Algebraic Partitioning: Fully Compact and (almost) Tightly Secure Cryptography

We describe a new technique for conducting "partitioning arguments". Partitioning arguments are a popular way to prove the security of a cryptographic scheme. For instance, to prove the security of a signature scheme, a partitioning argument could divide the set of messages into "signable" messages for which a signature can be simulated during the proof, and "unsignable" ones for which any signature would allow to solve a computational problem. During the security proof, we would then hope that an adversary only requests signatures for signable messages, and later forges a signature for an unsignable one. In this work, we develop a new class of partitioning arguments from simple assumptions. Unlike previous partitioning strategies, ours is based upon an algebraic property of the partitioned elements e.g., the signed messages, and not on their bit structure. This allows to perform the partitioning efficiently in a "hidden" way, such that already a single "slot" for a partitioning operation in the scheme can be used to implement many different partitionings sequentially, one after the other. As a consequence, we can construct complex partitionings out of simple basic but algebraic partitionings in a very space-efficient way. As a demonstration of our technique, we provide the first signature and public-key encryption schemes that achieve the following properties simultaneously: they are almost tightly secure under a simple assumption, and they are fully compact in the sense that parameters, keys, and signatures, resp.i¾?ciphertexts only comprise a constant number of group elements.

[1]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[2]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[3]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[4]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[5]  Hoeteck Wee,et al.  Fully, (Almost) Tightly Secure IBE and Dual System Groups , 2013, CRYPTO.

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  Marc Joye,et al.  A Practical and Tightly Secure Signature Scheme Without Hash Function , 2007, CT-RSA.

[8]  Craig Gentry,et al.  Hierarchical Identity Based Encryption with Polynomially Many Levels , 2009, TCC.

[9]  Dan Boneh,et al.  A Secure Signature Scheme from Bilinear Maps , 2003, CT-RSA.

[10]  Allison Bishop,et al.  New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts , 2010, IACR Cryptol. ePrint Arch..

[11]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[12]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[13]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[14]  Daniel J. Bernstein Proving Tight Security for Rabin-Williams Signatures , 2008, EUROCRYPT.

[15]  Moti Yung,et al.  Concise Multi-challenge CCA-Secure Encryption and Signatures with Almost Tight Security , 2014, ASIACRYPT.

[16]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[17]  Ryo Nishimaki,et al.  Tagged One-Time Signatures: Tight Security and Optimal Tag Size , 2013, Public Key Cryptography.

[18]  Silvio Micali,et al.  On the Cryptographic Applications of Random Functions , 1984, CRYPTO.

[19]  David Cash,et al.  The Twin Diffie-Hellman Problem and Applications , 2008, EUROCRYPT.

[20]  Eike Kiltz,et al.  (Hierarchical) Identity-Based Encryption from Affine Message Authentication , 2014, CRYPTO.

[21]  Jens Groth,et al.  Fine-Tuning Groth-Sahai Proofs , 2014, IACR Cryptol. ePrint Arch..

[22]  Eike Kiltz,et al.  Optimal Security Proofs for Full Domain Hash, Revisited , 2012, Journal of Cryptology.

[23]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[24]  Brent Waters,et al.  Short and Stateless Signatures from the RSA Assumption , 2009, CRYPTO.

[25]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[26]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[27]  Paz Morillo,et al.  Easy Verifiable Primitives and Practical Public Key Cryptosystems , 2003, ISC.

[28]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, EUROCRYPT.

[29]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[30]  Georg Fuchsbauer,et al.  Commuting Signatures and Verifiable Encryption , 2011, EUROCRYPT.

[31]  Dennis Hofheinz,et al.  All-But-Many Lossy Trapdoor Functions , 2012, EUROCRYPT.

[32]  Sven Schäge,et al.  Tight Proofs for Signature Schemes without Random Oracles , 2011, EUROCRYPT.

[33]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[34]  Alexandra Boldyreva,et al.  Strengthening Security of RSA-OAEP , 2009, CT-RSA.

[35]  Jonathan Katz,et al.  Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems , 2007, Journal of Cryptology.

[36]  Tibor Jager,et al.  Tightly secure signatures and public-key encryption , 2012, Designs, Codes and Cryptography.

[37]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..