Efficient Key Dependent Message Security Amplification Against Chosen Ciphertext Attacks

Applebaum (EUROCRYPT 2011) showed how to convert a public key encryption (PKE) scheme which is key dependent message (KDM) secure with respect to projection functions (also called projection-KDM secure) to a scheme which is KDM secure with respect to functions computable by polynomially bounded-size circuits (also called bounded-KDM secure). This result holds in both of the chosen plaintext attack (CPA) setting and the chosen ciphertext attack (CCA) setting. Bellare et al. (CCS 2012) later showed another conversion from a projection-KDM secure scheme to a bounded-KDM secure one, which is more efficient than Applebaum’s, but works only in the CPA setting. In this work, we show an efficient conversion from a projection-KDM-CCA secure PKE scheme to a bounded-KDM-CCA secure PKE scheme. To see that our conversion leads to more efficient bounded-KDM-CCA secure schemes than Applebaum’s, we show that by combining our result with several known results, we can obtain currently the most efficient bounded-KDM-CCA secure PKE scheme based on the symmetric external Diffie-Hellman (SXDH) assumption.

[1]  Jonathan Herzog,et al.  Soundness and completeness of formal encryption: The cases of key cycles and partial information leakage , 2009, J. Comput. Secur..

[2]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[3]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[4]  Benny Applebaum,et al.  Key-Dependent Message Security: Generic Amplification and Completeness , 2011, Journal of Cryptology.

[5]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[6]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[7]  Mihir Bellare,et al.  Foundations of garbled circuits , 2012, CCS.

[8]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[9]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[10]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[11]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[12]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[13]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[14]  Zvika Brakerski,et al.  Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) , 2010, IACR Cryptol. ePrint Arch..

[15]  Moti Yung,et al.  Efficient Circuit-Size Independent Public Key Encryption with KDM Security , 2011, EUROCRYPT.

[16]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[17]  Yuval Ishai,et al.  COMPUTATIONALLY PRIVATE RANDOMIZING POLYNOMIALS AND THEIR APPLICATIONS , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[18]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[19]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[20]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[21]  Yael Tauman Kalai,et al.  Black-Box Circular-Secure Encryption beyond Affine Functions , 2011, TCC.

[22]  Dennis Hofheinz,et al.  Circular Chosen-Ciphertext Security with Compact Ciphertexts , 2013, EUROCRYPT.

[23]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[24]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.

[25]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[26]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[27]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[28]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[29]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[30]  Yuval Ishai,et al.  Computationally Private Randomizing Polynomials and Their Applications , 2005, Computational Complexity Conference.

[31]  Leslie G. Valiant,et al.  Universal circuits (Preliminary Report) , 1976, STOC '76.

[32]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.