Adaptive Trapdoor Functions and Chosen-Ciphertext Security

We introduce the notion of adaptive trapdoor functions (ATDFs); roughly, ATDFs remain one-way even when the adversary is given access to an inversion oracle. Our main application is the black-box construction of chosen-ciphertext secure public-key encryption (CCA-secure PKE). Namely, we give a black-box construction of CCA-Secure PKE from ATDFs, as well as a construction of ATDFs from correlation-secure TDFs introduced by Rosen and Segev (TCC ’09). Moreover, by an extension of a recent result of Vahlis (TCC ’10), we show that ATDFs are strictly weaker than the latter (in a black-box sense). Thus, adaptivity appears to be the weakest condition on a TDF currently known to yield the first implication. We also give a black-box construction of CCA-secure PKE from a natural extension of ATDFs we call tag-based ATDFs that, when applied to our constructions of the latter from either correlation-secure TDFs, or lossy TDFs introduced by Peikert and Waters (STOC ’08), yield precisely the CCA-secure PKE schemes in these works. This helps to unify and clarify their schemes. Finally, we show how to realize tag-based ATDFs from an assumption on RSA inversion not known to yield correlation-secure TDFs.

[1]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[2]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[3]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[4]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[5]  Russell Impagliazzo,et al.  Limits on the Provable Consequences of One-way Permutations , 1988, CRYPTO.

[6]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[7]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[8]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[9]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[10]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[11]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[12]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[13]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[14]  Mihir Bellare,et al.  Collision-Resistant Hashing: Towards Making UOWHFs Practical , 1997, CRYPTO.

[15]  Amit Sahai,et al.  Many-to-One Trapdoor Functions and Their Ralation to Public-Key Cryptosystems , 1998, CRYPTO.

[16]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[17]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[18]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[19]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[20]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[21]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[22]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[23]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[24]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[25]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[26]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[27]  Michael K. Reiter,et al.  Alternatives to Non-malleability: Definitions, Constructions, and Applications (Extended Abstract) , 2004, TCC.

[28]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[29]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[30]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[31]  Jorge Luis Villar,et al.  Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption , 2006, ASIACRYPT.

[32]  Ron Steinfeld,et al.  On the Provable Security of an Efficient RSA-Based Pseudorandom Generator , 2006, ASIACRYPT.

[33]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[34]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[35]  Steven Myers,et al.  Towards a Separation of Semantic and CCA Security for Public Key Encryption , 2007, TCC.

[36]  Abhi Shelat,et al.  Bounded CCA2-Secure Encryption , 2007, ASIACRYPT.

[37]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[38]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[39]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[40]  Adam O'Neill,et al.  Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles , 2008, CRYPTO.

[41]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[42]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[43]  Serge Fehr,et al.  On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles , 2008, CRYPTO.

[44]  Eike Kiltz,et al.  Practical Chosen Ciphertext Secure Encryption from Factoring , 2009, EUROCRYPT.

[45]  Steven Myers,et al.  Bit Encryption Is Complete , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[46]  Gil Segev,et al.  Chosen-Ciphertext Security via Correlated Products , 2009, SIAM J. Comput..

[47]  Marc Joye,et al.  Chosen-Ciphertext Secure RSA-Type Cryptosystems , 2009, ProvSec.

[48]  Ran Canetti,et al.  Towards a Theory of Extractable Functions , 2009, TCC.

[49]  Tal Malkin,et al.  Simple, Black-Box Constructions of Adaptively Secure Protocols , 2009, TCC.

[50]  Ronald Cramer,et al.  A Twist on the Naor-Yung Paradigm and Its Application to Efficient CCA-Secure Encryption from Hard Search Problems , 2010, TCC.

[51]  Yevgeniy Vahlis,et al.  Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs , 2010, TCC.

[52]  Scott Yilek,et al.  Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions , 2010, Public Key Cryptography.

[53]  Brent Waters,et al.  Lossy Trapdoor Functions and Their Applications , 2011, SIAM J. Comput..