Skip to main content
SpringerLink
Log in

Lattice-Based Programmable Hash Functions and Applications

  • Research Article
  • Published:
Journal of Cryptology Aims and scope Submit manuscript

Abstract

Driven by the open problem raised by Hofheinz and Kiltz (J Cryptol 25(3):484–527, 2012), we study the formalization of lattice-based programmable hash function (PHF) and give three types of concrete constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the inhomogeneous small integer solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is a collision-resistant hash function, which gives a direct application of this new primitive. We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain new short signature schemes and IBE schemes from (ideal) lattices. Specifically, by instantiating the generic constructions with our Type-II and Type-III PHF constructions, we immediately obtain two short signatures and two IBE schemes with asymptotically much shorter keys. A major downside which inherits from our Type-II and Type-III PHF constructions is that we can only prove the security of the new signatures and IBEs in the bounded security model that the number Q of the adversary’s queries is required to be known in advance. Another downside is that the computational time of our new signatures and IBEs is a linear function of Q, which is large for typical parameters. To overcome the above limitations, we also give a refined way of using Type-II and Type-III PHFs to construct lattice-based short signatures with short verification keys in the full security model. In particular, our methods depart from the confined guessing technique of Böhl et al. (Eurocrypt’13) that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio (Crypto’14) and by Alperin-Sheriff (PKC’15) and allow us to achieve much tighter security from weaker hardness assumptions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. We write \(f(n)={\tilde{O}}(g(n))\) if \(f(n)=O(g(n)\cdot \log ^c(n))\) for some constant c.

  2. Informally, an algorithm is algebraic if there is a way to compute the representation of a group element output by the algorithm in terms of its input group elements [12].

  3. Note that this definition of \({{\textbf {G}}}_b\) is equivalent to \({{\textbf {G}}}_b = {{\textbf {I}}}_k \otimes (1,b,\dots ,b^{k-1})^T\) in [47] under the column permutation.

  4. A general trapdoor matrix \({{\textbf {B}}}\) is used for utmost generality, but the publicly known trapdoor matrix \({{\textbf {B}}}={{\textbf {G}}}\) in [47] is recommended for both efficiency and simplicity.

  5. This is because one can first construct a new uniformly random matrix \({{\textbf {A}}}'\) by appending the row vector \({{\textbf {v}}}^T\) to the rows of \({{\textbf {A}}}\) and then apply the fact in Lemma 5.

  6. Note that the scheme in [13] used a syndrome \({{\textbf {u}}}={{\textbf {0}}}\), we prefer to use a random chosen syndrome \({{\textbf {u}}}\leftarrow \mathbb {Z}_q^n\) as that in [47] for simplifying the security analysis.

  7. In general, the sampling procedure generally makes the running time of \({\mathcal {C}}\) dependent on the success advantage \(\epsilon \) of \({\mathcal {A}}\), but for concrete PHFs (e.g., the construction in Theorem 3), it is possible to directly calculate the probability p.

References

  1. P. Abla, F.H. Liu, H. Wang, Z. Wang, Ring-based identity based encryption—asymptotically shorter mpk and tighter security, in K. Nissim, B. Waters, editors, Theory of Cryptography (Springer, Cham (2021)

    Chapter  Google Scholar 

  2. S. Agrawal, D. Boneh, X. Boyen, Efficient lattice (H)IBE in the standard model, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, 2010), pp. 553–572

  3. S. Agrawal, D. Boneh, X. Boyen, Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE, in T. Rabin, editor, CRYPTO 2010. LNCS, vol. 6223 (Springer, 2010), pp. 98–115

  4. M. Ajtai, Generating hard instances of lattice problems (extended abstract), in STOC ’96 (ACM, 1996), pp. 99–108

  5. M. Ajtai, Generating hard instances of the short basis problem, in J. Wiedermann, P. van Emde Boas, M. Nielsen, editors, Automata, Languages and Programming. LNCS, vol. 1644 (Springer, 1999), pp. 706–706

  6. J. Alperin-Sheriff, Short signatures with short public keys from homomorphic trapdoor functions, in J. Katz, editor. PKC 2015. LNCS, vol. 9020 (Springer, 2015), pp. 236–255

  7. S. Bai, S. Galbraith, An improved compression technique for signatures based on learning with errors, in J. Benaloh, editor, CT-RSA 2014. LNCS, vol. 8366 (Springer, 2014), pp. 28–47

  8. M. Bellare, T. Ristenpart, Simulation without the artificial abort: simplified proof and improved concrete security for Waters’ IBE scheme, in A. Joux, editor, EUROCRYPT 2009. LNCS, vol. 5479 (Springer, 2009), pp. 407–424

  9. F. Böhl, D. Hofheinz, T. Jager, J. Koch, J. Seo, C. Striecks, Practical signatures from standard assumptions, in T. Johansson, P. Nguyen, editors, EUROCRYPT 2013. LNCS, vol. 7881 (Springer, 2013), pp. 461–485

  10. D. Boneh, X. Boyen, Efficient selective-ID secure identity-based encryption without random oracles, in C. Cachin, J. Camenisch, editors, Advances in Cryptology—EUROCRYPT 2004. LNCS, vol. 3027 (Springer, 2004), pp. 223–238

  11. D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing, in J. Kilian, editor, CRYPTO 2001. LNCS, vol. 2139 (Springer, 2001), pp. 213–229

  12. D. Boneh, R. Venkatesan, Breaking RSA may not be equivalent to factoring, in K. Nyberg, editor, EUROCRYPT ’98. LNCS, vol. 1403 (Springer, 1998), pp. 59–71

  13. X. Boyen, Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more, in P. Nguyen, D. Pointcheval, editors, PKC 2010. LNCS, vol. 6056 (Springer, 2010), pp. 499–517

  14. X. Boyen, Q. Li, Towards tightly secure lattice short signature and id-based encryption, in ASIACRYPT 2016 (Springer, 2016), pp. 404–434

  15. R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption, in C. Cachin, J. Camenisch, editors, EUROCRYPT 2004. LNCS, vol. 3027 (Springer, 2004), pp. 207–222

  16. D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, 2010), pp. 523–552

  17. D. Catalano, D. Fiore, L. Nizzardo, Programmable hash functions go private: constructions and applications to (homomorphic) signatures with shorter public keys, in R. Gennaro, M. Robshaw, editors, CRYPTO 2015. LNCS, vol. 9216 (Springer, 2015), pp. 254–274

  18. J. Cheon, K. Han, C. Lee, H. Ryu, D. Stehlé, Cryptanalysis of the multilinear map over the integers, in E. Oswald, M. Fischlin, editors, EUROCRYPT 2015. LNCS, vol. 9056 (Springer, 2015), pp. 3–12

  19. C. Cocks, An identity based encryption scheme based on quadratic residues, in B. Honary, editor, Cryptography and Coding. LNCS, vol. 2260 (Springer, 2001), pp. 360–363

  20. J.S. Coron, C. Gentry, S. Halevi, T. Lepoint, H. Maji, E. Miles, M. Raykova, A. Sahai, M. Tibouchi, Zeroizing without low-level zeroes: new MMAP attacks and their limitations, in R. Gennaro, M. Robshaw, editors, CRYPTO 2015. LNCS, vol. 9215 (Springer, 2015), pp. 247–266

  21. J.S. Coron, T. Lepoint, M. Tibouchi, Practical multilinear maps over the integers, in R. Canetti, J. Garay, editors, CRYPTO 2013. LNCS, vol. 8042 (Springer, 2013), pp. 476–493

  22. R. Cramer, I. Damgård, On the amortized complexity of zero-knowledge protocols, in S. Halevi, editor, CRYPTO 2009. LNCS, vol. 5677 (Springer, 2009), pp. 177–191

  23. Y. Dodis, O. Rafail, L. Reyzin, A. Smith, Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38, 97–139 (2008)

    Article  MathSciNet  Google Scholar 

  24. L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice signatures and bimodal gaussians, in R. Canetti, J. Garay, editor, CRYPTO 2013. LNCS, vol. 8042 (Springer, 2013), pp. 40–56

  25. L. Ducas, V. Lyubashevsky, T. Prest, Efficient identity-based encryption over NTRU lattices, in P. Sarkar, T. Iwata, editors, ASIACRYPT 2014. LNCS, vol. 8874 (Springer, 2014), pp. 22–41

  26. L. Ducas, D. Micciancio, Improved short lattice signatures in the standard model, in J. Garay, R. Gennaro, editors, CRYPTO 2014. LNCS, vol. 8616 (Springer, 2014), pp. 335–352

  27. P. Erdös, P. Frankl, Z. Füredi, Families of finite sets in which no set is covered by the union of r others. Israel J. Math.51(1-2), 79–89 (1985)

    Article  MathSciNet  Google Scholar 

  28. E. Freire, D. Hofheinz, K. Paterson, C. Striecks, Programmable hash functions in the multilinear setting, in R. Canetti, J. Garay, editors, CRYPTO 2013, LNCS, vol. 8042 (Springer, 2013), pp. 513–530

  29. S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in T. Johansson, P. Nguyen, editors, EUROCRYPT 2013. LNCS, vol. 7881 (Springer, 2013), pp. 1–17

  30. C. Gentry, Practical identity-based encryption without random oracles, in S. Vaudenay, editor, Advances in Cryptology—EUROCRYPT 2006. LNCS, vol. 4004 (Springer, 2006), pp. 445–464

  31. C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in STOC 2008 (ACM, 2008), pp. 197–206

  32. S. Gorbunov, V. Vaikuntanathan, D. Wichs, Leveled fully homomorphic signatures from standard lattices, in STOC 2015 (ACM, 2015), pp. 469–477

  33. G. Hanaoka, T. Matsuda, J. Schuldt, On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups, in R. Safavi-Naini, R. Canetti, editors, CRYPTO 2012. LNCS, vol. 7417 (Springer, 2012), pp. 812–831

  34. D. Hofheinz, T. Jager, E. Kiltz, Short signatures from weaker assumptions, in D. Lee, X. Wang, editors, ASIACRYPT 2011. LNCS, vol. 7073 (Springer, 2011), pp. 647–666

  35. D. Hofheinz, E. Kiltz, Programmable hash functions and their applications, in D. Wagner, editor, CRYPTO 2008. LNCS, vol. 5157 (Springer, 2008), pp. 21–38

  36. D. Hofheinz, E. Kiltz, Programmable hash functions and their applications. J. Cryptol.25(3), 484–527 (2012)

    Article  MathSciNet  Google Scholar 

  37. Y. Hu, H. Jia, Cryptanalysis of GGH map, in M. Fischlin, J.S. Coron, editors, EUROCRYPT 2016. LNCS, vol. 9665 (Springer, 2016), pp. 537–565

  38. T. Jager, R. Kurek, D. Niehues, Efficient adaptively-secure ib-kems and vrfs via near-collision resistance, in J.A. Garay, editor, Public-Key Cryptography—PKC 2021 (Springer, Cham, 2021), pp. 596–626

  39. K. Kajita, K. Ogawa, K. Nuida, T. Takagi, Short lattice signatures in the standard model with efficient tag generation, in: K. Nguyen, W. Wu, K.Y. Lam, H. Wang, editors, Provable and Practical Security (Springer, Cham, 2020), pp. 85–102

    Chapter  Google Scholar 

  40. S. Katsumata, S. Yamada, Partitioning via non-linear polynomial functions: more compact ibes from ideal lattices and bilinear maps, in International Conference on the Theory and Application of Cryptology and Information Security (2016), pp. 682–712

  41. J. Katz, Digital Signatures (Springer, 2010)

  42. H. Krawczyk, T. Rabin, Chameleon signatures, in NDSS 2000

  43. R. Kumar, S. Rajagopalan, A. Sahai, Coding constructions for blacklisting problems without computational assumptions, in CRYPTO ’99 (Springer, 1999), pp. 609–623

  44. V. Lyubashevsky, Lattice signatures without trapdoors, in D. Pointcheval, T. Johansson, editors, EUROCRYPT 2012. LNCS, vol. 7237 (Springer, 2012), pp. 738–755

  45. V. Lyubashevsky, D. Micciancio, Asymptotically efficient lattice-based digital signatures, in R. Canetti, editor, Theory of Cryptography. LNCS, vol. 4948 (Springer, 2008), pp. 37–54

  46. V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, 2010), pp. 1–23

  47. D. Micciancio, C. Peikert, Trapdoors for lattices: simpler, tighter, faster, smaller, in D. Pointcheval, T. Johansson, editors, EUROCRYPT 2012. LNCS, vol. 7237 (Springer, 2012), pp. 700–718

  48. D. Micciancio, O. Regev, Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37, 267–302 (2007)

    Article  MathSciNet  Google Scholar 

  49. P. Nguyen, J. Zhang, Z. Zhang, Simpler efficient group signatures from lattices, in J. Katz, editor, PKC 2015. LNCS, vol. 9020 (Springer, 2015), pp. 401–426

  50. C. Peikert, A. Rosen, Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices, in S. Halevi, T. Rabin, editors, Theory of Cryptography. LNCS, vol. 3876 (Springer, 2006), pp. 145–166

  51. O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in STOC 2005 (ACM, 2005), pp. 84–93

  52. A. Shamir, Identity-based cryptosystems and signature schemes, in G. Blakley, D. Chaum, editors, CRYPTO ’84. LNCS, vol. 196 (Springer, 1984), pp. 47–53

  53. R. Vershynin, Introduction to the non-asymptotic analysis of random matrices. arXiv preprint arXiv:1011.3027 (2010)

  54. B. Waters, Efficient identity-based encryption without random oracles, in R. Cramer, editor, EUROCRYPT 2005. LNCS, vol. 3494 (Springer, 2005), pp. 114–127

  55. B. Waters, Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions, in S. Halevi, editor, CRYPTO 2009. LNCS, vol. 5677 (Springer, 2009), pp. 619–636

  56. S. Yamada, Adaptively secure identity-based encryption from lattices with asymptotically shorter public parameters, in Annual International Conference on the Theory and Applications of Cryptographic Techniques (Springer, 2016), pp. 32–62

  57. S. Yamada, Asymptotically compact adaptively secure lattice ibes and verifiable random functions via generalized partitioning techniques, in Annual International Cryptology Conference (Springer, 2017), pp. 161–193

  58. S. Yamada, G. Hanaoka, N. Kunihiro, Two-dimensional representation of cover free families and its applications: short signatures and more, in O. Dunkelman, editor, CT-RSA 2012. LNCS, vol. 7178 (Springer, 2012), pp. 260–277

  59. M. Zhandry, Secure identity-based encryption in the quantum random oracle model, in R. Safavi-Naini, R. Canetti, editor, CRYPTO 2012. LNCS, vol. 7417 (Springer, 2012), pp. 643–662

  60. J. Zhang, Y. Chen, Z. Zhang, Programmable hash functions from lattices: short signatures and IBEs with small key sizes, in M. Robshaw, J. Katz, editors, CRYPTO 2016. LNCS, vol. 9816 (Springer, Heidelberg, 2016), pp. 303–332

    Chapter  Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers for helpful comments on earlier versions of our paper. Jiang Zhang, the corresponding author, is supported by the National Natural Science Foundation of China (Grant Nos. 62022018, 61932019) and the National Key Research and Development Program of China (Grant No. 2022YFB2702000). Yu Chen is supported by the National Key Research and Development Program of China (Grant No. 2021YFA1000600), the National Natural Science Foundation of China (Grant Nos. 62272269, 61932019), and Taishan Scholar Program of Shandong Province. Zhenfeng Zhang is supported by the National Key Research and Development Program of China (No. 2022YFB2701600).

Author information

Authors and Affiliations

  1. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Jiang Zhang & Yu Chen

  2. Key Laboratory of Cryptologic Technology and Information Security of Ministry of Education, School of Cyber Science and Technology, Shandong University, Qingdao, 266237, China

    Yu Chen

  3. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Zhenfeng Zhang

Authors
  1. Jiang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhenfeng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiang Zhang.

Additional information

Communicated by Damien Stehlé.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, J., Chen, Y. & Zhang, Z. Lattice-Based Programmable Hash Functions and Applications. J Cryptol 37, 4 (2024). https://doi.org/10.1007/s00145-023-09488-w

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00145-023-09488-w

Keywords

Search

Navigation