Tight Leakage-Resilient CCA-Security from Quasi-Adaptive Hash Proof System

Han, Shuai; Liu, Shengli; Lyu, Lin; Gu, Dawu

doi:10.1007/978-3-030-26951-7_15

Cited by 17 publications

(7 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our benign proof system uses the "OR-Proof" technique from [1]. We notice that, in the context of tightly-secure reductions, the same technique from [1] has been used in [21] to instantiate their (Leakage-Resilient) Ardent Quasi-Adaptive Hash Proof System. We stress that in our work, in contrast with [21], the main reason to use the technique from [1] is because of its nice linear property that, in turn, allows for malleable proof system.…”

Section: Related Workmentioning

confidence: 99%

“…We leave as open problem to provide a generic framework to instantiate (almost) tightly-secure Rand-RCCA-secure PKE. Possible starting points are the HPS-based frameworks of [35] for Rand-RCCA schemes and [21] for tightlysecure (LR-)CCA-secure schemes. Recently, Faonio and Russo [15] improved over the mix-net protocol of [13], giving a more efficient instantiation based on non publicly-verifiable Rand-RCCA PKE schemes; however, their construction requires a leakage-resilient scheme.…”

Section: Open Problemsmentioning

confidence: 99%

“…By now, many CCA-PKE schemes have been proven to have tight security in the multi-ciphertext and multi-user setting: some notable examples are the works of [17,18,21,22,25,26]. However, tight security in the context of Rand-RCCA security has not been studied.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Almost Tightly-Secure Re-randomizable and Replayable CCA-Secure Public Key Encryption

Faonio

Hofheinz

Russo

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Re-randomizable Replayable CCA-secure public key encryption (Rand-RCCA PKE) schemes guarantee security against chosenciphertext attacks while ensuring the useful property of re-randomizable ciphertexts. We introduce the notion of multi-user and multi-ciphertext Rand-RCCA PKE and we give the first construction of such a PKE scheme with an almost tight security reduction to a standard assumption. Our construction is structure preserving and can be instantiated over Type-1 pairing groups. Technically, our work borrows ideas from the state-of-theart Rand-RCCA PKE scheme of Faonio et al. (ASIACRYPT'19) and the adaptive partitioning technique of Hofheinz (EUROCRYPT'17). Additionally, we show (1) how to turn our scheme into a publicly verifiable (pv) Rand-RCCA scheme and (2) that plugging our pv-Rand-RCCA PKE scheme into the MixNet protocol of Faonio et al. we can obtain the first almost tightly-secure MixNet protocol.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Open Problemsmentioning

confidence: 99%

See 1 more Smart Citation

Almost Tightly-Secure Re-randomizable and Replayable CCA-Secure Public Key Encryption

Faonio

Hofheinz

Russo

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Moreover, we can implement it with smaller parameters and do not need to compensate for the security loss. As a result, tightly secure schemes drew a lot of attention in the last few years, from basic primitives, such as PKE [14,15,22] and signature [1,16] schemes, to more advanced ones, such as (non-interactive) key exchange [18,23,11], zero-knowledge proof [3,2], IBE [10,6,21,24] and functional encryption [40] schemes. Currently, research is carried out to reduce the cost for tight security.…”

Section: Motivationmentioning

confidence: 99%

“…Currently, research is carried out to reduce the cost for tight security. For instance, for PKE, the public key size is shortened from being linear [14] (in the security parameter) to constant [15,22]. In particular, the scheme in [15] only has one element more in the ciphertext overhead than its non-tight counterpart [30] asymptotically.…”

Section: Motivationmentioning

confidence: 99%

Unbounded HIBE with Tight Security

Langrehr

Pan

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We propose the first tightly secure and unbounded hierarchical identity-based encryption (HIBE) scheme based on standard assumptions. Our main technical contribution is a novel proof strategy that allows us to tightly randomize user secret keys for identities with arbitrary hierarchy depths using low entropy hidden in a small and hierarchy-independent master public key.The notion of unbounded HIBE is proposed by Lewko and Waters (Eurocrypt 2011). In contrast to most HIBE schemes, an unbounded scheme does not require any maximum depth to be specified in the setup phase, and user secret keys or ciphertexts can be generated for identities of arbitrary depths with hierarchy-independent system parameters.While all the previous unbounded HIBE schemes have security loss that grows at least linearly in the number of user secret key queries, the security loss of our scheme is only dependent on the security parameter, even in the multi-challenge setting, where an adversary can ask for multiple challenge ciphertexts. We prove the adaptive security of our scheme based on the Matrix Decisional Diffie-Hellman assumption in prime-order pairing groups, which generalizes a family of standard Diffie-Hellman assumptions such as k-Linear.

show abstract

Public‐Key Encryption and Security Notions

Attrapadung

Matsuda

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Tight Leakage-Resilient CCA-Security from Quasi-Adaptive Hash Proof System

Cited by 17 publications

References 34 publications

Almost Tightly-Secure Re-randomizable and Replayable CCA-Secure Public Key Encryption

Almost Tightly-Secure Re-randomizable and Replayable CCA-Secure Public Key Encryption

Unbounded HIBE with Tight Security

Public‐Key Encryption and Security Notions

Contact Info

Product

Resources

About