Skip to main content
SpringerLink
Log in

Tight Leakage-Resilient CCA-Security from Quasi-Adaptive Hash Proof System

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2019 (CRYPTO 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11693))

Included in the following conference series:

Abstract

We propose the concept of quasi-adaptive hash proof system (QAHPS), where the projection key is allowed to depend on the specific language for which hash values are computed. We formalize leakage-resilient(LR)-ardency for QAHPS by defining two statistical properties, including LR-\(\langle \mathscr {L}_0, \mathscr {L}_1 \rangle \)-universal and LR-\(\langle \mathscr {L}_0, \mathscr {L}_1 \rangle \)-key-switching.

We provide a generic approach to tightly leakage-resilient CCA (LR-CCA) secure public-key encryption (PKE) from LR-ardent QAHPS. Our approach is reminiscent of the seminal work of Cramer and Shoup (Eurocrypt’02), and employ three QAHPS schemes, one for generating a uniform string to hide the plaintext, and the other two for proving the well-formedness of the ciphertext. The LR-ardency of QAHPS makes possible the tight LR-CCA security. We give instantiations based on the standard k-Linear (k-LIN) assumptions over asymmetric and symmetric pairing groups, respectively, and obtain fully compact PKE with tight LR-CCA security. The security loss is \({{O}}(\log {Q_{{e}}})\) where \({Q_{{e}}}\) denotes the number of encryption queries. Specifically, our tightly LR-CCA secure PKE instantiation from SXDH has only 4 group elements in the public key and 7 group elements in the ciphertext, thus is the most efficient one.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Gay et al. [19] constructed the state-of-the-art tightly secure (structure-preserving) signature schemes, where the signature is comprised of 14 group elements. By applying the framework in [2, 25], this signature scheme can be transformed to a tightly secure SS-NIZK/tSE-NIZK whose proof contains around 40 group elements.

  2. 2.

    The properties of “constrained soundness” and “extensibility” of QPS are needed for the tight IND-CCA security proof of the PKE proposed by Gay et al. [18]. We note that these two properties of their QPS are unlikely to hold when partial information about the secret key of QPS is leaked to adversary. See our full version [22] for more details. Thus it is reasonable to conjecture that their PKE is not LR-CCA secure.

  3. 3.

    To the best of our knowledge, the PKE scheme in [2] is the only tightly LR-CCA secure one prior to our work.

  4. 4.

    Here \(\mathcal {L}_{\rho _0}\) is from another language collection \(\mathscr {L}_0\) and only appears in the security proof. The same is true for \(\mathcal {L}_{\rho _1}\) and \(\mathscr {L}_1\), as shown later.

  5. 5.

    Note that for the instance \(x^* \in \mathcal {L}_{\rho _0} \cup \mathcal {L}_{\rho _1}\) in challenge ciphertext, the bit indicating whether \(x^* \in \mathcal {L}_{\rho _0}\) or \(x^* \in \mathcal {L}_{\rho _1}\) is consistent with the \((i+1)\)-th bit of \({{ctr}}\), i.e., \(x^* \in \mathcal {L}_{\rho _0}\) if \({{ctr}}_{i+1} = 0\) and \(x^* \in \mathcal {L}_{\rho _1}\) if \({{ctr}}_{i+1} = 1\). But this might not be true for the instances \(x \in \mathcal {L}_{\rho _0} \cup \mathcal {L}_{\rho _1}\) in the decryption queries. This problem is circumvented by borrowing the trick from [18, 24]. We refer to the main body for details.

  6. 6.

    Quasi-adaptiveness of HPS was discussed in [27]. Here we give a formal definition of QAHPS and build our novel LR-ardency notion over it.

  7. 7.

    In fact, this condition can be weakened by only requiring \(\widehat{\varPi }\) and \(\widetilde{\varPi }\) to be subsets of an (additive) group.

  8. 8.

    For technical reasons, the zero vector \([\mathbf {0}]_1\) (resp. \([\mathbf {0}]_2\)) must be excluded from \({\mathsf {span}( [\mathbf {A}_1]_1 )}\) and \(\mathbb {G}_1^{\ell }\) (resp. \({\mathsf {span}( [\mathbf {A}_2]_2 )}\) and \(\mathbb {G}_2^{\ell }\)). For the sake of simplicity, we forgo making this explicit in the sequel.

References

  1. Abdalla, M., Benhamouda, F., Pointcheval, D.: Disjunctions for hash proof systems: new constructions and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 69–100. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_3

    Chapter  Google Scholar 

  2. Abe, M., David, B., Kohlweiss, M., Nishimaki, R., Ohkubo, M.: Tagged one-time signatures: tight security and optimal tag size. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 312–331. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36362-7_20

    Chapter  Google Scholar 

  3. Abe, M., Jutla, C.S., Ohkubo, M., Roy, A.: Improved (almost) tightly-secure simulation-sound QA-NIZK with applications. In: Peyrin, T., Galbraith, S.D. (eds.) ASIACRYPT 2018, Part I. LNCS, vol. 11272, pp. 627–656. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03326-2_21

    Chapter  Google Scholar 

  4. Abe, M., Jutla, C.S., Ohkubo, M., Roy, A.: Improved (almost) tightly-secure simulation-sound QA-NIZK with applications. IACR Cryptology ePrint Archive, Report 2018/849 (2018). http://eprint.iacr.org/2018/849/20190207:025738

    Google Scholar 

  5. Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_28

    Chapter  MATH  Google Scholar 

  6. Alwen, J., Dodis, Y., Naor, M., Segev, G., Walfish, S., Wichs, D.: Public-key encryption in the bounded-retrieval model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 113–134. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_6

    Chapter  MATH  Google Scholar 

  7. Attrapadung, N., Hanaoka, G., Yamada, S.: A framework for identity-based encryption with almost tight security. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 521–549. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_22

    Chapter  Google Scholar 

  8. Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_18

    Chapter  MATH  Google Scholar 

  9. Chen, J., Wee, H.: Fully, (almost) tightly secure IBE and dual system groups. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 435–460. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_25

    Chapter  Google Scholar 

  10. Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_4

    Chapter  Google Scholar 

  11. Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient public-key cryptography in the presence of key leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_35

    Chapter  MATH  Google Scholar 

  12. Dodis, Y., Kiltz, E., Pietrzak, K., Wichs, D.: Message authentication, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 355–374. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_22

    Chapter  Google Scholar 

  13. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)

    Article  MathSciNet  Google Scholar 

  14. Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.L.: An algebraic framework for Diffie-Hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_8

    Chapter  Google Scholar 

  15. Faonio, A., Venturi, D.: Efficient public-key cryptography with bounded leakage and tamper resilience. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 877–907. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_32

    Chapter  Google Scholar 

  16. Fujisaki, E., Xagawa, K.: Public-key cryptosystems resilient to continuous tampering and leakage of arbitrary functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 908–938. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_33

    Chapter  Google Scholar 

  17. Gay, R., Hofheinz, D., Kiltz, E., Wee, H.: Tightly CCA-secure encryption without pairings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 1–27. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_1

    Chapter  Google Scholar 

  18. Gay, R., Hofheinz, D., Kohl, L.: Kurosawa-Desmedt meets tight security. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 133–160. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_5

    Chapter  Google Scholar 

  19. Gay, R., Hofheinz, D., Kohl, L., Pan, J.: More efficient (almost) tightly secure structure-preserving signatures. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part II. LNCS, vol. 10821, pp. 230–258. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_8

    Chapter  Google Scholar 

  20. Gong, J., Chen, J., Dong, X., Cao, Z., Tang, S.: Extended nested dual system groups, revisited. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016, Part I. LNCS, vol. 9614, pp. 133–163. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49384-7_6

    Chapter  Google Scholar 

  21. Halderman, J.A., et al.: Lest we remember: cold boot attacks on encryption keys. In: van Oorschot, P.C. (ed.) USENIX Security Symposium 2008, pp. 45–60. USENIX Association (2008)

    Google Scholar 

  22. Han, S., Liu, S., Lyu, L., Gu, D.: Tight leakage-resilient CCA-security from quasi-adaptive hash proof system. IACR Cryptology ePrint Archive, Report 2019/512 (2019). http://eprint.iacr.org/2019/512

  23. Hofheinz, D.: Algebraic partitioning: fully compact and (almost) tightly secure cryptography. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016, Part I. LNCS, vol. 9562, pp. 251–281. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49096-9_11

    Chapter  MATH  Google Scholar 

  24. Hofheinz, D.: Adaptive partitioning. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part III. LNCS, vol. 10212, pp. 489–518. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_17

    Chapter  Google Scholar 

  25. Hofheinz, D., Jager, T.: Tightly secure signatures and public-key encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 590–607. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_35

    Chapter  Google Scholar 

  26. Jutla, C.S., Roy, A.: Shorter quasi-adaptive NIZK proofs for linear subspaces. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_1

    Chapter  Google Scholar 

  27. Jutla, C.S., Roy, A.: Dual-system simulation-soundness with applications to UC-PAKE and more. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 630–655. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_26

    Chapter  Google Scholar 

  28. Kiltz, E., Wee, H.: Quasi-adaptive NIZK for linear subspaces revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 101–128. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_4

    Chapter  Google Scholar 

  29. Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_26

    Chapter  Google Scholar 

  30. Libert, B., Peters, T., Joye, M., Yung, M.: Non-malleability from malleability: simulation-sound quasi-adaptive NIZK proofs and CCA2-secure encryption from homomorphic signatures. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 514–532. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_29

    Chapter  Google Scholar 

  31. Libert, B., Peters, T., Joye, M., Yung, M.: Compactly hiding linear spans. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 681–707. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_28

    Chapter  Google Scholar 

  32. Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_2

    Chapter  Google Scholar 

  33. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz, H. (ed.) STOC 1990, pp. 427–437. ACM (1990)

    Google Scholar 

  34. Qin, B., Liu, S.: Leakage-resilient chosen-ciphertext secure public-key encryption from hash proof system and one-time lossy filter. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 381–400. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_20

    Chapter  Google Scholar 

  35. Qin, B., Liu, S., Chen, K.: Efficient chosen-ciphertext secure public-key encryption scheme with high leakage-resilience. IET Inf. Secur. 9(1), 32–42 (2015)

    Article  Google Scholar 

  36. Wee, H.: Dual projective hashing and its applications — lossy trapdoor functions and more. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 246–262. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_16

    Chapter  Google Scholar 

Download references

Acknowledgments

We would like to thank the anonymous reviewers for their comments and suggestions. We are grateful to Dennis Hofheinz and Jiaxin Pan for helpful discussions and advices. Shuai Han, Shengli Liu and Lin Lyu are supported by the National Natural Science Foundation of China Grant (No. 61672346). Dawu Gu is supported by the National Natural Science Foundation of China Grant (No. U1636217) together with Program of Shanghai Academic Research Leader (16XD1401300). Shuai Han is also supported by the National Natural Science Foundation of China Grant (No. 61802255).

Author information

Authors and Affiliations

  1. School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China

    Shuai Han, Shengli Liu, Lin Lyu & Dawu Gu

  2. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Shengli Liu

  3. Westone Cryptologic Research Center, Beijing, 100070, China

    Shengli Liu

  4. Ant Financial, Hangzhou, 310012, China

    Shuai Han

Authors
  1. Shuai Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shengli Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lin Lyu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dawu Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shengli Liu .

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, Atlanta, GA, USA

    Alexandra Boldyreva

  2. University of California at San Diego, La Jolla, CA, USA

    Daniele Micciancio

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Han, S., Liu, S., Lyu, L., Gu, D. (2019). Tight Leakage-Resilient CCA-Security from Quasi-Adaptive Hash Proof System. In: Boldyreva, A., Micciancio, D. (eds) Advances in Cryptology – CRYPTO 2019. CRYPTO 2019. Lecture Notes in Computer Science(), vol 11693. Springer, Cham. https://doi.org/10.1007/978-3-030-26951-7_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26951-7_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26950-0

  • Online ISBN: 978-3-030-26951-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation