Removing Erasures with Explainable Hash Proof Systems

An important problem in secure multi-party computation is the design of protocols that can tolerate adversaries that are capable of corrupting parties dynamically and learning their internal states. In this paper, we make significant progress in this area in the context of password-authenticated key exchange (\(\textsf {PAKE}\)) and oblivious transfer (\(\textsf {OT}\)) protocols. More precisely, we first revisit the notion of projective hash proofs and introduce a new feature that allows us to explain any message sent by the simulator in case of corruption, hence the notion of Explainable Projective Hashing. Next, we demonstrate that this new tool generically leads to efficient \(\textsf {PAKE}\) and \(\textsf {OT}\) protocols that are secure against semi-adaptive adversaries without erasures in the Universal Composability (UC) framework. We then show how to make these protocols secure even against adaptive adversaries, using non-committing encryption, in a much more efficient way than generic conversions from semi-adaptive to adaptive security. Finally, we provide concrete instantiations of explainable projective hash functions that lead to the most efficient \(\textsf {PAKE}\) and \(\textsf {OT}\) protocols known so far, with UC-security against adaptive adversaries, without assuming reliable erasures, in the single global CRS setting.

[1]  David Pointcheval,et al.  New Smooth Projective Hash Functions and One-Round Authenticated Key Exchange , 2013, IACR Cryptol. ePrint Arch..

[2]  David Pointcheval,et al.  New Techniques for SPHFs and Efficient One-Round PAKE Protocols , 2013, IACR Cryptol. ePrint Arch..

[3]  Charanjit S. Jutla,et al.  Dual-System Simulation-Soundness with Applications to UC-PAKE and More , 2015, ASIACRYPT.

[4]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[5]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[6]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[7]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[8]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[9]  Hoeteck Wee,et al.  Dual Projective Hashing and Its Applications - Lossy Trapdoor Functions and More , 2012, EUROCRYPT.

[10]  Jonathan Katz,et al.  Efficient, Adaptively Secure, and Composable Oblivious Transfer with a Single, Global CRS , 2013, Public Key Cryptography.

[11]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[12]  David Pointcheval,et al.  Smooth Projective Hashing for Conditionally Extractable Commitments , 2009, CRYPTO.

[13]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Ran Canetti,et al.  Efficient Password Authenticated Key Exchange via Oblivious Transfer , 2012, Public Key Cryptography.

[15]  Rafail Ostrovsky,et al.  Password-Authenticated Session-Key Generation on the Internet in the Plain Model , 2010, CRYPTO.

[16]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[17]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[18]  Rafail Ostrovsky,et al.  Non-committing Encryption from Φ-hiding , 2015, TCC.

[19]  David Pointcheval,et al.  SPHF-Friendly Non-interactive Commitments , 2013, ASIACRYPT.

[20]  David Pointcheval,et al.  Optimal Randomness Extraction from a Diffie-Hellman Element , 2009, EUROCRYPT.

[21]  Ravi Montenegro,et al.  How long does it take to catch a wild kangaroo? , 2008, STOC '09.

[22]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[23]  Tal Malkin,et al.  Improved Non-committing Encryption with Applications to Adaptively Secure Protocols , 2009, ASIACRYPT.

[24]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[25]  V. Shoup,et al.  Efficient Cryptographic Primitives for Non-Interactive Zero-Knowledge Proofs and Applications , 2011 .

[26]  Daniel Wichs,et al.  Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer , 2009, IACR Cryptol. ePrint Arch..

[27]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[28]  Donald Beaver,et al.  Commodity-based cryptography (extended abstract) , 1997, STOC '97.

[29]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[30]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[31]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[32]  Yehuda Lindell,et al.  A framework for password-based authenticated key exchange1 , 2006, TSEC.

[33]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[34]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[35]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[36]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[37]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[38]  Donald Beaver,et al.  Plug and Play Encryption , 1997, CRYPTO.

[39]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[40]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[41]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[42]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[43]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, CRYPTO.

[44]  Marc Fischlin,et al.  Non-interactive and Re-usable Universally Composable String Commitments with Adaptive Security , 2011, ASIACRYPT.

[45]  Jonathan Katz,et al.  A new framework for efficient password-based authenticated key exchange , 2010, CCS '10.