Abstract
In this paper, we are interested in constructing Puncturable Pseudorandom Functions (PPRFs), a special class of constrained PRFs. While selectively secure PPRFs can be constructed from GGM tree-based PRFs, the adaptive counterpart is tricky to deal with. Inspired by previous works, we investigate on the possibility of directly obtaining adaptively-secure PPRF from Puncturable Identity-based Key Encapsulation Mechanism (PIB-KEM). Our contributions can be summarized as follows: (i) we show that one could derive adaptively-secure PPRFs very naturally originating from PIB-KEM satisfying two necessary conditions. (ii) we define t-puncturable IB-KEM (t-PIBKEM) and show its existence by an efficient conversion basing on Hierarchical IB-KEM (HIB-KEM). Furthermore, we demonstrate its application to constructing t-puncturable PRFs, a generalized notion of PPRFs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abdalla, M., Catalano, D., Fiore, D.: Verifiable random functions: relations to identity-based key encapsulation and new constructions. J. Cryptol. 27(3), 544–593 (2014)
Bentahar, K., Farshim, P., Malone-Lee, J., Smart, N.P.: Generic constructions of identity-based and certificateless kems. J. Cryptol. 21(2), 178–199 (2008)
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26
Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 280–300. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_15
Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_27
Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 501–519. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_29
Chen, Y., Zhang, J., Deng, Y., Chang, J.: KDM security for identity-based encryption: constructions and separations. Inf. Sci. 486, 450–473 (2019)
Hohenberger, S., Koppula, V., Waters, B.: Adaptively secure puncturable pseudorandom functions in the standard model. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 79–102. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_4
Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) CCS 2013, pp. 669–684. ACM, New York (2013). https://doi.org/10.1145/2508859.2516668
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) STOC 2014, pp. 475–484. ACM (2014). https://doi.org/10.1145/2591796.2591825
Acknowledgments
The authors would like to thank anonymous reviewers for their helpful comments and suggestions. This work was supported by National Natural Science Foundation of China (Grants 61772514,61602061), and National Key R&D Program of China (2017YFB1400700).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Pseudorandom decapsulation of t-PIB-KEM (Fig. 4)
B Proof of Theorem 2
Proof
The property of unique derivation obviously ensures it to be PRF.
Suppose there exists an adversary \(\mathcal {A}\) that breaks the adaptive pseudorandomness of t-puncturable \(\mathsf {PRF}\) with probability \(\frac{1}{2}+\epsilon (\lambda )\), where \(\epsilon (\lambda )\) is non-negligible, we build an algorithm \(\mathcal {B}\) which has advantage \(\epsilon (\lambda )\) in the t-PIB-KEM-RDECAP game.
\(\mathcal {B}\) gets as input \((\mathsf {mpk},C^*,\mathsf {id}^*)\) and simulates the adaptive pseudorandomness game with \(\mathcal {A}\). On receiving an evaluation query \(x\in \mathcal {ID}\) from \(\mathcal {A}\), \(\mathcal {B}\) queries its own \(\mathsf {KeyDer}(\cdot )\) oracle and obtains \(\mathsf {sk}_x\). Then it uses \(\mathsf {sk}_x\) to compute \(\mathsf {Decap}(C^*,\mathsf {sk}_x)\). That is, \(F(k,x)=\mathsf {Decap}(C^*,\mathsf {KeyDer}(\mathsf {msk},x))\). When \(\mathcal {A}\) issues a key query of a set S, \(\mathcal {B}\) submits this set to oracle \(\mathsf {Puncture}(\mathsf {msk},\cdot )\) and gets back \(\mathsf {Puncture}(\mathsf {msk},S)\). Then it returns \(k_S:=(\mathsf {msk}(S),C^*)\) to \(\mathcal {A}\). When \(\mathcal {A}\) sends the challenge point \(x^*\in \bigcap _{i=1}^q S_i\), \(\mathcal {B}\) sends the same point to its challenger and gets back \(K_b\) where \(K_b=\mathsf {Decap}(C^*,\mathsf {sk}_{x^*})\) or \(K_b\leftarrow \mathcal {K}\). It returns this \(K_b\) to \(\mathcal {A}\). Eventually, \(\mathcal {B}\) outputs whatever \(\mathcal {A}\) outputs to its challenger as \(b'\).
Since \(\mathcal {B}\) simulates perfectly the adaptive pseudorandomness game to \(\mathcal {A}\), the advantage of \(\mathcal {B}\) is the same as \(\mathcal {A}\), namely \(\epsilon (\lambda )\). \(\square \)
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, X., Li, S., Xue, R. (2020). Adaptively Secure Puncturable Pseudorandom Functions via Puncturable Identity-Based KEMs. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds) Information and Communications Security. ICICS 2019. Lecture Notes in Computer Science(), vol 11999. Springer, Cham. https://doi.org/10.1007/978-3-030-41579-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-41579-2_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41578-5
Online ISBN: 978-3-030-41579-2
eBook Packages: Computer ScienceComputer Science (R0)