Lattice-based completely non-malleable public-key encryption in the standard model

An encryption scheme is non-malleable if giving an encryption of a message to an adversary does not increase its chances of producing an encryption of a related message (under a given public key). Fischlin introduced a stronger notion, known as complete non-malleability, which requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti later proposed a comparison-based definition of this security notion, which is more in line with the well-studied definitions proposed by Bellare et al. The authors also provide additional feasibility results by proposing two constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Therefore, the only previously known completely non-malleable (and non-interactive) scheme in the standard model, is quite inefficient as it relies on generic NIZK approach. They left the existence of efficient schemes in the common reference string model as an open problem. Recently, two efficient public-key encryption schemes have been proposed by Libert and Yung, and Barbosa and Farshim, both of them are based on pairing identity-based encryption. At ACISP 2011, Sepahi et al. proposed a method to achieve completely non-malleable encryption in the public-key setting using lattices but there is no security proof for the proposed scheme. In this paper we review the mentioned scheme and provide its security proof in the standard model. Our study shows that Sepahi’s scheme will remain secure even for post-quantum world since there are currently no known quantum algorithms for solving lattice problems that perform significantly better than the best known classical (i.e., non-quantum) algorithms.

[1]  Rafail Ostrovsky,et al.  Cryptography from Anonymity , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[2]  Burton S. Kaliski,et al.  On Hash Function Firewalls in Signature Schemes , 2002, CT-RSA.

[3]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[4]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[5]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[6]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[7]  Daniele Micciancio,et al.  Asymptotically Effi cient Lattice-Based Digital Signatures , 2008, IACR Cryptol. ePrint Arch..

[8]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[9]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[10]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[11]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[12]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[13]  Manuel Barbosa,et al.  Relations among Notions of Complete Non-malleability: Indistinguishability Characterisation and Efficient Construction without Random Oracles , 2010, ACISP.

[14]  Carmine Ventre,et al.  Completely Non-malleable Encryption Revisited , 2008, Public Key Cryptography.

[15]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[16]  Chris Peikert,et al.  An Efficient and Parallel Gaussian Sampler for Lattices , 2010, CRYPTO.

[17]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[18]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[19]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[20]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[21]  Amit Sahai,et al.  Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization , 1999, CRYPTO.

[22]  Danny Dolev,et al.  On the Security of Public Key Protocols (Extended Abstract) , 1981, FOCS.

[23]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[24]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[25]  Marc Fischlin,et al.  Completely Non-malleable Schemes , 2005, ICALP.

[26]  Alfred Menezes,et al.  Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol , 1999, Public Key Cryptography.

[27]  Moti Yung,et al.  Efficient Completely Non-malleable Public Key Encryption , 2010, ICALP.

[28]  Ron Steinfeld,et al.  Lattice-Based Completely Non-malleable PKE in the Standard Model (Poster) , 2011, ACISP.

[29]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[30]  Oded Goldreich,et al.  Collision-Free Hashing from Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[31]  Kenneth G. Paterson,et al.  Certificateless Encryption Schemes Strongly Secure in the Standard Model , 2008, Public Key Cryptography.

[32]  Victor Shoup,et al.  A computational introduction to number theory and algebra , 2005 .

[33]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[34]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, EUROCRYPT.

[35]  Shafi Goldwasser,et al.  Complexity of lattice problems , 2002 .