New Smooth Projective Hash Functions and One-Round Authenticated Key Exchange

Password-Authenticated Key Exchange (PAKE) has received deep attention in the last few years, with a recent improvement by Katz and Vaikuntanathan, and their one-round protocols: the two players just have to send simultaneous ows to each other, that depend on their own passwords only, to agree on a shared high entropy secret key. To this aim, they followed the Gennaro and Lindell's approach, with a new kind of Smooth-Projective Hash Functions (SPHFs). They came up with the rst concrete one-round PAKE, secure in the Bellare, Pointcheval, and Rogaway's model, but at the cost of a simulation-sound NIZK, which makes the overall construction not really e cient. This paper follows their path with a new e cient instantiation of SPHF on Cramer-Shoup ciphertexts. It then leads to the design of the most e cient PAKE known so far: a one-round PAKE with two simultaneous ows consisting of 6 group elements each only, in any DDH-group without any pairing. We thereafter show a generic construction for SPHFs, in order to check the validity of complex relations on encrypted values. This allows to extend this work on PAKE to the more general family of protocols, termed Langage-Authenticated Key Exchange (LAKE) by Ben Hamouda, Blazy, Chevalier, Pointcheval, and Vergnaud, but also to blind signatures. We indeed provide the most e cient blind Waters' signature known so far.

[1]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[2]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[3]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[4]  Mihir Bellare,et al.  Randomness Re-use in Multi-recipient Encryption Schemeas , 2003, Public Key Cryptography.

[5]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[6]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7]  Moti Yung,et al.  Non-interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions , 2012, TCC.

[8]  David Pointcheval,et al.  Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages , 2013, IACR Cryptol. ePrint Arch..

[9]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[10]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[11]  Georg Fuchsbauer,et al.  Signatures on Randomizable Ciphertexts , 2011, Public Key Cryptography.

[12]  David Pointcheval,et al.  Smooth Projective Hashing for Conditionally Extractable Commitments , 2009, CRYPTO.

[13]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[14]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices and Applications , 2012, IACR Cryptol. ePrint Arch..

[15]  Yehuda Lindell,et al.  Concurrently-Secure Blind Signatures Without Random Oracles or Setup Assumptions , 2007, TCC.

[16]  Jan Camenisch,et al.  Credential Authenticated Identification and Key Exchange , 2010, IACR Cryptol. ePrint Arch..

[17]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[18]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[19]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[20]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange , 2012, Public Key Cryptography.

[21]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[22]  Parampalli Udaya,et al.  E cient Identity-based Signcryption without Random Oracles , 2012, AISC.

[23]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[24]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[25]  David Pointcheval,et al.  Round-Optimal Privacy-Preserving Protocols with Smooth Projective Hash Functions , 2012, TCC.

[26]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[27]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[28]  Charanjit S. Jutla,et al.  Relatively-Sound NIZKs and Password-Based Key-Exchange , 2012, IACR Cryptol. ePrint Arch..

[29]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.