Improved Non-committing Encryption Schemes Based on a General Complexity Assumption

Damgård, Ivan; Nielsen, Jesper Buus

doi:10.1007/3-540-44598-6_27

Cited by 114 publications

(33 citation statements)

References 19 publications

(48 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-Assuming the existence of trapdoor permutations, secure multi-party computation is possible in a model allowing an adaptive and active computationally-bounded adversary that may control only less than one third of the parties [23,33]. We stress that this result does not assume "private channels".…”

Section: Some Known Resultsmentioning

confidence: 93%

Cryptography and cryptographic protocols

Goldreich

2003

Distributed Computing

View full text Add to dashboard Cite

We survey the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. We start by presenting some of the central tools (e.g., computational difficulty, pseudorandomness, and zero-knowledge proofs), and next turn to the treatment of encryption and signature schemes. We conclude with an extensive treatment of secure cryptographic protocols both when executed in a stand-alone manner and when many sessions of various protocols are concurrently executed and controlled by an adversary.The survey is intended for researchers in distributed computing, and assumes no prior familiarity with cryptography.

show abstract

Section: Some Known Resultsmentioning

confidence: 93%

Cryptography and cryptographic protocols

Goldreich

2003

Distributed Computing

View full text Add to dashboard Cite

show abstract

“…We follow the techniques of non-committing and deniable encryption [7,6,10,20] and try to create equivocable ciphertexts that not only can be opened arbitrarily but that are also computationally indistinguishable from real ciphertexts. In our construction, the equivocable ciphertexts are in fact encryptions of ones.…”

Section: Sim-so-cca Security Of Our Main Constructionmentioning

confidence: 99%

“…It was shown by Damgård and Nielsen in [10] that any dense subset of an efficiently samplable domain is ESE as long as the dense subset admits an efficient membership test. Hence, for example, Z * N s for a RSA modulus N is ESE.…”

Section: Efficiently Samplable and Explainable (Ese) Domainmentioning

confidence: 99%

Simulation-Based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms

Liu

Paterson

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We study simulation-based, selective opening security against chosen-ciphertext attacks (SIM-SO-CCA security) for public key encryption (PKE). In a selective opening, chosen-ciphertext attack (SO-CCA), an adversary has access to a decryption oracle, sees a vector of ciphertexts, adaptively chooses to open some of them, and obtains the corresponding plaintexts and random coins used in the creation of the ciphertexts. The SIM-SO-CCA notion captures the security of unopened ciphertexts with respect to probabilistic polynomial-time (ppt) SO-CCA adversaries in a semantic way: what a ppt SO-CCA adversary can compute can also be simulated by a ppt simulator with access only to the opened messages. Building on techniques used to achieve weak deniable encryption and non-committing encryption, Fehr et al. (Eurocrypt 2010) presented an approach to constructing SIM-SO-CCA secure PKE from extended hash proof systems (EHPSs), collision-resistant hash functions and an information-theoretic primitive called Cross Authentication Codes (XACs). We generalize their approach by introducing a special type of Key Encapsulation Mechanism (KEM) and using it to build SIM-SO-CCA secure PKE. We investigate what properties are needed from the KEM to achieve SIM-SO-CCA security. We also give three instantiations of our construction. The first uses hash proof systems, the second relies on the n-Linear assumption, and the third uses indistinguishability obfuscation (iO) in combination with extracting, puncturable Pseudo-Random Functions in a similar way to Sahai and Waters (STOC 2014). Our results establish the existence of SIM-SO-CCA secure PKE assuming only the existence of one-way functions and iO. This result further highlights the simplicity and power of iO in constructing different cryptographic primitives.

show abstract

“…The graph is shared but "hidden:" each player will only know the restricted subset of polylog(n) players it can send messages to and receive messages from. 4 Next, we show that we can remove the additional SKI assumption at the cost of increasing the communication locality by a factor of √ n. Both our constructions assume the existence of a family of trapdoor permutations which has a reversed domain sampler [18,25]. This is the weakest known general assumption which is sufficient for non-committing encryption [10,18], and thus for adaptively secure MPC over non-private channels.…”

Section: Introductionmentioning

confidence: 97%

“…4 Next, we show that we can remove the additional SKI assumption at the cost of increasing the communication locality by a factor of √ n. Both our constructions assume the existence of a family of trapdoor permutations which has a reversed domain sampler [18,25]. This is the weakest known general assumption which is sufficient for non-committing encryption [10,18], and thus for adaptively secure MPC over non-private channels. Such families are known to exists under standard number-theoretic assumptions such as the hardness of the decisional Diffie-Hellmann problem (DDH) or the RSA assumption [18].…”

Section: Introductionmentioning

confidence: 97%

The Hidden Graph Model

Chandran

Chongchitmate

Garay

et al. 2015

Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science

View full text Add to dashboard Cite

The vast majority of works on secure multi-party computation (MPC) assume a full communication pattern: every party exchanges messages with all the network participants over a complete network of point-to-point channels. This can be problematic in modern large scale networks, where the number of parties can be of the order of millions, as for example when computing on large distributed data.Motivated by the above observation, Boyle, Goldwasser, and Tessaro [TCC 2013] recently put forward the notion of communication locality, namely, the total number of pointto-point channels that each party uses in the protocol, as a quality metric of MPC protocols. They proved that assuming a public-key infrastructure (PKI) and a common reference string (CRS), an MPC protocol can be constructed for computing any n-party function, with communication locality O(log c n) and round complexity O(log c n), for appropriate constants c and c . Their protocol tolerates a static * The full version of this paper is available at the Cryptology ePrint Archive, http://eprint.iacr.org/2014/615 . . (i.e., non-adaptive) adversary corrupting up to t < ( 1 3 − )n parties for any given constant 0 < < 1 3 . These results leave open the following questions:(1) Can we achieve low communication locality and round complexity while tolerating adaptive adversaries?(2) Can we achieve low communication locality with optimal resiliency t < n/2?In this work we answer both questions affirmatively. We consider the Boyle et al. model, where we replace the CRS with a symmetric-key infrastructure (SKI). In this model we give a protocol with communication locality and round complexity polylog(n) (similarly to Boyle et al.) which tolerates up to t < n/2 adaptive corruptions, under a standard intractability assumption for adaptively secure protocols, namely, the existence of trapdoor permutations whose domain has invertible sampling. This is done by using the SKI to derive a sequence of random hidden communication graphs among players. A central new technique shows how to use these graphs to emulate a complete network in polylog(n) rounds while preserving polylog(n) locality. We also show how to remove the SKI setup assumption at the cost, however, of increasing the communication locality (but not the round complexity) by a factor of √ n.

show abstract

Improved Non-committing Encryption Schemes Based on a General Complexity Assumption

Cited by 114 publications

References 19 publications

Cryptography and cryptographic protocols

Cryptography and cryptographic protocols

Simulation-Based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms

The Hidden Graph Model

Contact Info

Product

Resources

About