Advertisement

Short Digital Signatures and ID-KEMs via Truncation Collision Resistance

  • Tibor JagerEmail author
  • Rafael Kurek
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11273)

Abstract

Truncation collision resistance is a simple non-interactive complexity assumption that seems very plausible for standard cryptographic hash functions like SHA-3. We describe how this assumption can be leveraged to obtain standard-model constructions of public-key cryptosystems that previously seemed to require a programmable random oracle. This includes the first constructions of identity-based key encapsulation mechanisms (ID-KEMs) and digital signatures over bilinear groups with full adaptive security and without random oracles, where a ciphertext or signature consists of only a single element of a prime-order group. We also describe a generic construction of ID-KEMs with full adaptive security from a scheme with very weak security (“selective and non-adaptive chosen-ID security”), and a similar generic construction for digital signatures.

Keywords

Identity-based encryption Digital signatures Random oracle model Extremely lossy functions Provable security 

Notes

Acknowledgements

We would like to thank all anonymous reviewers for their helpful comments.

References

  1. [BB04a]
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_14CrossRefGoogle Scholar
  2. [BB04b]
    Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_27CrossRefGoogle Scholar
  3. [BB04c]
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_4CrossRefGoogle Scholar
  4. [BB11]
    Boneh, D., Boyen, X.: Efficient selective identity-based encryption without random oracles. J. Cryptol. 24(4), 659–693 (2011). OctoberMathSciNetCrossRefGoogle Scholar
  5. [BF01]
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  6. [BFMLS08]
    Bentahar, K., Farshim, P., Malone-Lee, J., Smart, N.P.: Generic constructions of identity-based and certificateless KEMs. J. Cryptol. 21(2), 178–199 (2008)MathSciNetCrossRefGoogle Scholar
  7. [BGLS03]
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_26CrossRefGoogle Scholar
  8. [BH15]
    Berman, I., Haitner, I.: From non-adaptive to adaptive pseudorandom functions. J. Cryptol. 28(2), 297–311 (2015)MathSciNetCrossRefGoogle Scholar
  9. [BHJ+13]
    Böhl, F., Hofheinz, D., Jager, T., Koch, J., Seo, J.H., Striecks, C.: Practical signatures from standard assumptions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 461–485. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_28CrossRefGoogle Scholar
  10. [BHK13]
    Bellare, M., Hoang, V.T., Keelveedhi, S.: Instantiating random oracles via UCEs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 398–415. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_23CrossRefGoogle Scholar
  11. [BK10]
    Brakerski, Z., Kalai, Y.T.: A framework for efficient signatures, ring signatures and identity based encryption in the standard model. Cryptology ePrint Archive, Report 2010/086 (2010). http://eprint.iacr.org/2010/086
  12. [BLS04]
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)MathSciNetCrossRefGoogle Scholar
  13. [BR93]
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V., (eds.), ACM CCS 1993, pp. 62–73, Fairfax, Virginia, USA, November 3–5, 1993. ACM Press, New York (1993)Google Scholar
  14. [BR09]
    Bellare, M., Ristenpart, T.: Simulation without the artificial abort: simplified proof and improved concrete security for Waters’ IBE scheme. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 407–424. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_24CrossRefGoogle Scholar
  15. [BSW06]
    Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational Diffie-Hellman. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 229–240. Springer, Heidelberg (2006).  https://doi.org/10.1007/11745853_15CrossRefGoogle Scholar
  16. [Can97]
    Canetti, R.: Towards realizing random oracles: hash functions that hide all partial information. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 455–469. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052255CrossRefGoogle Scholar
  17. [CFN15]
    Catalano, D., Fiore, D., Nizzardo, L.: Programmable hash functions go private: constructions and applications to (homomorphic) signatures with shorter public keys. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 254–274. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_13CrossRefGoogle Scholar
  18. [CGH98]
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). In: 30th ACM STOC, May 23–26, 1998, pp. 209–218. ACM Press, Dallas (1998)Google Scholar
  19. [CHK03]
    Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_16CrossRefGoogle Scholar
  20. [CHK04]
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_13CrossRefGoogle Scholar
  21. [DG17a]
    Döttling, N., Garg, S.: From selective IBE to Full IBE and selective HIBE. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 372–408. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_13CrossRefGoogle Scholar
  22. [DG17b]
    Döttling, N., Garg, S.: Identity-based encryption from the Diffie-Hellman assumption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 537–569. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_18CrossRefGoogle Scholar
  23. [DS15]
    Döttling, N., Schröder, D.: Efficient pseudorandom functions via on-the-fly adaptation. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 329–350. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_16CrossRefGoogle Scholar
  24. [EGM96]
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. J. Cryptol. 9(1), 35–67 (1996)MathSciNetCrossRefGoogle Scholar
  25. [EHK+13]
    Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.: An algebraic framework for Diffie-Hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_8CrossRefGoogle Scholar
  26. [FF13]
    Fischlin, M., Fleischhacker, N.: Limitations of the meta-reduction technique: the case of schnorr signatures. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 444–460. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_27CrossRefGoogle Scholar
  27. [FHPS13]
    Freire, E.S.V., Hofheinz, D., Paterson, K.G., Striecks, C.: Programmable hash functions in the multilinear setting. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 513–530. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_28CrossRefzbMATHGoogle Scholar
  28. [FLR+10]
    Fischlin, M., Lehmann, A., Ristenpart, T., Shrimpton, T., Stam, M., Tessaro, S.: Random oracles with(out) programmability. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 303–320. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_18CrossRefGoogle Scholar
  29. [FM16]
    Farshim, P., Mittelbach, A.: Modeling random oracles under unpredictable queries. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 453–473. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_23CrossRefGoogle Scholar
  30. [GMR88]
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefGoogle Scholar
  31. [HJK11]
    Hofheinz, D., Jager, T., Kiltz, E.: Short signatures from weaker assumptions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 647–666. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_35CrossRefGoogle Scholar
  32. [HK08]
    Hofheinz, D., Kiltz, E.: Programmable hash functions and their applications. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 21–38. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_2CrossRefGoogle Scholar
  33. [HMS12]
    Hanaoka, G., Matsuda, T., Schuldt, J.C.N.: On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 812–831. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_47CrossRefzbMATHGoogle Scholar
  34. [HW09a]
    Hohenberger, S., Waters, B.: Realizing hash-and-sign signatures under standard assumptions. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 333–350. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_19CrossRefGoogle Scholar
  35. [HW09b]
    Hohenberger, S., Waters, B.: Short and stateless signatures from the RSA assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_38CrossRefGoogle Scholar
  36. [JK17]
    Jager, T., Kurek, R.: Short digital signatures and ID-based KEMs via truncation collision resistance. Cryptology ePrint Archive, Report 2017/061 (2017). Full version of an ASIACRYPT 2018 paper. https://eprint.iacr.org/2017/061
  37. [KR00]
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS 2000, San Diego, CA, USA, February 2–4, 2000. The Internet Society (2000)Google Scholar
  38. [LOS+06]
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006).  https://doi.org/10.1007/11761679_28CrossRefGoogle Scholar
  39. [Nat15a]
    National Institute of Standards and Technology. FIPS PUB 180–4: Secure Hash Standard. August 2015. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
  40. [Nat15b]
    National Institute of Standards and Technology. FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. August 2015. https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.202.pdf
  41. [Nie02]
    Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_8CrossRefGoogle Scholar
  42. [RS04]
    Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-25937-4_24CrossRefGoogle Scholar
  43. [SPW07]
    Steinfeld, R., Pieprzyk, J., Wang, H.: How to strengthen any weakly unforgeable signature into a strongly unforgeable signature. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 357–371. Springer, Heidelberg (2006).  https://doi.org/10.1007/11967668_23CrossRefGoogle Scholar
  44. [Wat05]
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_7CrossRefGoogle Scholar
  45. [Wee16]
    Wee, H.: Déjà Q: Encore! Un Petit IBE. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 237–258. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49099-0_9CrossRefGoogle Scholar
  46. [Zha16]
    Zhandry, M.: The magic of ELFs. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 479–508. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_18CrossRefGoogle Scholar
  47. [ZSS04]
    Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24632-9_20CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Paderborn UniversityPaderbornGermany

Personalised recommendations