Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig

This paper introduces key-versatile signatures. Key-versatile signatures allow us to sign with keys already in use for another purpose, without changing the keys and without impacting the security of the original purpose. This allows us to obtain advances across a collection of challenging domains including joint Enc/Sig, security against related-key attack (RKA) and security for key-dependent messages (KDM). Specifically we can (1) Add signing capability to existing encryption capability with zero overhead in the size of the public key (2) Obtain RKA-secure signatures from any RKA-secure one-way function, yielding new RKAsecure signature schemes (3) Add integrity to encryption while maintaining KDM-security.

[1]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[2]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[3]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[4]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[5]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[6]  Lars R. Knudsen,et al.  Cryptanalysis of LOKI91 , 1992, AUSCRYPT.

[7]  Eli Biham,et al.  New Types of Cryptanalytic Attacks Using related Keys (Extended Abstract) , 1994, EUROCRYPT.

[8]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[9]  Yuliang Zheng,et al.  Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption) , 1997, CRYPTO.

[10]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[11]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[12]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[13]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[14]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[15]  Giovanni Di Crescenzo,et al.  Necessary and Sufficient Assumptions for Non-iterative Zero-Knowledge Proofs of Knowledge for All NP Relations , 2000, ICALP.

[16]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[17]  Benny Pinkas,et al.  Securely combining public-key cryptosystems , 2001, CCS '01.

[18]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[19]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.

[20]  Phillip Rogaway,et al.  Authenticated-encryption with associated-data , 2002, CCS '02.

[21]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[22]  Jean-Sébastien Coron,et al.  Universal Padding Schemes for RSA , 2002, CRYPTO.

[23]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[24]  Yuichi Komano,et al.  Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation , 2003, CRYPTO.

[25]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[26]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[27]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[28]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[29]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[30]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[31]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[32]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[33]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[34]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[35]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[36]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[37]  Michael Backes,et al.  OAEP Is Secure under Key-Dependent Messages , 2008, ASIACRYPT.

[38]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[39]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[40]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[41]  BackesMichael,et al.  Key-dependent message security under active attacks - BRSIM/UC-soundness of Dolev-Yao-style encryption with key cycles , 2008 .

[42]  Birgit Pfitzmann,et al.  Key-dependent message security under active attacks - BRSIM/UC-soundness of Dolev-Yao-style encryption with key cycles , 2008, J. Comput. Secur..

[43]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[44]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[45]  Yael Tauman Kalai,et al.  Black-Box Circular-Secure Encryption beyond Affine Functions , 2011, TCC.

[46]  Madeline González Muñiz,et al.  Security of signature schemes in the presence of key-dependent messages , 2010 .

[47]  David Cash,et al.  Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks , 2010, CRYPTO.

[48]  Moses D. Liskov,et al.  On Related-Secret Pseudorandomness , 2010, TCC.

[49]  Yael Tauman Kalai,et al.  On Symmetric Encryption and Point Obfuscation , 2010, TCC.

[50]  Yevgeniy Dodis,et al.  Efficient Public-Key Cryptography in the Presence of Key Leakage , 2010, ASIACRYPT.

[51]  V. Shoup,et al.  Efficient Cryptographic Primitives for Non-Interactive Zero-Knowledge Proofs and Applications , 2011 .

[52]  Mihir Bellare,et al.  Authenticated and Misuse-Resistant Encryption of Key-Dependent Data , 2011, IACR Cryptol. ePrint Arch..

[53]  Kenneth G. Paterson,et al.  On the Joint Security of Encryption and Signature, Revisited , 2011, IACR Cryptol. ePrint Arch..

[54]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[55]  Moti Yung,et al.  Efficient Circuit-Size Independent Public Key Encryption with KDM Security , 2011, EUROCRYPT.

[56]  David Cash,et al.  Cryptography Secure Against Related-Key Attacks and Tampering , 2011, IACR Cryptol. ePrint Arch..

[57]  Xiaohu Tang,et al.  A Single Key Pair is Adequate for the Zheng Signcryption , 2011, ACISP.

[58]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[59]  Jorge Luis Villar,et al.  Identity-Based Encryption with Master Key-Dependent Message Security and Leakage-Resilience , 2012, ESORICS.

[60]  Kenneth G. Paterson,et al.  On the Joint Security of Encryption and Signature in EMV , 2012, CT-RSA.

[61]  Rafail Ostrovsky,et al.  Cryptography in the Multi-string Model , 2007, Journal of Cryptology.

[62]  Dennis Hofheinz,et al.  Circular Chosen-Ciphertext Security with Compact Ciphertexts , 2013, EUROCRYPT.

[63]  Benny Applebaum,et al.  Key-Dependent Message Security: Generic Amplification and Completeness , 2011, Journal of Cryptology.

[64]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[65]  Nir Bitansky,et al.  On Strong Simulation and Composable Point Obfuscation , 2010, Journal of Cryptology.

[66]  Markulf Kohlweiss,et al.  Malleable Signatures: Complex Unary Transformations and Delegatable Anonymous Credentials , 2013, IACR Cryptol. ePrint Arch..

[67]  Mihir Bellare,et al.  Adaptive Witness Encryption and Asymmetric Password-Based Cryptography , 2015, Public Key Cryptography.

[68]  Markulf Kohlweiss,et al.  Malleable Signatures: New Definitions and Delegatable Anonymous Credentials , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[69]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.