Improved Non-committing Encryption with Applications to Adaptively Secure Protocols

We present a new construction of non-committing encryption schemes. Unlike the previous constructions of Canetti et al. (STOC '96) and of Damgard and Nielsen (Crypto '00), our construction achieves all of the following properties: Optimal round complexity. Our encryption scheme is a 2-round protocol, matching the round complexity of Canetti et al. and improving upon that in Damgard and Nielsen. Weaker assumptions. Our construction is based on trapdoor simulatable cryptosystems , a new primitive that we introduce as a relaxation of those used in previous works. We also show how to realize this primitive based on hardness of factoring. Improved efficiency. The amortized complexity of encrypting a single bit is O (1) public key operations on a constant-sized plaintext in the underlying cryptosystem. As a result, we obtain the first non-committing public-key encryption schemes under hardness of factoring and worst-case lattice assumptions; previously, such schemes were only known under the CDH and RSA assumptions. Combined with existing work on secure multi-party computation, we obtain protocols for multi-party computation secure against a malicious adversary that may adaptively corrupt an arbitrary number of parties under weaker assumptions than were previously known. Specifically, we obtain the first adaptively secure multi-party protocols based on hardness of factoring in both the stand-alone setting and the UC setting with a common reference string.

[1]  Eric Bach,et al.  How to Generate Factored Random Numbers , 1988, SIAM J. Comput..

[2]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[3]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[4]  Adam Tauman Kalai Generating Random Factored Numbers, Easily , 2002, SODA '02.

[5]  Donald Beaver,et al.  Cryptographic Protocols Provably Secure Against Dynamic Adversaries , 1992, EUROCRYPT.

[6]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[7]  Jonathan Katz,et al.  Adaptively-Secure, Non-interactive Public-Key Encryption , 2005, TCC.

[8]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[9]  Michael Rubinstein,et al.  Chebyshev's Bias , 1994, Exp. Math..

[10]  Stanislaw Jarecki,et al.  Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures , 2000, EUROCRYPT.

[11]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[12]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[13]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[14]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[15]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[16]  Daniel Wichs,et al.  Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer , 2009, IACR Cryptol. ePrint Arch..

[17]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[18]  Tal Malkin,et al.  Simple, Black-Box Constructions of Adaptively Secure Protocols , 2009, TCC.

[19]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[20]  Shai Halevi,et al.  Efficient Commitment Schemes with Bounded Sender and Unbounded Receiver , 1995, Journal of Cryptology.

[21]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, Annual International Cryptology Conference.

[22]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[23]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[24]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[25]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[26]  Rafail Ostrovsky,et al.  Round-Optimal Secure Two-Party Computation , 2004, CRYPTO.

[27]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[28]  Claus-Peter Schnorr,et al.  Security of 2^t-Root Identification and Signatures , 1996, CRYPTO.

[29]  Andrew Granville,et al.  Prime Number Races , 2004, Am. Math. Mon..

[30]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[31]  Donald Beaver,et al.  Plug and Play Encryption , 1997, CRYPTO.

[32]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[33]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[34]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[35]  Marc Fischlin,et al.  The Representation Problem Based on Factoring , 2002, CT-RSA.

[36]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[37]  Donald Beaver,et al.  Adaptively Secure Oblivious Transfer , 1998, ASIACRYPT.