A Fast and Simple Partially Oblivious PRF, with Applications

We build the first construction of a partially oblivious pseudorandom function (POPRF) that does not rely on bilinear pairings. Our construction can be viewed as combining elements of the 2HashDH OPRF of Jarecki, Kiayias, and Krawczyk with the Dodis-Yampolskiy PRF. We analyze our POPRF’s security in the random oracle model via reduction to a new one-more gap strong Diffie-Hellman inversion assumption. The most significant technical challenge is establishing confidence in the new assumption, which requires new proof techniques that enable us to show that its hardness is implied by the q-DL assumption in the algebraic group model. Our new construction is as fast as the current, standards-track OPRF 2HashDH protocol, yet provides a new degree of flexibility useful in a variety of applications. We show how POPRFs can be used to prevent token hoarding attacks against Privacy Pass, reduce key management complexity in the OPAQUE password authenticated key exchange protocol, and ensure stronger security for password breach alerting services.

[1]  Melissa Chase,et al.  The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption , 2020, IACR Cryptol. ePrint Arch..

[2]  Christopher A. Wood,et al.  Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups , 2019 .

[3]  Moti Yung,et al.  Two-Sided Malicious Security for Private Intersection-Sum with Cardinality , 2020, IACR Cryptol. ePrint Arch..

[4]  Melissa Chase,et al.  Algebraic MACs and Keyed-Verification Anonymous Credentials , 2014, CCS.

[5]  Hugo Krawczyk,et al.  OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks , 2018, IACR Cryptol. ePrint Arch..

[6]  Nirvan Tyagi,et al.  Handling Adaptive Compromise for Practical Encryption Schemes , 2020, IACR Cryptol. ePrint Arch..

[7]  Sujata Garera,et al.  Challenges in teaching a graduate course in applied cryptography , 2009, SGCS.

[8]  Aggelos Kiayias,et al.  Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model , 2014, ASIACRYPT.

[9]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[10]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[11]  Marc Fischlin,et al.  Round-Optimal Composable Blind Signatures in the Common Reference String Model , 2006, CRYPTO.

[12]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[13]  Tancrède Lepoint,et al.  Anonymous Tokens with Private Metadata Bit , 2020, IACR Cryptol. ePrint Arch..

[14]  Tatsuaki Okamoto,et al.  Provably Secure Partially Blind Signatures , 2000, CRYPTO.

[15]  Georg Fuchsbauer,et al.  Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model , 2020, EUROCRYPT.

[16]  Thomas Ristenpart,et al.  The Pythia PRF Service , 2015, USENIX Security Symposium.

[17]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[18]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[19]  Eike Kiltz,et al.  A Modular Treatment of Blind Signatures from Identification Schemes , 2019, IACR Cryptol. ePrint Arch..

[20]  Ueli Maurer,et al.  Abstract Models of Computation in Cryptography , 2005, IMACC.

[21]  Masayuki Abe,et al.  How to Date Blind Signatures , 1996, ASIACRYPT.

[22]  Georg Fuchsbauer,et al.  The One-More Discrete Logarithm Assumption in the Generic Group Model , 2021, IACR Cryptol. ePrint Arch..

[23]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[24]  Hugo Krawczyk,et al.  The OPAQUE Asymmetric PAKE Protocol , 2019 .

[25]  Ian Goldberg,et al.  Privacy Pass: Bypassing Internet Challenges Anonymously , 2018, Proc. Priv. Enhancing Technol..

[26]  Tjerand Silde,et al.  Anonymous Tokens with Public Metadata and Applications to Private Contact Tracing , 2021, IACR Cryptol. ePrint Arch..

[27]  Aggelos Kiayias,et al.  Equivocal Blind Signatures and Adaptive UC-Security , 2008, TCC.

[28]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[29]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[30]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[31]  Tancrède Lepoint,et al.  On the (in)Security of ROS , 2022, Journal of Cryptology.

[32]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[33]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[34]  Georg Fuchsbauer,et al.  A Classification of Computational Assumptions in the Algebraic Group Model , 2020, IACR Cryptol. ePrint Arch..

[35]  Reihaneh Safavi-Naini,et al.  An Efficient Signature Scheme from Bilinear Pairings and Its Applications , 2004, Public Key Cryptography.

[36]  Jung Hee Cheon,et al.  Security Analysis of the Strong Diffie-Hellman Problem , 2006, EUROCRYPT.

[37]  Nick Sullivan,et al.  Protocols for Checking Compromised Credentials , 2019, CCS.

[38]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[39]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[40]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[41]  Reihaneh Safavi-Naini,et al.  Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings , 2003, INDOCRYPT.

[42]  Hugo Krawczyk,et al.  On the (In)Security of the Diffie-Hellman Oblivious PRF with Multiplicative Blinding , 2021, IACR Cryptol. ePrint Arch..