(3), 429–451 (2014)

    Article  MATH  Google Scholar 

  4. Booher, J., et al.: Failing to hash into supersingular isogeny graphs. IACR Cryptol. ePrint Arch., p. 518 (2022)

    Google Scholar 

  5. Brakerski, Z., Goldwasser, S., Kalai, Y.T.: Black-box circular-secure encryption beyond affine functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 201–218. Springer, Heidelberg (2011)

    Google Scholar 

  6. Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision Diffie-Hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_7

    Chapter  Google Scholar 

  7. Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh: efficient isogeny based signatures through class group computations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part I. LNCS, vol. 11921, pp. 227–247. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_9

    Chapter  Google Scholar 

  8. Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_6

    Chapter  MATH  Google Scholar 

  9. Cho, C., Döttling, N., Garg, S., Gupta, D., Miao, P., Polychroniadou, A.: Laconic oblivious transfer and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part II. LNCS, vol. 10402, pp. 33–65. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_2

    Chapter  Google Scholar 

  10. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part III. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  11. Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 279–295. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13013-7_17

    Chapter  Google Scholar 

  12. Garg, S., Hajiabadi, M., Malavolta, G., Ostrovsky, R.: How to build a trapdoor function from an encryption scheme. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 220–249. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_8

    Chapter  Google Scholar 

  13. Garg, R., Khurana, D., Lu, G., Waters, B.: Black-box non-interactive non-malleable commitments. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12698, pp. 159–185. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_6

    Chapter  Google Scholar 

  14. Goyal, R., Vusirikala, S., Waters, B.: New constructions of hinting PRGs, OWFs with encryption, and more. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part I. LNCS, vol. 12170, pp. 527–558. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_18

    Chapter  Google Scholar 

  15. Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st ACM STOC, pp. 44–61. ACM Press, May 1989

    Google Scholar 

  16. Kitagawa, F., Matsuda, T.: CPA-to-CCA transformation for KDM security. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019, Part II. LNCS, vol. 11892, pp. 118–148. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36033-7_5

    Chapter  Google Scholar 

  17. Kitagawa, F., Matsuda, T.: Circular security is complete for KDM security. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part I. LNCS, vol. 12491, pp. 253–285. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_9

    Chapter  Google Scholar 

  18. Kitagawa, F., Matsuda, T., Tanaka, K.: CCA security and trapdoor functions via key-dependent-message security. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 33–64. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_2

    Chapter  Google Scholar 

  19. Kitagawa, F., Matsuda, T., Tanaka, K.: Simple and efficient KDM-CCA secure public key encryption. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part III. LNCS, vol. 11923, pp. 97–127. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_4

    Chapter  Google Scholar 

  20. Koppula, V., Waters, B.: Realizing chosen ciphertext security generically in attribute-based encryption and predicate encryption. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 671–700. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_23

    Chapter  MATH  Google Scholar 

  21. Khurana, D., Waters, B.: On the CCA compatibility of public-key infrastructure. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 235–260. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_9

    Chapter  MATH  Google Scholar 

  22. Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 187–196. ACM Press, May 2008

    Google Scholar 

  23. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 1–40 (2009). Preliminary version in STOC 2005

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Navid Alamati .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alamati, N., Patranabis, S. (2022). Cryptographic Primitives with Hinting Property. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13791. Springer, Cham. https://doi.org/10.1007/978-3-031-22963-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22963-3_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22962-6

  • Online ISBN: 978-3-031-22963-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics