Deja Q: Using Dual Systems to Revisit q-Type Assumptions

After more than a decade of usage, bilinear groups have established their place in the cryptographic canon by enabling the construction of many advanced cryptographic primitives. Unfortunately, this explosion in functionality has been accompanied by an analogous growth in the complexity of the assumptions used to prove security. Many of these assumptions have been gathered under the umbrella of the “uber-assumption,” yet certain classes of these assumptions—namely, q-type assumptions—are stronger and require larger parameter sizes than their static counterparts. In this paper, we show that in certain bilinear groups, many classes of q-type assumptions are in fact implied by subgroup hiding (a well-established, static assumption). Our main tool in this endeavor is the dual-system technique, as introduced by Waters in 2009. As a case study, we first show that in composite-order groups, we can prove the security of the Dodis-Yampolskiy PRF based solely on subgroup hiding and allow for a domain of arbitrary size (the original proof only allowed a logarithmically-sized domain). We then turn our attention to classes of q-type assumptions and show that they are implied—when instantiated in appropriate groups—solely by subgroup hiding. These classes are quite general and include assumptions such as q-SDH. Concretely, our result implies that every construction relying on such assumptions for security (e.g., Boneh-Boyen signatures) can, when instantiated in appropriate composite-order bilinear groups, be proved secure under subgroup hiding instead.

[1]  Hovav Shacham,et al.  New Trapdoor Projection Maps for Composite-Order Bilinear Groups , 2013, IACR Cryptol. ePrint Arch..

[2]  Alexandra Boldyreva,et al.  Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme , 2003, Public Key Cryptography.

[3]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[4]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[5]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[6]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[7]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2015, Journal of Cryptology.

[8]  Reihaneh Safavi-Naini,et al.  An Efficient Signature Scheme from Bilinear Pairings and Its Applications , 2004, Public Key Cryptography.

[9]  Allison Bishop,et al.  Dual Form Signatures: An Approach for Proving Security from Static Assumptions , 2012, IACR Cryptol. ePrint Arch..

[10]  Allison Bishop,et al.  Achieving Leakage Resilience through Dual System Encryption , 2011, TCC.

[11]  Tibor Jager,et al.  The Semi-Generic Group Model and Applications to Pairing-Based Cryptography , 2010, ASIACRYPT.

[12]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[13]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[14]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[15]  Jan Camenisch,et al.  Endorsed E-Cash , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[17]  Jung Hee Cheon,et al.  Security Analysis of the Strong Diffie-Hellman Problem , 2006, EUROCRYPT.

[18]  Tatsuaki Okamoto,et al.  Homomorphic Encryption and Signatures from Vector Decomposition , 2008, Pairing.

[19]  Tatsuaki Okamoto,et al.  Hierarchical Predicate Encryption for Inner-Products , 2009, ASIACRYPT.

[20]  Sanjit Chatterjee,et al.  Variants of Waters' Dual-System Primitives Using Asymmetric Pairings , 2012, IACR Cryptol. ePrint Arch..

[21]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[22]  Dan Boneh,et al.  Finding composite order ordinary elliptic curves using the Cocks-Pinch method , 2011, IACR Cryptol. ePrint Arch..

[23]  Allison Bishop,et al.  New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts , 2010, IACR Cryptol. ePrint Arch..

[24]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[25]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[26]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[27]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[28]  Xavier Boyen,et al.  The Uber-Assumption Family , 2008, Pairing.

[29]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[30]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[31]  Allison Bishop,et al.  Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting , 2012, EUROCRYPT.

[32]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[33]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[34]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[35]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[36]  David Jao,et al.  Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem , 2009, Pairing.

[37]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[38]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[39]  Nuttapong Attrapadung,et al.  Functional Encryption for Inner Product: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation , 2010, Public Key Cryptography.

[40]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[41]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[42]  Allison Bishop,et al.  A Profitable Sub-prime Loan: Obtaining the Advantages of Composite Order in Prime-Order Bilinear Groups , 2015, Public Key Cryptography.

[43]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[44]  Allison Bishop,et al.  Unbounded HIBE and Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[45]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[46]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[47]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.