Structure-Preserving Smooth Projective Hashing

Smooth projective hashing has proven to be an extremely useful primitive, in particular when used in conjunction with commitments to provide implicit decommitment. This has lead to applications proven secure in the UC framework, even in presence of an adversary which can do adaptive corruptions, like for example Password Authenticated Key Exchange $$\mathsf {PAKE}$$, and 1-out-of-m Oblivious Transfer $$\textsf {OT} $$. However such solutions still lack in efficiency, since they heavily scale on the underlying message length. Structure-preserving cryptography aims at providing elegant and efficient schemes based on classical assumptions and standard group operations on group elements. Recent trend focuses on constructions of structure-preserving signatures, which require message, signature and verification keys to lie in the base group, while the verification equations only consist of pairing-product equations. Classical constructions of Smooth Projective Hash Function suffer from the same limitation as classical signatures: at least one part of the computation messages for signature, witnesses for SPHF is a scalar. In this work, we introduce and instantiate the concept of Structure-Preserving Smooth Projective Hash Function, and give as applications more efficient instantiations for one-round $$\mathsf {PAKE}$$ and three-round $$\textsf {OT} $$, and information retrieval thanks to Anonymous Credentials, all UC-secure against adaptive adversaries.

[1]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[2]  David Pointcheval,et al.  SPHF-Friendly Non-interactive Commitments , 2013, ASIACRYPT.

[3]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[4]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[6]  Yael Tauman Kalai,et al.  Smooth Projective Hashing and Two-Message Oblivious Transfer , 2005, Journal of Cryptology.

[7]  David Pointcheval,et al.  Analysis and Improvement of Lindell's UC-Secure Commitment Schemes , 2013, IACR Cryptol. ePrint Arch..

[8]  Ninghui Li,et al.  Oblivious signature-based envelope , 2003, PODC '03.

[9]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[10]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[11]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[12]  David Pointcheval,et al.  Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages , 2013, IACR Cryptol. ePrint Arch..

[13]  Yehuda Lindell,et al.  Universally Composable Password-Based Key Exchange , 2005, EUROCRYPT.

[14]  Jan Camenisch,et al.  Practical Group Signatures without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[15]  Jonathan Katz,et al.  Universally-Composable Two-Party Computation in Two Rounds , 2007, CRYPTO.

[16]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[17]  Jonathan Katz,et al.  Efficient, Adaptively Secure, and Composable Oblivious Transfer with a Single, Global CRS , 2013, Public Key Cryptography.

[18]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[19]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[20]  David Pointcheval,et al.  New Techniques for SPHFs and Efficient One-Round PAKE Protocols , 2013, IACR Cryptol. ePrint Arch..

[21]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[22]  Ryo Nishimaki,et al.  Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions , 2015, Journal of Cryptology.

[23]  Jörn Müller-Quade,et al.  Universally Composable Commitments Using Random Oracles , 2004, TCC.

[24]  Jonathan Katz,et al.  Smooth Projective Hashing and Password-Based Authenticated Key Exchange from Lattices , 2009, ASIACRYPT.

[25]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[26]  David Pointcheval,et al.  Round-Optimal Privacy-Preserving Protocols with Smooth Projective Hash Functions , 2012, TCC.

[27]  Jonathan Katz,et al.  Round-Optimal Password-Based Authenticated Key Exchange , 2011, Journal of Cryptology.

[28]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[29]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[30]  Ryo Nishimaki,et al.  Tagged One-Time Signatures: Tight Security and Optimal Tag Size , 2013, Public Key Cryptography.

[31]  Olivier Blazy,et al.  Non-Interactive Zero-Knowledge Proofs of Non-Membership , 2015, CT-RSA.

[32]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[33]  David Chaum,et al.  Showing Credentials Without Identification: SIgnatures Transferred Between Unconditionally Unlinkable Pseudonyms , 1985, EUROCRYPT.

[34]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[35]  Marc Fischlin,et al.  Non-interactive and Re-usable Universally Composable String Commitments with Adaptive Security , 2011, ASIACRYPT.

[36]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[37]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[38]  Mehdi Tibouchi,et al.  Structure-Preserving Signatures from Type II Pairings , 2014, CRYPTO.

[39]  Eike Kiltz,et al.  Structure-Preserving Signatures from Standard Assumptions, Revisited , 2015, CRYPTO.

[40]  Charanjit S. Jutla,et al.  Dual-System Simulation-Soundness with Applications to UC-PAKE and More , 2015, ASIACRYPT.

[41]  David Pointcheval,et al.  Smooth Projective Hashing for Conditionally Extractable Commitments , 2009, CRYPTO.

[42]  Yehuda Lindell,et al.  Highly-Efficient Universally-Composable Commitments based on the DDH Assumption , 2011, IACR Cryptol. ePrint Arch..

[43]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[44]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[45]  Olivier Blazy,et al.  Generic Construction of UC-Secure Oblivious Transfer , 2015, ACNS.

[46]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[47]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[48]  Mehdi Tibouchi,et al.  Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures , 2014, IACR Cryptol. ePrint Arch..

[49]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[50]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[51]  Charanjit S. Jutla,et al.  Smooth NIZK Arguments with Applications to Asymmetric UC-PAKE , 2016, IACR Cryptol. ePrint Arch..