Abstract
Driven by the open problem raised by Hofheinz and Kiltz (J Cryptol 25(3):484–527, 2012), we study the formalization of lattice-based programmable hash function (PHF) and give three types of concrete constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the inhomogeneous small integer solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is a collision-resistant hash function, which gives a direct application of this new primitive. We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain new short signature schemes and IBE schemes from (ideal) lattices. Specifically, by instantiating the generic constructions with our Type-II and Type-III PHF constructions, we immediately obtain two short signatures and two IBE schemes with asymptotically much shorter keys. A major downside which inherits from our Type-II and Type-III PHF constructions is that we can only prove the security of the new signatures and IBEs in the bounded security model that the number Q of the adversary’s queries is required to be known in advance. Another downside is that the computational time of our new signatures and IBEs is a linear function of Q, which is large for typical parameters. To overcome the above limitations, we also give a refined way of using Type-II and Type-III PHFs to construct lattice-based short signatures with short verification keys in the full security model. In particular, our methods depart from the confined guessing technique of Böhl et al. (Eurocrypt’13) that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio (Crypto’14) and by Alperin-Sheriff (PKC’15) and allow us to achieve much tighter security from weaker hardness assumptions.



Similar content being viewed by others
Notes
We write \(f(n)={\tilde{O}}(g(n))\) if \(f(n)=O(g(n)\cdot \log ^c(n))\) for some constant c.
Informally, an algorithm is algebraic if there is a way to compute the representation of a group element output by the algorithm in terms of its input group elements [12].
Note that this definition of \({{\textbf {G}}}_b\) is equivalent to \({{\textbf {G}}}_b = {{\textbf {I}}}_k \otimes (1,b,\dots ,b^{k-1})^T\) in [47] under the column permutation.
A general trapdoor matrix \({{\textbf {B}}}\) is used for utmost generality, but the publicly known trapdoor matrix \({{\textbf {B}}}={{\textbf {G}}}\) in [47] is recommended for both efficiency and simplicity.
This is because one can first construct a new uniformly random matrix \({{\textbf {A}}}'\) by appending the row vector \({{\textbf {v}}}^T\) to the rows of \({{\textbf {A}}}\) and then apply the fact in Lemma 5.
In general, the sampling procedure generally makes the running time of \({\mathcal {C}}\) dependent on the success advantage \(\epsilon \) of \({\mathcal {A}}\), but for concrete PHFs (e.g., the construction in Theorem 3), it is possible to directly calculate the probability p.
References
P. Abla, F.H. Liu, H. Wang, Z. Wang, Ring-based identity based encryption—asymptotically shorter mpk and tighter security, in K. Nissim, B. Waters, editors, Theory of Cryptography (Springer, Cham (2021)
S. Agrawal, D. Boneh, X. Boyen, Efficient lattice (H)IBE in the standard model, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, 2010), pp. 553–572
S. Agrawal, D. Boneh, X. Boyen, Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE, in T. Rabin, editor, CRYPTO 2010. LNCS, vol. 6223 (Springer, 2010), pp. 98–115
M. Ajtai, Generating hard instances of lattice problems (extended abstract), in STOC ’96 (ACM, 1996), pp. 99–108
M. Ajtai, Generating hard instances of the short basis problem, in J. Wiedermann, P. van Emde Boas, M. Nielsen, editors, Automata, Languages and Programming. LNCS, vol. 1644 (Springer, 1999), pp. 706–706
J. Alperin-Sheriff, Short signatures with short public keys from homomorphic trapdoor functions, in J. Katz, editor. PKC 2015. LNCS, vol. 9020 (Springer, 2015), pp. 236–255
S. Bai, S. Galbraith, An improved compression technique for signatures based on learning with errors, in J. Benaloh, editor, CT-RSA 2014. LNCS, vol. 8366 (Springer, 2014), pp. 28–47
M. Bellare, T. Ristenpart, Simulation without the artificial abort: simplified proof and improved concrete security for Waters’ IBE scheme, in A. Joux, editor, EUROCRYPT 2009. LNCS, vol. 5479 (Springer, 2009), pp. 407–424
F. Böhl, D. Hofheinz, T. Jager, J. Koch, J. Seo, C. Striecks, Practical signatures from standard assumptions, in T. Johansson, P. Nguyen, editors, EUROCRYPT 2013. LNCS, vol. 7881 (Springer, 2013), pp. 461–485
D. Boneh, X. Boyen, Efficient selective-ID secure identity-based encryption without random oracles, in C. Cachin, J. Camenisch, editors, Advances in Cryptology—EUROCRYPT 2004. LNCS, vol. 3027 (Springer, 2004), pp. 223–238
D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing, in J. Kilian, editor, CRYPTO 2001. LNCS, vol. 2139 (Springer, 2001), pp. 213–229
D. Boneh, R. Venkatesan, Breaking RSA may not be equivalent to factoring, in K. Nyberg, editor, EUROCRYPT ’98. LNCS, vol. 1403 (Springer, 1998), pp. 59–71
X. Boyen, Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more, in P. Nguyen, D. Pointcheval, editors, PKC 2010. LNCS, vol. 6056 (Springer, 2010), pp. 499–517
X. Boyen, Q. Li, Towards tightly secure lattice short signature and id-based encryption, in ASIACRYPT 2016 (Springer, 2016), pp. 404–434
R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption, in C. Cachin, J. Camenisch, editors, EUROCRYPT 2004. LNCS, vol. 3027 (Springer, 2004), pp. 207–222
D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, 2010), pp. 523–552
D. Catalano, D. Fiore, L. Nizzardo, Programmable hash functions go private: constructions and applications to (homomorphic) signatures with shorter public keys, in R. Gennaro, M. Robshaw, editors, CRYPTO 2015. LNCS, vol. 9216 (Springer, 2015), pp. 254–274
J. Cheon, K. Han, C. Lee, H. Ryu, D. Stehlé, Cryptanalysis of the multilinear map over the integers, in E. Oswald, M. Fischlin, editors, EUROCRYPT 2015. LNCS, vol. 9056 (Springer, 2015), pp. 3–12
C. Cocks, An identity based encryption scheme based on quadratic residues, in B. Honary, editor, Cryptography and Coding. LNCS, vol. 2260 (Springer, 2001), pp. 360–363
J.S. Coron, C. Gentry, S. Halevi, T. Lepoint, H. Maji, E. Miles, M. Raykova, A. Sahai, M. Tibouchi, Zeroizing without low-level zeroes: new MMAP attacks and their limitations, in R. Gennaro, M. Robshaw, editors, CRYPTO 2015. LNCS, vol. 9215 (Springer, 2015), pp. 247–266
J.S. Coron, T. Lepoint, M. Tibouchi, Practical multilinear maps over the integers, in R. Canetti, J. Garay, editors, CRYPTO 2013. LNCS, vol. 8042 (Springer, 2013), pp. 476–493
R. Cramer, I. Damgård, On the amortized complexity of zero-knowledge protocols, in S. Halevi, editor, CRYPTO 2009. LNCS, vol. 5677 (Springer, 2009), pp. 177–191
Y. Dodis, O. Rafail, L. Reyzin, A. Smith, Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38, 97–139 (2008)
L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice signatures and bimodal gaussians, in R. Canetti, J. Garay, editor, CRYPTO 2013. LNCS, vol. 8042 (Springer, 2013), pp. 40–56
L. Ducas, V. Lyubashevsky, T. Prest, Efficient identity-based encryption over NTRU lattices, in P. Sarkar, T. Iwata, editors, ASIACRYPT 2014. LNCS, vol. 8874 (Springer, 2014), pp. 22–41
L. Ducas, D. Micciancio, Improved short lattice signatures in the standard model, in J. Garay, R. Gennaro, editors, CRYPTO 2014. LNCS, vol. 8616 (Springer, 2014), pp. 335–352
P. Erdös, P. Frankl, Z. Füredi, Families of finite sets in which no set is covered by the union of r others. Israel J. Math.51(1-2), 79–89 (1985)
E. Freire, D. Hofheinz, K. Paterson, C. Striecks, Programmable hash functions in the multilinear setting, in R. Canetti, J. Garay, editors, CRYPTO 2013, LNCS, vol. 8042 (Springer, 2013), pp. 513–530
S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in T. Johansson, P. Nguyen, editors, EUROCRYPT 2013. LNCS, vol. 7881 (Springer, 2013), pp. 1–17
C. Gentry, Practical identity-based encryption without random oracles, in S. Vaudenay, editor, Advances in Cryptology—EUROCRYPT 2006. LNCS, vol. 4004 (Springer, 2006), pp. 445–464
C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in STOC 2008 (ACM, 2008), pp. 197–206
S. Gorbunov, V. Vaikuntanathan, D. Wichs, Leveled fully homomorphic signatures from standard lattices, in STOC 2015 (ACM, 2015), pp. 469–477
G. Hanaoka, T. Matsuda, J. Schuldt, On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups, in R. Safavi-Naini, R. Canetti, editors, CRYPTO 2012. LNCS, vol. 7417 (Springer, 2012), pp. 812–831
D. Hofheinz, T. Jager, E. Kiltz, Short signatures from weaker assumptions, in D. Lee, X. Wang, editors, ASIACRYPT 2011. LNCS, vol. 7073 (Springer, 2011), pp. 647–666
D. Hofheinz, E. Kiltz, Programmable hash functions and their applications, in D. Wagner, editor, CRYPTO 2008. LNCS, vol. 5157 (Springer, 2008), pp. 21–38
D. Hofheinz, E. Kiltz, Programmable hash functions and their applications. J. Cryptol.25(3), 484–527 (2012)
Y. Hu, H. Jia, Cryptanalysis of GGH map, in M. Fischlin, J.S. Coron, editors, EUROCRYPT 2016. LNCS, vol. 9665 (Springer, 2016), pp. 537–565
T. Jager, R. Kurek, D. Niehues, Efficient adaptively-secure ib-kems and vrfs via near-collision resistance, in J.A. Garay, editor, Public-Key Cryptography—PKC 2021 (Springer, Cham, 2021), pp. 596–626
K. Kajita, K. Ogawa, K. Nuida, T. Takagi, Short lattice signatures in the standard model with efficient tag generation, in: K. Nguyen, W. Wu, K.Y. Lam, H. Wang, editors, Provable and Practical Security (Springer, Cham, 2020), pp. 85–102
S. Katsumata, S. Yamada, Partitioning via non-linear polynomial functions: more compact ibes from ideal lattices and bilinear maps, in International Conference on the Theory and Application of Cryptology and Information Security (2016), pp. 682–712
J. Katz, Digital Signatures (Springer, 2010)
H. Krawczyk, T. Rabin, Chameleon signatures, in NDSS 2000
R. Kumar, S. Rajagopalan, A. Sahai, Coding constructions for blacklisting problems without computational assumptions, in CRYPTO ’99 (Springer, 1999), pp. 609–623
V. Lyubashevsky, Lattice signatures without trapdoors, in D. Pointcheval, T. Johansson, editors, EUROCRYPT 2012. LNCS, vol. 7237 (Springer, 2012), pp. 738–755
V. Lyubashevsky, D. Micciancio, Asymptotically efficient lattice-based digital signatures, in R. Canetti, editor, Theory of Cryptography. LNCS, vol. 4948 (Springer, 2008), pp. 37–54
V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, 2010), pp. 1–23
D. Micciancio, C. Peikert, Trapdoors for lattices: simpler, tighter, faster, smaller, in D. Pointcheval, T. Johansson, editors, EUROCRYPT 2012. LNCS, vol. 7237 (Springer, 2012), pp. 700–718
D. Micciancio, O. Regev, Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37, 267–302 (2007)
P. Nguyen, J. Zhang, Z. Zhang, Simpler efficient group signatures from lattices, in J. Katz, editor, PKC 2015. LNCS, vol. 9020 (Springer, 2015), pp. 401–426
C. Peikert, A. Rosen, Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices, in S. Halevi, T. Rabin, editors, Theory of Cryptography. LNCS, vol. 3876 (Springer, 2006), pp. 145–166
O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in STOC 2005 (ACM, 2005), pp. 84–93
A. Shamir, Identity-based cryptosystems and signature schemes, in G. Blakley, D. Chaum, editors, CRYPTO ’84. LNCS, vol. 196 (Springer, 1984), pp. 47–53
R. Vershynin, Introduction to the non-asymptotic analysis of random matrices. arXiv preprint arXiv:1011.3027 (2010)
B. Waters, Efficient identity-based encryption without random oracles, in R. Cramer, editor, EUROCRYPT 2005. LNCS, vol. 3494 (Springer, 2005), pp. 114–127
B. Waters, Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions, in S. Halevi, editor, CRYPTO 2009. LNCS, vol. 5677 (Springer, 2009), pp. 619–636
S. Yamada, Adaptively secure identity-based encryption from lattices with asymptotically shorter public parameters, in Annual International Conference on the Theory and Applications of Cryptographic Techniques (Springer, 2016), pp. 32–62
S. Yamada, Asymptotically compact adaptively secure lattice ibes and verifiable random functions via generalized partitioning techniques, in Annual International Cryptology Conference (Springer, 2017), pp. 161–193
S. Yamada, G. Hanaoka, N. Kunihiro, Two-dimensional representation of cover free families and its applications: short signatures and more, in O. Dunkelman, editor, CT-RSA 2012. LNCS, vol. 7178 (Springer, 2012), pp. 260–277
M. Zhandry, Secure identity-based encryption in the quantum random oracle model, in R. Safavi-Naini, R. Canetti, editor, CRYPTO 2012. LNCS, vol. 7417 (Springer, 2012), pp. 643–662
J. Zhang, Y. Chen, Z. Zhang, Programmable hash functions from lattices: short signatures and IBEs with small key sizes, in M. Robshaw, J. Katz, editors, CRYPTO 2016. LNCS, vol. 9816 (Springer, Heidelberg, 2016), pp. 303–332
Acknowledgements
We thank the anonymous reviewers for helpful comments on earlier versions of our paper. Jiang Zhang, the corresponding author, is supported by the National Natural Science Foundation of China (Grant Nos. 62022018, 61932019) and the National Key Research and Development Program of China (Grant No. 2022YFB2702000). Yu Chen is supported by the National Key Research and Development Program of China (Grant No. 2021YFA1000600), the National Natural Science Foundation of China (Grant Nos. 62272269, 61932019), and Taishan Scholar Program of Shandong Province. Zhenfeng Zhang is supported by the National Key Research and Development Program of China (No. 2022YFB2701600).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Damien Stehlé.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Zhang, J., Chen, Y. & Zhang, Z. Lattice-Based Programmable Hash Functions and Applications. J Cryptol 37, 4 (2024). https://doi.org/10.1007/s00145-023-09488-w
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00145-023-09488-w