Lossy Trapdoor Functions from Smooth Homomorphic Hash Proof Systems

In STOC ’08, Peikert and Waters introduced a powerful new primitive called Lossy Trapdoor Functions (LTDFs). Since their introduction, lossy trapdoor functions have found many uses in cryptography. In the work of Peikert and Waters, lossy trapdoor functions were used to give an efficient construction of a chosen-ciphertext secure (IND-CCA2) cryptosystem. Lossy trapdoor functions were then shown to imply deterministic encryption by Bellare, Fischlin, O’Neill and Ristenpart in CRYPTO ’08. In TCC ’09, Rosen and Segev showed that lossy trapdoor functions are correlated product secure, meaning that they remain one-way even when evaluated on correlated inputs. In their work, Peikert and Waters gave constructions of LTDFs from the Decisional DiffieHellman (DDH) assumption and lattice assumptions. Bellare et al., and Rosen and Segev also gave (identical) efficient constructions of LTDFs from Paillier’s Decisional Composite Residuosity (DCR) assumption. To date, these remain the only known constructions of lossy trapdoor functions. In this work we extend the notion of smooth hash proof systems as defined by Cramer and Shoup in Eurocrypt ’02, to include an additional homomorphic property. We call this primitive smooth homomorphic hash proof systems. We show that smooth homomorphic projective hash proof systems include all Diverse Group Systems as defined by Cramer and Shoup. Using this definition, we show that • Smooth homomorphic hash proof systems imply LTDFs. • Diverse group systems as defined in [CS02] imply LTDFs. These are the first known generic constructions of LTDFs. • Applying our generic construction the specific constructions of smooth hash proof systems given by Cramer and Shoup, we obtain the first construction of LTDFs from the quadratic residuosity (QR) assumption. We also obtain a novel construction of LTDFs from Paillier’s decisional composite residuosity (DCR) assumption. • Applying our results to the results of Bellare et al. we obtain a construction of deterministic encryption from smooth homomorphic hash proof systems. • Applying our results to the results of Rosen and Segev, we obtain a construction of correlated product secure functions from smooth homomorphic hash proof systems. This provides the first construction of correlated product secure functions from the QR assumption. • Applying the black-box separation results of Rosen and Segev, we show that there is a blackbox separation between smooth homomorphic hash proof systems and one-way trapdoor permutations. • While homomorphic encryption can never be IND-CCA2 secure, we notice that smooth homomorphic hash proof systems yield a homomorphic IND-CCA1 secure cryptosystem. ISSN 1433-8092 Electronic Colloquium on Computational Complexity, Report No. 127 (2009)

[1]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[2]  Adam O'Neill,et al.  Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles , 2008, CRYPTO.

[3]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[4]  Oded Goldreich,et al.  More Constructions of Lossy and Correlation-Secure Trapdoor Functions , 2011, Journal of Cryptology.

[5]  Gil Segev,et al.  Efficient Lossy Trapdoor Functions based on the Composite Residuosity Assumption , 2008, IACR Cryptol. ePrint Arch..

[6]  Manoj Prabhakaran,et al.  Rerandomizable RCCA Encryption , 2007, CRYPTO.

[7]  Scott Yilek,et al.  Chosen-Ciphertext Security from Slightly Lossy Trapdoor Functions , 2010, Public Key Cryptography.

[8]  Manoj Prabhakaran,et al.  Homomorphic Encryption with CCA Security , 2008, ICALP.

[9]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[10]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[11]  Gil Segev,et al.  Chosen-Ciphertext Security via Correlated Products , 2009, SIAM J. Comput..

[12]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[13]  Brent Waters,et al.  Lossy Trapdoor Functions and Their Applications , 2011, SIAM J. Comput..

[14]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[15]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[16]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[17]  Serge Fehr,et al.  On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles , 2008, CRYPTO.