Unbounded HIBE with Tight Security

Langrehr, Roman; Pan, Jiaxin

doi:10.1007/978-3-030-64834-3_5

Cited by 9 publications

(5 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Game H 2,c,1 : In H 2,c,1 , instead of generating a random t in O Mac , we choose t from Span(B B 0 ) (if hm j+1 = 0) or Span(B B 1 ) (if hm j+1 = 1). This is the same step as Lemma 17 of [29]. By basis for Z 3k q basis for Span(B ⊥ )…”

Section: A Proof Of Theoremmentioning

confidence: 83%

See 1 more Smart Citation

Authenticated Key Exchange and Signatures with Tight Security in the Standard Model

Han

Jager

Kiltz

et al. 2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We construct the first authenticated key exchange protocols that achieve tight security in the standard model. Previous works either relied on techniques that seem to inherently require a random oracle, or achieved only "Multi-Bit-Guess" security, which is not known to compose tightly, for instance, to build a secure channel.Our constructions are generic, based on digital signatures and key encapsulation mechanisms (KEMs). The main technical challenges we resolve is to determine suitable KEM security notions which on the one hand are strong enough to yield tight security, but at the same time weak enough to be efficiently instantiable in the standard model, based on standard techniques such as universal hash proof systems.Digital signature schemes with tight multi-user security in presence of adaptive corruptions are a central building block, which is used in all known constructions of tightly-secure AKE with full forward security. We identify a subtle gap in the security proof of the only previously known efficient standard model scheme by Bader et al. (TCC 2015). We develop a new variant, which yields the currently most efficient signature scheme that achieves this strong security notion without random oracles and based on standard hardness assumptions.

show abstract

Section: A Proof Of Theoremmentioning

confidence: 83%

“…To overcome this issue, we borrow recent techniques from tightly-secure hierarchical identitybased encryption schemes [28,29] to construct a new MAC scheme that can be proven tightly secure under adaptive corruptions. Our construction is based on pairings and general random self-reducible matrix Diffie-Hellman (MDDH) assumptions [18].…”

Section: Introductionmentioning

confidence: 99%

Authenticated Key Exchange and Signatures with Tight Security in the Standard Model

Han

Jager

Kiltz

et al. 2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…By its random self-reducibility [EHK + 13, Lemma 1], the 2-fold U 3,1 -Matrix-DDH (MDDH) assumption (namely, the uDDH3 assumption) is tightly equivalent to the U 3,1 -MDDH assumption. By Lemma 1 in [LP20], U 3,1 -MDDH is tightly equivalent to U 1 -MDDH that is the DDH assumption. Hence, the DDH and uDDH3 assumptions are tightly equivalent.…”

Section: Definition 7 (Ddh Assumption) Letmentioning

confidence: 96%

Chopsticks: Fork-Free Two-Round Multi-signatures from Non-interactive Assumptions

Pan

Wagner

2023

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Multi-signatures have been drawing lots of attention in recent years, due to their applications in cryptocurrencies. Most early constructions require three-round signing, and recent constructions have managed to reduce the round complexity to two. However, their security proofs are mostly based on non-standard, interactive assumptions (e.g. one-more assumptions) and come with a huge security loss, due to multiple uses of rewinding (aka the Forking Lemma). This renders the quantitative guarantees given by the security proof useless.In this work, we improve the state of the art by proposing two efficient two-round multi-signature schemes from the (standard, non-interactive) Decisional Diffie-Hellman (DDH) assumption. Both schemes are proven secure in the random oracle model without rewinding. We do not require any pairing either. Our first scheme supports key aggregation but has a security loss linear in the number of signing queries, and our second scheme is the first tightly secure construction.A key ingredient in our constructions is a new homomorphic dual-mode commitment scheme for group elements, that allows to equivocate for messages of a certain structure. The definition and efficient construction of this commitment scheme is of independent interest.

show abstract

“…On the other hand, in [15], [27], [28], the authors showed a CPA-to-CCA2 transformation for (not leakageresilient) IBE schemes by using a simulation-sound (tagbased) QA-NIZK argument for linear subspaces. At first glance, thanks to the public verifiability of the QA-NIZK argument, their approach seems to provide LR-CCA2-secure schemes by only replacing the CPA-secure schemes with LR-CPA-secure ones.…”

Section: Technical Overviewmentioning

confidence: 99%

Boosting CPA to CCA2 for Leakage-Resilient Attribute-Based Encryption by Using New QA-NIZK

Tomita

Ogata

Kurosawa

2022

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

In this paper, we construct the first efficient leakageresilient CCA2 (LR-CCA2)-secure attribute-based encryption (ABE) schemes. We also construct the first efficient LR-CCA2-secure identitybased encryption (IBE) scheme with optimal leakage rate.To obtain our results, we develop a new quasi-adaptive non-interactive zero-knowledge (QA-NIZK) argument for the ciphertext consistency of the LR-CPA-secure schemes.Our ABE schemes are obtained by boosting the LR-CPA-security of some existing schemes to the LR-CCA2-security by using our QA-NIZK arguments. The schemes are almost as efficient as the underlying LR-CPAsecure schemes.

show abstract

Unbounded HIBE with Tight Security

Cited by 9 publications

References 43 publications

Authenticated Key Exchange and Signatures with Tight Security in the Standard Model

Authenticated Key Exchange and Signatures with Tight Security in the Standard Model

Chopsticks: Fork-Free Two-Round Multi-signatures from Non-interactive Assumptions

Boosting CPA to CCA2 for Leakage-Resilient Attribute-Based Encryption by Using New QA-NIZK

Contact Info

Product

Resources

About