Advertisement

Publicly Evaluable Pseudorandom Functions and Their Applications

  • Yu Chen
  • Zongyang Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8642)

Abstract

We put forth the notion of publicly evaluable pseudorandom functions (PEPRFs), which is a non-trivial extension of the standard pseudorandom functions (PRFs). Briefly, PEPRFs are defined over domain X containing an NP language L in which the witness is hard to extract on average, and each secret key sk is associated with a public key pk. For any x ∈ L, in addition to evaluate F sk (x) using sk as in the standard PRFs, one is also able to evaluate F sk (x) with pk, x and a witness w for x ∈ L. We conduct a formal study of PEPRFs, focusing on applications, constructions, and extensions. In more details:

  • We show how to construct public-key encryption scheme (PKE) from PEPRFs. The construction is simple, black-box, and admits a direct proof of security. We provide evidence that PEPRFs exist by showing generic constructions from both hash proof systems and extractable hash proof systems.

  • We introduce the notion of publicly samplable PRFs (PSPRFs), which is a relaxation of PEPRFs, but nonetheless implies PKE. We show PSPRFs are implied by trapdoor relations, yet the latter are further implied by trapdoor functions. This helps us to unify and clarify many PKE schemes from different paradigms and general assumptions under the notion of PSPRFs.

  • We propose two variants of PEPRFs. One is publicly evaluable predicate PRFs, which admit a direct construction of predicate encryption. The other is publicly evaluable and verifiable functions (PEVFs), which admit a simple construction of “hash-and-sign” signatures.

Keywords

Hash Family Pseudorandom Function Random Coin Trapdoor Function Lossy Trapdoor Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alwen, J., Dodis, Y., Naor, M., Segev, G., Walfish, S., Wichs, D.: Public-key encryption in the bounded-retrieval model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 113–134. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Halevi, S., Sahai, A., Vadhan, S.P.: Many-to-one trapdoor functions and their relation to public-key cryptosystems. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 283–298. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Berman, I., Haitner, I.: From non-adaptive to adaptive pseudorandom functions. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 357–368. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. SIAM Journal on Computation 36(5), 1301–1328 (2007)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 280–300. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: CCS 2005, pp. 320–329. ACM (2005)Google Scholar
  7. 7.
    Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 501–519. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  8. 8.
    Cash, D., Kiltz, E., Shoup, V.: The twin diffie-hellman problem and applications. J. Cryptology 22(4), 470–504 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Chen, Y., Zhang, Z.: Publicly evaluable pseudorandom functions and their applications. Cryptology ePrint Archive, Report 2014/306 (2014), http://eprint.iacr.org/2014/306
  10. 10.
    Cramer, R., Hofheinz, D., Kiltz, E.: A twist on the naor-yung paradigm and its application to efficient cca-secure encryption from hard search problems. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 146–164. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33, 167–226 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Dachman-Soled, D.: A black-box construction of a cca2 encryption scheme from a plaintext aware encryption scheme. IACR Cryptology ePrint Archive 2013, 680 (2013)Google Scholar
  15. 15.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 469–472 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  17. 17.
    Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, pp. 126–135. IEEE Computer Society (2001)Google Scholar
  18. 18.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)CrossRefzbMATHMathSciNetGoogle Scholar
  20. 20.
    Hanaoka, G., Kurosawa, K.: Efficient chosen ciphertext secure public key encryption under the computational diffie-hellman assumption. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 308–325. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Haralambiev, K., Jager, T., Kiltz, E., Shoup, V.: Simple and efficient public-key encryption from computational diffie-hellman in the standard model. In: Public Key Cryptography - PKC 2010. LNCS, vol. 6056, pp. 1–18. Springer (2010)CrossRefGoogle Scholar
  22. 22.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Hofheinz, D., Kiltz, E.: Practical chosen ciphertext secure encryption from factoring. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 313–332. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Hohenberger, S., Lewko, A.B., Waters, B.: Detecting dangerous queries: A new approach for chosen ciphertext security. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 663–681. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  26. 26.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, STOC 1989, pp. 44–61. ACM (1989)Google Scholar
  27. 27.
    Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 669–684. ACM (2013)Google Scholar
  28. 28.
    Kiltz, E.: On the limitations of the spread of an ibe-to-pke transformation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 274–289. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Kiltz, E., Mohassel, P., O’Neill, A.: Adaptive trapdoor functions and chosen-ciphertext security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 673–692. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Kiltz, E., Vahlis, Y.: Cca2 secure ibe: Standard model efficiency through authenticated symmetric encryption. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 221–238. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  32. 32.
    Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  33. 33.
    Lin, H., Tessaro, S.: Amplification of chosen-ciphertext security. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 503–519. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  34. 34.
    Matsuda, T., Hanaoka, G.: Chosen ciphertext security via point obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 95–120. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  35. 35.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the 22th Annual ACM Symposium on Theory of Computing, STOC 1990, pp. 427–437. ACM (1990)Google Scholar
  36. 36.
    Peikert, C.: Lattice cryptography for the internet. IACR Cryptology ePrint Archive, Report 2014/070 (2014), http://eprint.iacr.org/2014/070
  37. 37.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 187–196. ACM (2008)Google Scholar
  38. 38.
    Rabin, M.: Probabilistic algorithms in finite fields. SIAM Journal on Computation 9, 273–280 (1981)CrossRefMathSciNetGoogle Scholar
  39. 39.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  40. 40.
    Rosen, A., Segev, G.: Chosen-ciphertext security via correlated products. SIAM J. Comput. 39(7), 3058–3088 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  41. 41.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Symposium on Theory of Computing, STOC 2014, pp. 475–484. ACM Press, New York (2014)Google Scholar
  42. 42.
    Wee, H.: Efficient chosen-ciphertext security via extractable hash proofs. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 314–332. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  43. 43.
    Yao, A.C.C.: Theory and applications of trapdoor functions (extended abstract). In: FOCS, pp. 80–91. IEEE Computer Society Press (1982)Google Scholar
  44. 44.
    Zhandry, M.: How to avoid obfuscation using witness prfs. IACR Cryptology ePrint Archive, Report 2014/301 (2014), http://eprint.iacr.org/2014/301

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yu Chen
    • 1
  • Zongyang Zhang
    • 2
    • 3
  1. 1.State Key Laboratory of Information Security (SKLOIS), Institute of Information EngineeringChinese Academy of SciencesChina
  2. 2.National Institute of Advanced Industrial Science and TechnologyJapan
  3. 3.Shanghai Jiao Tong UniversityChina

Personalised recommendations