Key-Oblivious Encryption from isogenies and its application to Accountable Tracing Signatures

Key-oblivious encryption (KOE) is a newly developed cryptographic primitive that randomizes the public keys of an encryption scheme in an oblivious manner. It has applications in designing accountable tracing signature (ATS) that facilitates the group manager to revoke the anonymity of traceable users in a group signature while preserving the anonymity of non-traceable users. Despite of its importance and strong application, KOE has not received much attention in the literature. In this work, we introduce the first isogeny-based KOE scheme. Isogeny is a fairly young post-quantum cryptographic field with sophisticated algebraic structures and unique security properties. Our KOE scheme is resistant to quantum attacks and derives its security from Commutative Supersingular Decisional Diffie-Hellman (CSSDDH), which is an isogeny based hard problem. More concretely, we have shown that our construction exhibits key randomizability, plaintext indistinguishability under key randomization and key privacy under key randomization in the standard model adapting the security framework of [KM15]. Furthermore, we have manifested instantiation of our scheme from cryptosystem based on Commutative Supersingular Isogeny Diffie-Hellman (CSIDH-512) [BKV19]. Additionally, we demonstrate the utility of our KOE scheme by leveraging it to construct an isogeny-based ATS scheme preserving anonymity under tracing, traceability, non-frameability, anonymity with accountability and trace obliviousness in the random oracle model following the security framework of [LNWX19].

[1]  Wouter Castryck,et al.  Breaking the decisional Diffie-Hellman problem for class group actions using genus theory , 2020, IACR Cryptol. ePrint Arch..

[2]  Jean Marc Couveignes,et al.  Hard Homogeneous Spaces , 2006, IACR Cryptol. ePrint Arch..

[3]  André Schrottenloher,et al.  Quantum Security Analysis of CSIDH , 2020, EUROCRYPT.

[4]  Tanja Lange,et al.  CSIDH: An Efficient Post-Quantum Commutative Group Action , 2018, IACR Cryptol. ePrint Arch..

[5]  Huaxiong Wang,et al.  Accountable Tracing Signatures from Lattices , 2018, IACR Cryptol. ePrint Arch..

[6]  Chris Peikert,et al.  He Gives C-Sieves on the CSIDH , 2020, IACR Cryptol. ePrint Arch..

[7]  Steven D. Galbraith,et al.  SeaSign: Compact isogeny signatures from class group actions , 2019, IACR Cryptol. ePrint Arch..

[8]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[9]  Tsuyoshi Takagi,et al.  SiGamal: A supersingular isogeny-based PKE and its application to a PRF , 2020, IACR Cryptol. ePrint Arch..

[10]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[11]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[12]  G. Ballew,et al.  The Arithmetic of Elliptic Curves , 2020, Elliptic Curves.

[13]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[14]  Markulf Kohlweiss,et al.  Accountable Metadata-Hiding Escrow: A Group Signature Case Study , 2015, Proc. Priv. Enhancing Technol..

[15]  W. Waterhouse,et al.  Abelian varieties over finite fields , 1969 .

[16]  Kenneth G. Paterson,et al.  Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model , 2012, Public Key Cryptography.

[17]  Luca De Feo,et al.  Threshold Schemes from Isogeny Assumptions , 2020, IACR Cryptol. ePrint Arch..

[18]  Frederik Vercauteren,et al.  CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations , 2019, IACR Cryptol. ePrint Arch..

[19]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[20]  Kazue Sako,et al.  An Auction Protocol Which Hides Bids of Losers , 2000, Public Key Cryptography.