Advertisement

An Efficient Encapsulation Scheme from Near Collision Resistant Pseudorandom Generators and Its Application to IBE-to-PKE Transformations

  • Takahiro Matsuda
  • Goichiro Hanaoka
  • Kanta Matsuura
  • Hideki Imai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5473)

Abstract

In [14], Boneh and Katz introduced a primitive called encapsulation scheme, which is a special kind of commitment scheme. Using the encapsulation scheme, they improved the generic transformation by Canetti, Halevi, and Katz [17] which transforms any semantically secure identity-based encryption (IBE) scheme into a chosen-ciphertext secure public key encryption (PKE) scheme (we call the BK transformation). The ciphertext size of the transformed PKE scheme directly depends on the parameter sizes of the underlying encapsulation scheme. In this paper, by designing a size-efficient encapsulation scheme, we further improve the BK transformation. With our proposed encapsulation scheme, the ciphertext overhead of a transformed PKE scheme via the BK transformation can be that of the underlying IBE scheme plus 384-bit, while the original BK scheme yields that of the underlying IBE scheme plus at least 704-bit, for 128-bit security. Our encapsulation scheme is constructed from a pseudorandom generator (PRG) that has a special property called near collision resistance, which is a fairly weak primitive. As evidence of it, we also address how to generically construct a PRG with such a property from any one-way permutation.

Keywords

encapsulation pseudorandom generator public key encryption identity-based encryption IND-CCA security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Digital Signature Standard (DSS). FIPS 186-2 (+ Change Notice), Revised Appendix 3.1 (2000), http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
  2. 2.
    CRYPTREC Report 2007 (in Japanese), p. 31 (2007), http://www.cryptrec.go.jp/report/c07_wat_final.pdf, Older but English version is also available. CRYPTREC Report 2002, p. 23 (2002), http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/c02e_report2.pdf
  3. 3.
    Abe, M., Cui, Y., Imai, H., Kiltz, E.: Efficient hybrid encryption from ID-based encryption (2007), eprint.iacr.org/2007/023
  4. 4.
    Abe, M., Gennaro, R., Kurosawa, K., Shoup, V.: Tag-KEM/DEM: A new framework for hybrid encryption and a new analysis of Kurosawa-Desmedt KEM. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 128–146. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proc. of CCS 1993, pp. 62–73. ACM, New York (1993)Google Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Collision-resistant hashing: Towards making UOWHFs practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Computing 13(4), 850–864 (1984)CrossRefzbMATHGoogle Scholar
  10. 10.
    Boldyreva, A., Fischlin, M.: On the security of OAEP. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 210–225. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Boneh, D., Katz, J.: Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 87–103. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: Proc. of CCS 2005, pp. 320–329. ACM Press, New York (2005)Google Scholar
  16. 16.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Proc. of STOC 1998, pp. 209–218. ACM Press, New York (1998)Google Scholar
  17. 17.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Cash, D., Kiltz, E., Shoup, V.: The twin Diffie-Hellman problem and applications. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127–145. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Damgård, I.B.: Collision free hash functions and public key signature schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  22. 22.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. In: Proc. of STOC 1991, pp. 542–552. ACM Press, New York (1991)Google Scholar
  23. 23.
    Fujisaki, E., Okamoto, T.: How to enhance the security of public-key encryption at minimum cost. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 53–68. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  24. 24.
    Goldreich, O., Levin, L.A.: Hardcore predicate for all one-way functions. In: Proc. of STOC 1989, pp. 25–32. ACM Press, New York (1989)Google Scholar
  25. 25.
    Hanaoka, G., Kurosawa, K.: Efficient chosen ciphertext secure public key encryption under the computational Diffie-Hellman assumption. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 308–325. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: Construction of a pseudorandom generator from any one-way function. SIAM J. Computing 28(4), 1364–1396 (1999)CrossRefzbMATHGoogle Scholar
  27. 27.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Kiltz, E.: Chosen-ciphertext security from tag-based encryption. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 581–600. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  29. 29.
    Kiltz, E.: Chosen-ciphertext secure key-encapsulation based on gap hashed diffie-hellman. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 282–297. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Krawczyk, H., Rabin, T.: Chameleon hashing and signatures. In: Proc. of NDSS 2000, pp. 143–154. Internet Society (2000)Google Scholar
  31. 31.
    Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  32. 32.
    MacKenzie, P., Reiter, M.K., Yang, K.: Alternatives to non-malleability: Definitions, constructions and applications. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 171–190. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  33. 33.
    Matsuda, T., Hanaoka, G., Matsuura, K., Imai, H.: Simple CCA-secure public key encryption from any non-malleable identity-based encryption. In: The proceedings of ICISC 2008 (to appear, 2008)Google Scholar
  34. 34.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proc. of STOC 1989, pp. 33–43. ACM Press, New York (1989)Google Scholar
  35. 35.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proc. of STOC 1990, pp. 427–437. ACM, New York (1990)Google Scholar
  36. 36.
    Okamoto, T., Pointcheval, D.: REACT: Rapid enhanced-security asymmetric cryptosystem transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 159–174. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  37. 37.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Proc. of STOC 2008, pp. 187–196. ACM Press, New York (2008)Google Scholar
  38. 38.
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  39. 39.
    Reyzin, L., Reyzin, N.: Better than BiBa: Short one-time signatures with fast signing and verifying. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 144–153. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  40. 40.
    Rosen, A., Segev, G.: Chosen-ciphertext security via correlated products. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 419–436. Springer, Heidelberg (2009), eprint.iacr.org/2008/116/ Google Scholar
  41. 41.
    Shacham, H.: A Cramer-Shoup encryption scheme from the linear assumption and from progressively weaker linear variants (2007), eprint.iacr.org/2007/074/
  42. 42.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  43. 43.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  44. 44.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  45. 45.
    Yao, A.C.: Theory and application of trapdoor functions. In: Proc. of FOCS 1982, pp. 80–91. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar
  46. 46.
    Zhang, R.: Tweaking TBE/IBE to PKE transforms with chameleon hash functions. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 323–339. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Takahiro Matsuda
    • 1
  • Goichiro Hanaoka
    • 2
  • Kanta Matsuura
    • 1
  • Hideki Imai
    • 2
    • 3
  1. 1.The University of TokyoTokyoJapan
  2. 2.National Institute of Advanced Industrial Science and TechnologyTokyoJapan
  3. 3.Chuo UniversityTokyoJapan

Personalised recommendations