Skip to main content
SpringerLink
Log in

Knowledge Encryption and Its Applications to Simulatable Protocols with Low Round-Complexity

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2022 (ASIACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13793))

  • 752 Accesses

Abstract

We introduce a new notion of public key encryption, knowledge encryption, for which its ciphertexts can be reduced to the public-key, i.e., any algorithm that can break the ciphertext indistinguishability can be used to extract the (partial) secret key. We show that knowledge encryption can be built solely on any two-round oblivious transfer with game-based security, which are known based on various standard (polynomial-hardness) assumptions, such as the DDH, the Quadratic(\(N^{th}\)) Residuosity or the LWE assumption.

We use knowledge encryption to construct the first three-round (weakly) simulatable oblivious transfer. This protocol satisfies (fully) simulatable security for the receiver, and weakly simulatable security (\((T,\epsilon )\)-simulatability) for the sender in the following sense: for any polynomial T and any inverse polynomial \(\epsilon \), there exists an efficient simulator such that the distinguishing gap of any distinguisher of size less than T is at most \(\epsilon \).

Equipped with these tools, we construct a variety of fundamental cryptographic protocols with low round-complexity, assuming only the existence of two-round oblivious transfer with game-based security. These protocols include three-round delayed-input weak zero knowledge argument, three-round weakly secure two-party computation, three-round concurrent weak zero knowledge in the BPK model, and a two-round commitment with weak security under selective opening attack. These results improve upon the assumptions required by the previous constructions. Furthermore, all our protocols enjoy the above \((T,\epsilon )\)-simulatability (stronger than the distinguisher-dependent simulatability), and are quasi-polynomial time simulatable under the same (polynomial hardness) assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that the result of [14] that distinguisher-dependent simulatability can be upgraded to \((T,\epsilon )\)-simulatability holds only for zero knowledge protocols.

  2. 2.

    Note that the three-round WI and the \(\varSigma \)-protocol used in our construction can be based on non-interactive commitment. As noted in [12], combing the recent work of [39] with the work [24], one can build non-interactive commitment from two-round (perfectly correct) OT with game-based security. Thus, two-round OT with game-based security as we define is sufficient for constructing all primitives used in our protocol.

  3. 3.

    Here we actually need Goldriech-Kahan technique to bound the running time of the extractor, see the detailed proof in the full version of this paper [17].

  4. 4.

    If the simulator fails to decrypt a ciphertext, it sets the corresponding “plaintext” to be \(\perp \).

  5. 5.

    One exceptional case is the UC composition [11], where \(\varPi \) may be composed with arbitrarily unknown protocols.

  6. 6.

    In the following proofs, we only consider the case that \(\Vert y\Vert _1=1\). In this case, C will output a coordinate of w, and the extractor will extract the witness bit-by-bit.

  7. 7.

    For ease of presentation, we assume that for every \(x\in L\cap \{0,1\}^\lambda \) there is a string \(w^*\in \{0,1\}^\ell \) such that \((x,w^*)\notin R_L\). For any NP relation \(R_L\) that does not satisfy this condition, one can easily extend it to a new relation:

    $$R'_L:={(x,w')\in \{0,1\}^\lambda \times \{0,1\}^{\ell +1}: w'=w\Vert 1~\text {and}~ (x,w)\in R_L},$$

    for which \(w\Vert 0\) is not a valid witness (for any instance x).

  8. 8.

    D might know of the random coins used to sample \(\textsf {pk}^*\).

  9. 9.

    Like the honest receiver, the simulator sets the “plaintext” of an undecryptable ciphertext to be \(\perp \).

References

  1. Aiello, B., Ishai, Y., Reingold, O.: Priced oblivious transfer: how to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_8

    Chapter  Google Scholar 

  2. Aiello, W., Bhatt, S., Ostrovsky, R., Rajagopalan, S.R.: Fast verification of any remote procedure call: short witness-indistinguishable one-round proofs for NP. In: Montanari, U., Rolim, J.D.P., Welzl, E. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 463–474. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45022-X_39

    Chapter  Google Scholar 

  3. Alwen, J., Persiano, G., Visconti, I.: Impossibility and feasibility results for zero knowledge with public keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 135–151. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_9

    Chapter  Google Scholar 

  4. Ananth, P., Jain, A.: On secure two-party computation in three rounds. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 612–644. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_21

    Chapter  Google Scholar 

  5. Badrinarayanan, S., Goyal, V., Jain, A., Kalai, Y.T., Khurana, D., Sahai, A.: Promise zero knowledge and its applications to round optimal MPC. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 459–487. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_16

    Chapter  Google Scholar 

  6. Benhamouda, F., Lin, H.: k-round multiparty computation from k-round oblivious transfer via garbled interactive circuits. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 500–532. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_17

    Chapter  Google Scholar 

  7. Bitansky, N., Brakerski, Z., Kalai, Y., Paneth, O., Vaikuntanathan, V.: 3-message zero knowledge against human ignorance. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 57–83. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53641-4_3

    Chapter  Google Scholar 

  8. Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: On the existence of extractable one-way functions. In: Proceedings of the 45th Annual ACM Symposium on the Theory of Computing - STOC’14, pp. 505–514. ACM Press (2014). https://doi.org/10.1145/2591796.2591859

  9. Bitansky, N., Khurana, D., Paneth, O.: Weak zero-knowledge beyond the black-box barrier. In: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing - STOC’19, pp. 1091–1102. ACM press (2019). https://doi.org/10.1145/3313276.3316382

  10. Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 370–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_14

    Chapter  Google Scholar 

  11. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd Annual Symposium on Foundations of Computer Science - FOCS’01, pp. 136–145. IEEE Computer Society (2001). https://doi.org/10.1109/SFCS.2001.959888

  12. Rai Choudhuri, A., Ciampi, M., Goyal, V., Jain, A., Ostrovsky, R.: Round optimal secure multiparty computation from minimal assumptions. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12551, pp. 291–319. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_11

    Chapter  Google Scholar 

  13. Choudhuri, A.R., Ciampi, M., Goyal, V., Jain, A., Ostrovsky, R.: Oblivious transfer from trapdoor permutations in minimal rounds. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13043, pp. 518–549. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90453-1_18

    Chapter  Google Scholar 

  14. Chung, K.-M., Lui, E., Pass, R.: From weak to strong zero-knowledge and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 66–92. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_4

    Chapter  Google Scholar 

  15. Ciampi, M., Ostrovsky, R., Siniscalchi, L., Visconti, I.: Round-optimal secure two-party computation from trapdoor permutations. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 678–710. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_23

    Chapter  Google Scholar 

  16. Deng, Y.: Individual simulations. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 805–836. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_27

    Chapter  Google Scholar 

  17. Deng, Y., Zhang, X.: Knowledge encryption and its applications to simulatable protocols with low round-complexity. Cryptology ePrint Archive, Paper 2022/1193 (2022). https://eprint.iacr.org/2022/1193

  18. Döttling, N., Garg, S., Hajiabadi, M., Masny, D., Wichs, D.: Two-round oblivious transfer from CDH or LPN. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 768–797. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_26

    Chapter  Google Scholar 

  19. Friolo, D., Masny, D., Venturi, D.: A black-box construction of fully-simulatable, round-optimal oblivious transfer from strongly uniform key agreement. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11891, pp. 111–130. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_5

    Chapter  MATH  Google Scholar 

  20. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Proceedings of the 45th Annual ACM Symposium on Theory of Computing - STOC’13, p. 467–476. ACM press (2013). https://doi.org/10.1145/2488608.2488667

  21. Garg, S., Mukherjee, P., Pandey, O., Polychroniadou, A.: The exact round complexity of secure computation. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 448–476. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_16

    Chapter  Google Scholar 

  22. Garg, S., Srinivasan, A.: Two-round multiparty secure computation from minimal assumptions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 468–499. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_16

    Chapter  Google Scholar 

  23. Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: Proceedings of the 30th Annual ACM Symposium on Theory of Computing - STOC’98, p. 151–160. ACM press (1998). https://doi.org/10.1145/276698.276723

  24. Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: Proceedings of the 41th Annual IEEE Symposium on Foundations of Computer Science - FOCS’00, pp. 325–335. IEEE Computer Society (2000). https://doi.org/10.1109/SFCS.2000.892121

  25. Goldreich, O.: Foundations of Cryptography, vol. Basic Applications. Cambridge University Press (2004). https://doi.org/10.1017/CBO9780511721656

  26. Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9(3), 167–189 (1996). https://doi.org/10.1007/BF00208001

    Article  MATH  Google Scholar 

  27. Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM J. Comput. 25(1), 169–192 (1996). https://doi.org/10.1137/S0097539791220688

    Article  MATH  Google Scholar 

  28. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing - STOC’87, pp. 218–229. ACM press (1987). https://doi.org/10.1145/28395.28420

  29. Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: How to run turing machines on encrypted data. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 536–553. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_30

    Chapter  Google Scholar 

  30. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989). https://doi.org/10.1137/0218012

    Article  MATH  Google Scholar 

  31. Goyal, V., Jain, A., Jin, Z., Malavolta, G.: Statistical zaps and new oblivious transfer protocols. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 668–699. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_23

    Chapter  Google Scholar 

  32. Halevi, S., Hazay, C., Polychroniadou, A., Venkitasubramaniam, M.: Round-optimal secure multi-party computation. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 488–520. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_17

    Chapter  Google Scholar 

  33. Halevi, S., Kalai, Y.T.: Smooth projective hashing and two-message oblivious transfer. J. Cryptol. 25(1), 158–193 (2010). https://doi.org/10.1007/s00145-010-9092-8

    Article  MATH  Google Scholar 

  34. Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 158–189. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_6

    Chapter  MATH  Google Scholar 

  35. Kalai, Y.T., Khurana, D., Sahai, A.: Statistical witness indistinguishability (and more) in two messages. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 34–65. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_2

    Chapter  MATH  Google Scholar 

  36. Kalai, Y.T., Raz, R.: Probabilistically checkable arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 143–159. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_9

    Chapter  Google Scholar 

  37. Katz, J., Ostrovsky, R.: Round-optimal secure two-party computation. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 335–354. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_21

    Chapter  Google Scholar 

  38. Kiyoshima, S.: Black-box impossibilities of obtaining 2-round weak ZK and strong WI from polynomial hardness. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13042, pp. 369–400. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90459-3_13

    Chapter  Google Scholar 

  39. Lombardi, A., Schaeffer, L.: A note on key agreement and non-interactive commitments. Cryptology ePrint Archive, Paper 2019/279 (2019). https://eprint.iacr.org/2019/279

  40. Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the 12th Annual Symposium on Discrete Algorithms - SODA’01, pp. 448–457. Society for Industrial and Applied Mathematics (2001)

    Google Scholar 

  41. Ostrovsky, R., Richelson, S., Scafuro, A.: Round-optimal black-box two-party computation. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 339–358. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_17

    Chapter  Google Scholar 

  42. Pass, R.: Simulation in quasi-polynomial time, and its application to protocol composition. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 160–176. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_10

    Chapter  Google Scholar 

  43. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31

    Chapter  Google Scholar 

  44. Xiao, D.: (Nearly) round-optimal black-box constructions of commitments secure against selective opening attacks. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 541–558. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_33

    Chapter  Google Scholar 

  45. Xiao, D.: Errata to (Nearly) round-optimal black-box constructions of commitments secure against selective opening attacks. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 721–722. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_40

    Chapter  Google Scholar 

Download references

Acknowledgments

We would like to thank the anonymous reviewers for their valuable suggestions. We are supported by the National Natural Science Foundation of China (Grant No. 61932019 and No. 61772522), the Key Research Program of Frontier Sciences, CAS (Grant No. QYZDB-SSW-SYS035) and Beijing Natural Science Foundation (Grant No. M22003).

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Yi Deng & Xinxuan Zhang

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Yi Deng & Xinxuan Zhang

Authors
  1. Yi Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinxuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yi Deng .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Madras, Chennai, India

    Shweta Agrawal

  2. Chinese Academy of Sciences, Beijing, China

    Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Deng, Y., Zhang, X. (2022). Knowledge Encryption and Its Applications to Simulatable Protocols with Low Round-Complexity. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13793. Springer, Cham. https://doi.org/10.1007/978-3-031-22969-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22969-5_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22968-8

  • Online ISBN: 978-3-031-22969-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation