Efficient and Non-malleable Proofs of Plaintext Knowledge and Applications

We describe efficient protocols for non-malleable (interactive) proofs of plaintext knowledge for the RSA, Rabin, Paillier, and El Gamal encryption schemes. We also highlight some important applications of these protocols: - Chosen-ciphertext-secure, interactive encryption. In settings where both parties are on-line, an interactive encryption protocol may be used. We construct chosen-ciphertext-secure interactive encryption schemes based on any of the schemes above. In each case, the improved scheme requires only a small overhead beyond the original, semantically-secure scheme. - Password-based authenticated key exchange. We derive efficient protocols for password-based key exchange in the public-key model [28, 5] whose security may be based on any of the cryptosystems mentioned above. - Deniable authentication. Our techniques give the first efficient constructions of deniable authentication protocols based on, e.g., the RSA or computational Diffie-Hellman assumption. Of independent interest, we consider the concurrent composition of proofs of knowledge; this is essential to prove security of our protocols when run in an asynchronous, concurrent environment.

[1]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[2]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[5]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[6]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[7]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[8]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[9]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[10]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[11]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[12]  Maurizio Kliban Boyarsky,et al.  Public-key cryptography and password protocols: the multi-user case , 1999, CCS '99.

[13]  Moni Naor,et al.  Zaps and their applications , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[14]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[15]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[16]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[17]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1998, CCS '98.

[18]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[19]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[20]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[21]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[22]  Jonathan Katz,et al.  Efficient cryptographic protocols preventing man-in-the-middle attacks , 2002 .

[23]  Stuart Alan Haber Multiparty cryptographic computation: techniques and applications , 1988 .

[24]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[25]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[26]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[27]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[28]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[29]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[30]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[31]  Moni Naor,et al.  Deniable Ring Authentication , 2002, CRYPTO.

[32]  Juan A. Garay,et al.  Concurrent oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[33]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[34]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .

[35]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[36]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[37]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[38]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[39]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[40]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[41]  Claus-Peter Schnorr,et al.  Fast Signature Generation With a Fiat Shamir-Like Scheme , 1991, EUROCRYPT.

[42]  Moti Yung,et al.  Symmetric Public-Key Encryption , 1985, CRYPTO.

[43]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.