Lossy Trapdoor Permutations with Improved Lossiness

Auerbach, Benedikt; Kiltz, Eike; Poettering, Bertram; Schoenen, Stefan

doi:10.1007/978-3-030-12612-4_12

Cited by 3 publications

(1 citation statement)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lossy trapdoor functions have been built from a variety of standard cryptographic assumptions, such as the Decisional Diffie-Hellman (DDH) [49,26,30] and Learning with Errors (LWE) assumptions [49,8,2], the Quadratic Residuosity (QR) [38,26,25] and Composite Residuosity (DCR) assumptions [26], the Phi-hiding assumption [42,3] and more [47,54]. They have found numerous applications in cryptography, including chosen-ciphertext security, trapdoor functions with many hard-core bits, collision-resistant hash functions, oblivious transfer [49], deterministic [9,51] and hedged public-key encryption [6,53] in the standard model, instantiability of RSA-OAEP [42], computational extractors [24,28], pseudo-entropy functions [18], selective-opening security [7], and more.…”

Section: Introductionmentioning

confidence: 99%

Cumulatively All-Lossy-But-One Trapdoor Functions from Standard Assumptions

Libert

Nguyen

Passelègue

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Chakraborty, Prabhakaran, and Wichs (PKC'20) recently introduced a new tag-based variant of lossy trapdoor functions, termed cumulatively all-lossy-but-one trapdoor functions (CALBO-TDFs). Informally, CALBO-TDFs allow defining a public tag-based function with a (computationally hidden) special tag, such that the function is lossy for all tags except when the special secret tag is used. In the latter case, the function becomes injective and efficiently invertible using a secret trapdoor. This notion has been used to obtain advanced constructions of signatures with strong guarantees against leakage and tampering, and also by Dodis, Vaikunthanathan, and Wichs (EUROCRYPT'20) to obtain constructions of randomness extractors with extractor-dependent sources. While these applications are motivated by practical considerations, the only known instantiation of CALBO-TDFs so far relies on the existence of indistinguishability obfuscation. In this paper, we propose the first two instantiations of CALBO-TDFs based on standard assumptions. Our constructions are based on the LWE assumption with a sub-exponential approximation factor and on the DCR assumption, respectively, and circumvent the use of indistinguishability obfuscation by relying on lossy modes and trapdoor mechanisms enabled by these assumptions.

show abstract