On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations

Boneh, Dan; Papakonstantinou, Periklis A.; Rackoff, Charles; Vahlis, Yevgeniy; Waters, Brent

doi:10.1109/focs.2008.67

Cited by 49 publications

(56 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proof of this statement is very similar to Claim 6.9 in [5]. We repeat it here for completeness.…”

Section: Undersupporting

confidence: 52%

“…Interestingly, the decryption algorithm in the construction of [17] does query the "encryption" algorithm of the underlying trapdoor function. In [5] Boneh et al show that Identity Based Encryption cannot be constructed in a black-box way from trapdoor permutations. In the context of the transformation by Boneh et al [3] of any Identity Based Encryption to a chosen ciphertext secure public key encryption, the work of [5] rules out one possible method of getting CCA public key encryption from trapdoor permutations.…”

Section: Black-box Cryptographymentioning

confidence: 99%

“…We use the work of [10] and [5] as a basis for defining our ideal trapdoor permutation oracle. In their work, Gennaro et al define a distribution on triples of functions (g, e, d) where g(·) is a random function that maps trapdoors to public keys, e(pub, ·) is an independent random permutation for every public key pub, and d(pri, ·) inverts the permutation e(pub, ·) if pri is a trapdoor for pub.…”

Section: Overview Of Techniquesmentioning

confidence: 99%

“…Yet certain tasks, such as Identity Based Encryption [4,5], have so far resisted attempts to be solved using this tool. Indeed, the limits of what can be constructed from trapdoor permutations are not well understood.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs

Vahlis

2010

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract.A family of trapdoor functions is one-way under correlated inputs if no efficient adversary can invert it even when given the value of the function on multiple correlated inputs. This powerful primitive was introduced at TCC 2009 by Rosen and Segev, who use it in an elegant black box construction of a chosen ciphertext secure public key encryption. In this work we continue the study of security under correlated inputs, and prove that there is no black box construction of correlation secure injective trapdoor functions from classic trapdoor permutations, even if the latter is assumed to be one-way for inputs from high entropy, rather than uniform distributions. Our negative result holds for all input distributions where each xi is determined by the remaining n − 1 coordinates. The techniques we employ for proving lower bounds about trapdoor permutations are new and quite general, and we believe that they will find other applications in the area of black-box separations.

show abstract

“…The proof of this statement is very similar to Claim 6.9 in [5]. We repeat it here for completeness.…”

Section: Undersupporting

confidence: 52%

Section: Black-box Cryptographymentioning

confidence: 99%

Section: Overview Of Techniquesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs

Vahlis

2010

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

“…The former technique is typically used to show separations between primitives, e.g. [31,40,19,21,20,6,32], and is based on showing the existence of an oracle under which the primitive acting as a building block exists, but any instantiation of the "target" primitive is broken. The latter technique is somewhat more direct, and aims at showing that if there exists a reduction which, for example, reduces the security of a primitive to a computational assumption, then there exists a meta-reduction which uses the reduction as a black-box to break a (possibly different) computational assumption.…”

Section: Used Techniques and Related Workmentioning

confidence: 99%

On the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups

Hanaoka

Matsuda

Schuldt

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we focus on the problem of minimizing ciphertext overhead, and discuss the (im)possibility of constructing key encapsulation mechanisms (KEMs) with low ciphertext overhead. More specifically, we rule out the existence of algebraic black-box reductions from the (bounded) CCA security of a natural class of KEMs to any non-interactive problem. The class of KEMs captures the structure of the currently most efficient KEMs defined in standard prime order groups, but restricts an encapsulation to consist of a single group element and a string. This result suggests that we cannot rely on existing techniques to construct a CCA secure KEM in standard prime order groups with a ciphertext overhead lower than two group elements. Furthermore, we show how the properties of an (algebraic) programmable hash function can be exploited to construct a simple, efficient and CCA secure KEM based on the hardness of the decisional Diffie-Hellman problem with the ciphertext overhead of just a single group element. Since this KEM construction is covered by the above mentioned impossibility result, this enables us to derive a lower bound on the hash key size of an algebraic programmable hash function, and rule out the existence of algebraic (poly, n)-programmable hash functions in prime order groups for any integer n. The latter result answers an open question posed by Hofheinz and Kiltz (CRYPTO'08) in the case of algebraic programmable hash functions in prime order groups.

show abstract

Enhancements are Blackbox Non-trivial: Impossibility of Enhanced Trapdoor Permutations from Standard Trapdoor Permutations

Hajiabadi

2018

Theory of Cryptography

View full text Add to dashboard Cite

On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations

Cited by 49 publications

References 38 publications

Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs

Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs

On the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups

Enhancements are Blackbox Non-trivial: Impossibility of Enhanced Trapdoor Permutations from Standard Trapdoor Permutations

Contact Info

Product

Resources

About