CryptoDB
David Niehues
Publications
Year
Venue
Title
2021
PKC
Efficient Adaptively-Secure IB-KEMs and VRFs via Near-Collision Resistance
📺
Abstract
We construct more efficient cryptosystems with provable security against adaptive attacks, based on simple and natural hardness
assumptions in the standard model. Concretely, we describe:
– An adaptively-secure variant of the efficient, selectively-secure LWE-
based identity-based encryption (IBE) scheme of Agrawal, Boneh,
and Boyen (EUROCRYPT 2010). In comparison to the previously
most efficient such scheme by Yamada (CRYPTO 2017) we achieve
smaller lattice parameters and shorter public keys of size O(log \lambda),
where \lambda is the security parameter.
– Adaptively-secure variants of two efficient selectively-secure pairing-
based IBEs of Boneh and Boyen (EUROCRYPT 2004). One is based
on the DBDH assumption, has the same ciphertext size as the cor-
responding BB04 scheme, and achieves full adaptive security with
public parameters of size only O(log \lambda). The other is based on a q-
type assumption and has public key size O(\lambda), but a ciphertext is
only a single group element and the security reduction is quadrat-
ically tighter than the corresponding scheme by Jager and Kurek
(ASIACRYPT 2018).
– A very efficient adaptively-secure verifiable random function where
proofs, public keys, and secret keys have size O(log \lambda).
As a technical contribution we introduce blockwise partitioning, which
leverages the assumption that a cryptographic hash function is weak
near-collision resistant to prove full adaptive security of cryptosystems.
2021
PKC
Verifiable Random Functions with Optimal Tightness
📺
Abstract
Verifiable random functions (VRFs), introduced by Micali,
Rabin and Vadhan (FOCS’99), are the public-key equivalent of pseudo-
random functions. A public verification key and proofs accompanying the
output enable all parties to verify the correctness of the output. How-
ever, all known standard model VRFs have a reduction loss that is much
worse than what one would expect from known optimal constructions of
closely related primitives like unique signatures. We show that:
1. Every security proof for a VRF has to lose a factor of Q, where Q is
the number of adversarial queries. To that end, we extend the meta-
reduction technique of Bader et al. (EUROCRYPT’16) to also cover
VRFs.
2. This raises the question: Is this bound optimal? We answer this
question in the affirmative by presenting the first VRF that achieves
this tightness.
We thus paint a complete picture of the achievability of tight verifiable
random functions: We show that a security loss of Q is unavoidable and
present the first construction that achieves this bound.
Coauthors
- Tibor Jager (1)
- Rafael Kurek (1)
- David Niehues (2)