On Black-Box Constructions of Predicate Encryption from Trapdoor Permutations

Katz, Jonathan; Yerukhimovich, Arkady

doi:10.1007/978-3-642-10366-7_12

Cited by 15 publications

(11 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After their construction, various HVE schemes were proposed in [8,16,22]. A simple HVE scheme can be constructed from a PKE scheme [3,7,15]. This method was introduced by Boneh et al [3] to construct a PKE scheme with keyword search (PEKS) using trapdoor permutations.…”

Section: Related Workmentioning

confidence: 99%

Transforming Hidden Vector Encryption Schemes from Composite to Prime Order Groups

Lee

2017

Information Security and Cryptology – ICISC 2016

View full text Add to dashboard Cite

Predicate encryption is a new type of public key encryption that enables searches on encrypted data. By using predicate encryption, we can search keywords or attributes on encrypted data without decrypting ciphertexts. Hidden vector encryption (HVE) is a special kind of predicate encryption. HVE supports the evaluation of conjunctive equality, comparison, and subset operations between attributes in ciphertexts and attributes in tokens. In this paper, we construct efficient HVE schemes in prime order bilinear groups derived from previous HVE schemes in composite order bilinear groups, and prove their selective security under simple assumptions. To achieve this result, we present a conversion method that transforms HVE schemes from composite order bilinear groups into prime order bilinear groups. Our method supports any types of prime order bilinear groups and uses simple assumptions.

show abstract

Section: Related Workmentioning

confidence: 99%

Transforming Hidden Vector Encryption Schemes from Composite to Prime Order Groups

Lee

2017

Information Security and Cryptology – ICISC 2016

View full text Add to dashboard Cite

show abstract

“…On the other hand, recently, several black-box separation results have shown the limitations of a (one-way) TDP as a base primitive for constructing and/or proving the security of several "highly functional" cryptographic primitives or basic primitives with special functional/security properties. Those include the impossibility of constructing identity-based encryption [8], a wide class of predicate encryption [27], lossy trapdoor functions [42], trapdoor functions secure under correlated inputs [44], encryption schemes secure under key-dependent inputs [21], adaptively secure oblivious transfer protocols [30], non-interactive or perfectly binding commitment schemes secure under selective-opening attacks [2], verifiable random functions [12], a natural class of threemove blind signature schemes [13], succinct non-interactive argument systems [14], constant-round sequentially witness-hiding special-sound protocols for unique witness relations [39], and many of the cryptographic primitives that admit the so-called simulatable attacks [46]. We note that in fact, the results of [21,2,13,14,39,46] rule out the possibility of constructions (and/or, security proofs) of the target primitives based not only on one-way TDP but also on much broader class of primitives or assumptions, such as all falsifiable assumptions [36].…”

Section: Related Workmentioning

confidence: 99%

On the Impossibility of Basing Public-Coin One-Way Permutations on Trapdoor Permutations

Matsuda

2014

Theory of Cryptography

View full text Add to dashboard Cite

One of the fundamental research themes in cryptography is to clarify what the minimal assumptions to realize various kinds of cryptographic primitives are, and up to now, a number of relationships among primitives have been investigated and established. Among others, it has been suggested (and sometimes explicitly claimed) that a family of one-way trapdoor permutations (TDP) is sufficient for constructing almost all the basic primitives/protocols in both "public-key" and "private-key" cryptography. In this paper, however, we show strong evidence that this is not the case for the constructions of a one-way permutation (OWP), one of the most fundamental primitives in private cryptography. Specifically, we show that there is no black-box construction of a OWP from a TDP, even if the TDP is ideally secure, where, roughly speaking, ideal security of a TDP corresponds to security satisfied by random permutations and thus captures major security notions of TDPs such as one-wayness, claw-freeness, security under correlated inputs, etc. Our negative result might at first sound unexpected because both OWP and (ideally secure) TDP are primitives that implement a "permutation" that is "one-way". However, our result exploits the fact that a TDP is a "secret-coin" family of permutations whose permutations become available only after some sort of key generation is performed, while a OWP is a publicly computable function which does not have such key generation process.

show abstract

“…The former technique is typically used to show separations between primitives, e.g. [31,40,19,21,20,6,32], and is based on showing the existence of an oracle under which the primitive acting as a building block exists, but any instantiation of the "target" primitive is broken. The latter technique is somewhat more direct, and aims at showing that if there exists a reduction which, for example, reduces the security of a primitive to a computational assumption, then there exists a meta-reduction which uses the reduction as a black-box to break a (possibly different) computational assumption.…”

Section: Used Techniques and Related Workmentioning

confidence: 99%

On the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups

Hanaoka

Matsuda

Schuldt

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we focus on the problem of minimizing ciphertext overhead, and discuss the (im)possibility of constructing key encapsulation mechanisms (KEMs) with low ciphertext overhead. More specifically, we rule out the existence of algebraic black-box reductions from the (bounded) CCA security of a natural class of KEMs to any non-interactive problem. The class of KEMs captures the structure of the currently most efficient KEMs defined in standard prime order groups, but restricts an encapsulation to consist of a single group element and a string. This result suggests that we cannot rely on existing techniques to construct a CCA secure KEM in standard prime order groups with a ciphertext overhead lower than two group elements. Furthermore, we show how the properties of an (algebraic) programmable hash function can be exploited to construct a simple, efficient and CCA secure KEM based on the hardness of the decisional Diffie-Hellman problem with the ciphertext overhead of just a single group element. Since this KEM construction is covered by the above mentioned impossibility result, this enables us to derive a lower bound on the hash key size of an algebraic programmable hash function, and rule out the existence of algebraic (poly, n)-programmable hash functions in prime order groups for any integer n. The latter result answers an open question posed by Hofheinz and Kiltz (CRYPTO'08) in the case of algebraic programmable hash functions in prime order groups.

show abstract

On Black-Box Constructions of Predicate Encryption from Trapdoor Permutations

Cited by 15 publications

References 20 publications

Transforming Hidden Vector Encryption Schemes from Composite to Prime Order Groups

Transforming Hidden Vector Encryption Schemes from Composite to Prime Order Groups

On the Impossibility of Basing Public-Coin One-Way Permutations on Trapdoor Permutations

On the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups

Contact Info

Product

Resources

About