Black-Box Separations for One-More (Static) CDH and Its Generalization

As one-more problems are widely used in both proving and analyzing the security of various cryptographic schemes, it is of fundamental importance to investigate the hardness of the one-more problems themselves. Bresson et al. (CT-RSA ’08) first showed that it is difficult to rely the hardness of some one-more problems on the hardness of their “regular” ones. Pass (STOC ’11) then gave a stronger black-box separation showing that the hardness of some one-more problems cannot be based on standard assumptions using black-box reductions. However, since previous works only deal with one-more problems whose solution can be efficiently checked, the relation between the hardness of the one-more (static) CDH problem over non-bilinear groups and other hard problems is still unclear. In this work, we give the first impossibility results showing that black-box reductions cannot be used to base the hardness of the one-more (static) CDH problem (over groups where the DDH problem is still hard) on any standard hardness assumption. Furthermore, we also extend the impossibility results to a class of generalized “one-more” problems, which not only subsume/strengthen many existing separations for traditional one-more problems, but also give new separations for many other interesting “one-more” problems.

[1]  Alfred Menezes,et al.  Another look at non-standard discrete log and Diffie-Hellman problems , 2008, J. Math. Cryptol..

[2]  Dario Fiore,et al.  Uniqueness is a Different Story: Impossibility of Verifiable Random Functions from Trapdoor Permutations , 2012, IACR Cryptol. ePrint Arch..

[3]  Marc Fischlin,et al.  Limitations of the Meta-Reduction Technique: The Case of Schnorr Signatures , 2013, IACR Cryptol. ePrint Arch..

[4]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[5]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[6]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[7]  Javier Herranz,et al.  Blind Ring Signatures Secure Under the Chosen-Target-CDH Assumption , 2006, ISC.

[8]  Marc Fischlin,et al.  On the Impossibility of Three-Move Blind Signature Schemes , 2010, EUROCRYPT.

[9]  Robert Granger,et al.  On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields , 2010, IACR Cryptol. ePrint Arch..

[10]  Qiong Huang,et al.  Sakai-Ohgishi-Kasahara Identity-Based Non-Interactive Key Exchange Scheme, Revisited , 2014, ACISP.

[11]  Daniel R. L. Brown,et al.  The Static Diffie-Hellman Problem , 2004, IACR Cryptology ePrint Archive.

[12]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[13]  Dan Boneh,et al.  Breaking RSA May Not Be Equivalent to Factoring , 1998, EUROCRYPT.

[14]  Daniel R. L. Brown,et al.  Irreducibility to the One-More Evaluation Problems: More May Be Less , 2007, IACR Cryptol. ePrint Arch..

[15]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[16]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[17]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[18]  Amit Sahai,et al.  Resolving the Simultaneous Resettability Conjecture and a New Non-Black-Box Simulation Strategy , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[19]  Martín Abadi,et al.  On Hiding Information from an Oracle , 1987, Proceeding Structure in Complexity Theory.

[20]  David Cash,et al.  The Twin Diffie–Hellman Problem and Applications , 2009, Journal of Cryptology.

[21]  Marc Fischlin,et al.  Black-Box Reductions and Separations in Cryptography , 2012, AFRICACRYPT.

[22]  Security of blind digital signatures pdf 3 , 2015 .

[23]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[24]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2008, Journal of Cryptology.

[25]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[26]  Yevgeniy Dodis,et al.  On the Instantiability of Hash-and-Sign RSA Signatures , 2012, TCC.

[27]  Serge Vaudenay,et al.  Progress in Cryptology - AFRICACRYPT 2012 , 2012, Lecture Notes in Computer Science.

[28]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[29]  Ran Canetti,et al.  Adaptive Hardness and Composable Security in the Plain Model from Standard Assumptions , 2010, FOCS.

[30]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[31]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[32]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[33]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Complexity , 2010, Financial Cryptography.

[34]  Jonathan Katz,et al.  Impossibility of Blind Signatures from One-Way Permutations , 2011, TCC.

[35]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[36]  Yannick Seurin,et al.  On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model , 2012, IACR Cryptol. ePrint Arch..

[37]  Sébastien Canard,et al.  Improvement of Efficiency in (Unconditional) Anonymous Transferable E-Cash , 2008, Financial Cryptography.

[38]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[39]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[40]  Chanathip Namprempre,et al.  The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme , 2002, Financial Cryptography.

[41]  Antoine Joux,et al.  Oracle-Assisted Static Diffie-Hellman Is Easier Than Discrete Logarithms , 2009, IMACC.

[42]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[43]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[44]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[45]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[46]  Emmanuel Bresson,et al.  Separation Results on the "One-More" Computational Problems , 2008, CT-RSA.

[47]  Mihir Bellare,et al.  Transitive signatures: new schemes and proofs , 2005, IEEE Transactions on Information Theory.

[48]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[49]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[50]  Hugo Krawczyk,et al.  Adaptive Security for Threshold Cryptosystems , 1999, CRYPTO.

[51]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[52]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[53]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[54]  Phong Q. Nguyen,et al.  Advances in Cryptology – EUROCRYPT 2013 , 2013, Lecture Notes in Computer Science.

[55]  Qiong Huang,et al.  Sakai-Ohgishi-Kasahara Non-Interactive Identity-Based Key Exchange Scheme, Revisited , 2014, IACR Cryptol. ePrint Arch..

[56]  Rafail Ostrovsky,et al.  Security of Blind Digital Signatures (Extended Abstract) , 1997, CRYPTO.

[57]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[58]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[59]  Raghav Bhaskar,et al.  Improved Bounds on Security Reductions for Discrete Log Based Signatures , 2008, CRYPTO.

[60]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[61]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[62]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[63]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[64]  Rafael Pass,et al.  On Constant-Round Concurrent Zero-Knowledge , 2008, TCC.

[65]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.