Towards Tightly Secure Lattice Short Signature and Id-Based Encryption

Constructing short signatures with tight security from standard assumptions is a long-standing open problem. We present an adaptively secure, short and stateless signature scheme, featuring a constant security loss relative to a conservative hardness assumption, Short Integer Solution SIS, and the security of a concretely instantiated pseudorandom function PRF. This gives a class of tightly secure short lattice signature schemes whose security is based on SIS and the underlying assumption of the instantiated PRF. Our signature construction further extends to give a class of tightly and adaptively secure "compact" Identity-Based Encryption IBE schemes, reducible with constant security loss from Regev's vanilla Learning With Errors LWE hardness assumption and the security of a concretely instantiated PRF. Our approach is a novel combination of a number of techniques, including Katz and Wang signature, Agrawal et al. lattice-based secure IBE, and Boneh et al. key-homomorphic encryption. Our results, at the first time, eliminate the dependency between the number of adversary's queries and the security of short signature/IBE schemes in the context of lattice-based cryptography. They also indicate that tightly secure PRFs with constant security loss would imply tightly, adaptively secure short signature and IBE schemes with constant security loss.

[1]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[2]  Nico Döttling,et al.  Efficient Pseudorandom Functions via On-the-Fly Adaptation , 2015, CRYPTO.

[3]  Abhishek Banerjee,et al.  New and Improved Key-Homomorphic Pseudorandom Functions , 2014, CRYPTO.

[4]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[5]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[6]  Tibor Jager,et al.  Tightly secure signatures and public-key encryption , 2012, Designs, Codes and Cryptography.

[7]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[8]  Ryo Nishimaki,et al.  Tagged One-Time Signatures: Tight Security and Optimal Tag Size , 2013, Public Key Cryptography.

[9]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10]  Abhishek Banerjee,et al.  Pseudorandom Functions and Lattices , 2012, EUROCRYPT.

[11]  Jonathan Katz Signature Schemes Based on the (Strong) RSA Assumption , 2010 .

[12]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[13]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[14]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[17]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[18]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[19]  Stanislaw Jarecki,et al.  A Signature Scheme as Secure as the Diffie-Hellman Problem , 2003, EUROCRYPT.

[20]  Xavier Boyen,et al.  Towards Tightly Secure Short Signature and IBE , 2016, IACR Cryptol. ePrint Arch..

[21]  Tibor Jager Tightly-Secure Pseudorandom Functions via Work Factor Partitioning , 2016, IACR Cryptol. ePrint Arch..

[22]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[23]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[24]  Goichiro Hanaoka,et al.  A Framework for Identity-Based Encryption with Almost Tight Security , 2015, ASIACRYPT.

[25]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[26]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[27]  Hoeteck Wee,et al.  Fully, (Almost) Tightly Secure IBE and Dual System Groups , 2013, CRYPTO.

[28]  Dennis Hofheinz,et al.  Identity-Based Encryption with (Almost) Tight Security in the Multi-instance, Multi-ciphertext Setting , 2015, Public Key Cryptography.

[29]  Marc Fischlin The Cramer-Shoup Strong-RSASignature Scheme Revisited , 2003, Public Key Cryptography.

[30]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[31]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[32]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[33]  Eike Kiltz,et al.  Tightly-Secure Signatures from Chameleon Hash Functions , 2015, Public Key Cryptography.

[34]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[35]  Dhinakaran Vinayagamurthy,et al.  Riding on Asymmetry: Efficient ABE for Branching Programs , 2015, ASIACRYPT.

[36]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[37]  Tibor Jager,et al.  Practical Signatures from Standard Assumptions , 2013, EUROCRYPT.

[38]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[39]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[40]  Brent Waters,et al.  Realizing Hash-and-Sign Signatures under Standard Assumptions , 2009, EUROCRYPT.

[41]  Feng-Hao Liu,et al.  Fully-Secure Lattice-Based IBE as Compact as PKE , 2016, IACR Cryptol. ePrint Arch..

[42]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[43]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[44]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[45]  Vinod Vaikuntanathan,et al.  Circuit-ABE from LWE: Unbounded Attributes and Semi-adaptive Security , 2016, CRYPTO.

[46]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[47]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[48]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[49]  Ron Steinfeld,et al.  Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather than the Statistical Distance , 2015, Journal of Cryptology.

[50]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[51]  Léo Ducas,et al.  Improved Short Lattice Signatures in the Standard Model , 2014, CRYPTO.

[52]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[53]  Jacob Alperin-Sheriff Short Signatures with Short Public Keys from Homomorphic Trapdoor Functions , 2015, Public Key Cryptography.

[54]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[55]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[56]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[57]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.