A Unified Approach to Deterministic Encryption: New Constructions and a Connection to Computational Entropy

This paper addresses deterministic public-key encryption schemes (DE), which are designed to provide meaningful security when only source of randomness in the encryption process comes from the message itself. We propose a general construction of DE that unifies prior work and gives novel schemes. Specifically, its instantiations include: The first construction from any trapdoor function that has sufficiently many hardcore bits.The first construction that provides “bounded” multi-message security (assuming lossy trapdoor functions). The security proofs for these schemes are enabled by three tools that are of broader interest: A weaker and more precise sufficient condition for semantic security on a high-entropy message distribution. Namely, we show that to establish semantic security on a distribution M of messages, it suffices to establish indistinguishability for all conditional distribution M|E, where E is an event of probability at least 1/4. (Prior work required indistinguishability on all distributions of a given entropy.)A result about computational entropy of conditional distributions. Namely, we show that conditioning on an event E of probability p reduces the quality of computational entropy by a factor of p and its quantity by log21/p.A generalization of leftover hash lemma to correlated distributions. We also extend our result about computational entropy to the average case, which is useful in reasoning about leakage-resilient cryptography: leaking λ bits of information reduces the quality of computational entropy by a factor of 2λ and its quantity by λ.

[1]  Renato Renner,et al.  Smooth Renyi entropy and applications , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[2]  Chi-Jen Lu,et al.  Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility , 2007, EUROCRYPT.

[3]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[4]  Abhi Shelat,et al.  Bounded CCA2-Secure Encryption , 2007, ASIACRYPT.

[5]  Gil Segev,et al.  Chosen-Ciphertext Security via Correlated Products , 2009, SIAM J. Comput..

[6]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[7]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[8]  Moni Naor,et al.  Derandomized Constructions of k-Wise (Almost) Independent Permutations , 2005, Algorithmica.

[9]  David Zuckerman Simulating BPP using a general weak random source , 2005, Algorithmica.

[10]  Leonid Reyzin,et al.  Some Notions of Entropy for Cryptography - (Invited Talk) , 2011, ICITS.

[11]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[12]  Leonid Reyzin,et al.  Computational Entropy and Information Leakage , 2012, IACR Cryptol. ePrint Arch..

[13]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[14]  Yevgeniy Dodis,et al.  Correcting errors without leaking partial information , 2005, STOC '05.

[15]  Daniel Wichs,et al.  Barriers in cryptography with weak, correlated and leaky sources , 2013, ITCS '13.

[16]  Krzysztof Pietrzak,et al.  How to Fake Auxiliary Input , 2014, IACR Cryptol. ePrint Arch..

[17]  Serge Fehr,et al.  On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles , 2008, CRYPTO.

[18]  Ron Steinfeld,et al.  On the Provable Security of an Efficient RSA-Based Pseudorandom Generator , 2006, ASIACRYPT.

[19]  Madhur Tulsiani,et al.  Dense Subsets of Pseudorandom Sets , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[20]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[21]  Aravind Srinivasan,et al.  Computing with very weak random sources , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[22]  Gil Segev,et al.  Deterministic Public-Key Encryption for Adaptively Chosen Plaintext Distributions , 2013, EUROCRYPT.

[23]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[24]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[25]  Hoeteck Wee,et al.  Dual Projective Hashing and Its Applications - Lossy Trapdoor Functions and More , 2012, EUROCRYPT.

[26]  Salil P. Vadhan,et al.  Pseudorandomness , 2012, Found. Trends Theor. Comput. Sci..

[27]  Yael Tauman Kalai,et al.  Memory Delegation , 2011, CRYPTO.

[28]  Hovav Shacham,et al.  Hedged Public-Key Encryption: How to Protect against Bad Randomness , 2009, ASIACRYPT.

[29]  Alexander Russell,et al.  How to fool an unbounded adversary with a short key , 2006, IEEE Trans. Inf. Theory.

[30]  Rafail Ostrovsky,et al.  Correlated Product Security From Any One-Way Function and the New Notion of Decisional Correlated Product Security , 2012, IACR Cryptol. ePrint Arch..

[31]  Mihir Bellare,et al.  Instantiating Random Oracles via UCEs , 2013, IACR Cryptol. ePrint Arch..

[32]  Omer Reingold,et al.  Incremental Deterministic Public-Key Encryption , 2012, EUROCRYPT.

[33]  Stephan Krenn,et al.  A counterexample to the chain rule for conditional HILL entropy , 2016, computational complexity.

[34]  J. Neumann Zur Theorie der Gesellschaftsspiele , 1928 .

[35]  Simon Pierre Desrosiers,et al.  Entropic security in quantum cryptography , 2007, Quantum Inf. Process..

[36]  Salil Vadhan,et al.  A Uniform Min-Max Theorem with Applications in Cryptography , 2013, CRYPTO.

[37]  Martín Abadi,et al.  Message-Locked Encryption for Lock-Dependent Messages , 2013, IACR Cryptol. ePrint Arch..

[38]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[39]  Zvika Brakerski,et al.  Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting , 2011, Journal of Cryptology.

[40]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[41]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[42]  Brent Waters,et al.  Lossy Trapdoor Functions and Their Applications , 2011, SIAM J. Comput..

[43]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[44]  Leonid Reyzin,et al.  A Unified Approach to Deterministic Encryption: New Constructions and a Connection to Computational Entropy , 2012, TCC.

[45]  Stephan Krenn,et al.  A counterexample to the chain rule for conditional HILL entropy , 2013, computational complexity.

[46]  Hugo Krawczyk,et al.  Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes , 2004, CRYPTO.

[47]  Yevgeniy Dodis,et al.  Overcoming weak expectations , 2012, 2012 IEEE Information Theory Workshop.

[48]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[49]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[50]  Marc Fischlin,et al.  Confidential Signatures and Deterministic Signcryption , 2010, IACR Cryptol. ePrint Arch..

[51]  Avi Wigderson,et al.  Computational Analogues of Entropy , 2003, RANDOM-APPROX.

[52]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[53]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[54]  Adam O'Neill,et al.  Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles , 2008, CRYPTO.

[55]  Maciej Skorski,et al.  Modulus Computational Entropy , 2013, ICITS.

[56]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[57]  Oded Goldreich,et al.  More Constructions of Lossy and Correlation-Secure Trapdoor Functions , 2010, Journal of Cryptology.

[58]  Adam O'Neill,et al.  Correlated-Input Secure Hash Functions , 2011, TCC.

[59]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[60]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[61]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[62]  Rosario Gennaro,et al.  Paillier's Trapdoor Function Hides up to O(n) Bits , 2002, Journal of Cryptology.

[63]  Yevgeniy Dodis,et al.  Entropic Security and the Encryption of High Entropy Messages , 2005, TCC.

[64]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[65]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..