Abstract
In this work, we introduce the notion of puncturable witness pseudorandom function (pWPRF) which is a stronger variant of WPRF proposed by Zhandry, TCC 2016. The punctured technique is similar to what we have seen for puncturable PRFs and is capable of extending the applications of WPRF. Specifically, we construct a semi-adaptively secure offline witness encryption (OWE) scheme using a pWPRF, an indistinguishability obfuscation (\(i\mathcal {O}\)) and a symmetric-key encryption (SKE), which enables us to encrypt messages along with NP statements. We show that replacing \(i\mathcal {O}\) with extractability obfuscation, the OWE turns out to be an extractable offline witness encryption scheme. To gain finer control over data, we further demonstrate how to convert our OWEs into offline functional witness encryption (OFWE) and extractable OFWE. All of our OWEs and OFWEs produce an optimal size ciphertext, in particular, encryption of a message is as small as the size of the message plus the security parameter multiplied with a constant, which is optimal for any public-key encryption scheme. On the other hand, in any previous OWE, the size of a ciphertext increases polynomially with the size of messages. Finally, we show that the WPRF of Pal et al. (ACISP 2019) can be extended to a pWPRF and an extractable pWPRF.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abusalah, H., Fuchsbauer, G., Pietrzak, K.: Offline witness encryption. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 285–303. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_16
Agrawal, S.: Indistinguishability obfuscation without multilinear maps: new methods for bootstrapping and instantiation. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 191–225. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_7
Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 308–326. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_15
Ananth, P., Jain, A., Lin, H., Matt, C., Sahai, A.: Indistinguishability obfuscation without multilinear maps: new paradigms via low degree weak pseudorandomness and security amplification. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 284–332. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_10
Ananth, P., Sahai, A.: Projective arithmetic functional encryption and indistinguishability obfuscation from degree-5 multilinear maps. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 152–181. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_6
Barbosa, M., Portela, B., Scerri, G., Warinschi, B.: Foundations of hardware-based attested computation and application to SGX. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 245–260. IEEE (2016)
Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. J. ACM (JACM) 65(6), 1–37 (2018)
Boyle, E., Chung, K.-M., Pass, R.: On extractability (aka differing-inputs) obfuscation. In: TCC (2014)
Boyle, E., Pass, R.: Limits of extractability assumptions with distributional auxiliary input. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 236–261. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_10
Brakerski, Z., Döttling, N., Garg, S., Malavolta, G.: Candidate iO from homomorphic encryption schemes. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 79–109. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_4
Cheon, J.H., Cho, W., Hhan, M., Kim, J., Lee, C.: Statistical zeroizing attack: cryptanalysis of candidates of BP obfuscation over GGH15 multilinear map. Cryptology ePrint Archive, Report 2018/1081 (2018). https://eprint.iacr.org/2018/1081
Chvojka, P., Jager, T., Kakvi, S.A.: Offline witness encryption with semi-adaptive security. Cryptology ePrint Archive, Report 2019/1337 (2019). https://eprint.iacr.org/2019/1337
Coron, J.-S., Notarnicola, L.: Cryptanalysis of CLT13 multilinear maps with independent slots. IACR Cryptology ePrint Archive, 2019:309 (2019)
Damgard, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system, pp. 13–15 (2001)
Fisch, B., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: Iron: functional encryption using intel SGX. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 765–782. ACM (2017)
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45(3), 882–929 (2016)
Garg, S., Gentry, C., Halevi, S., Wichs, D.: On the implausibility of differing-inputs obfuscation and extractable witness encryption with auxiliary input. Algorithmica 79(4), 1353–1373 (2017)
Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 467–476. ACM (2013)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169–178 (2009)
Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_5
Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: How to run turing machines on encrypted data. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 536–553. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_30
Lin, H.: Indistinguishability obfuscation from SXDH on 5-linear maps and locality-5 PRGs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 599–629. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_20
Lin, H., Tessaro, S.: Indistinguishability obfuscation from trilinear maps and block-wise local PRGs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 630–660. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_21
Pal, T., Dutta, R.: Offline witness encryption from witness PRF and randomized encoding in CRS model. In: Jang-Jaccard, J., Guo, F. (eds.) ACISP 2019. LNCS, vol. 11547, pp. 78–96. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21548-4_5
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Proceedings of the Forty-Sixth Annual ACM Symposium on Theory of Computing, pp. 475–484. ACM (2014)
Zhandry, M.: How to avoid obfuscation using witness PRFs. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 421–448. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_16
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Formal Proof of Theorem 3
A Formal Proof of Theorem 3
Proof
We prove the security using two games. We start with Game 0 which is the standard selective security experiment as in Definition 6. Let \(\mathsf {G_i}\) be the event \(b = b^{\prime }\) in each Game i.
: Game 1 is exactly same as the Game 0 except we replace the circuit \(C[\textsf {K}]\) with a new circuit \(C[\textsf {fk}_{x^*}, x^*]\) defined in Fig. 10, where \(\textsf {fk}_{x^*} \leftarrow \textsf {pPRF.PuncKey}(\textsf {K}, x^*)\). We show that the two circuits \(C[\textsf {K}]\) and \(C[\textsf {fk}_{x^*}, x^*]\) are functionally equivalent. For any arbitrary input \((\bar{x}, \bar{w})\) to the circuits, we see that if \(\bar{x} \ne x^*\), then both the circuits return the same value as \(\textsf {pPRF.Eval}(\textsf {K}, \bar{x}) = \textsf {pPRF.PuncEval}(\textsf {fk}_{x^*}, \bar{x})\). Otherwise, if \(\bar{x} = x^*\) then the circuit \(C[\textsf {K}]\) returns \(\perp \), because \(x^* \not \in L\) implies that \(R(\bar{x}, \bar{w}) = 0\) for all \(\bar{w} \in \mathcal {W}\), and the circuit \(C[\textsf {fk}_{x^*}, x^*]\) returns \(\perp \) because of the check in line 2 (Fig. 10). Thus, the indistinguishability property of \(i\mathcal {O}\) (Definition 12) guarantees that
where \(\mathcal {D}\) is a PPT distinguisher for \(i\mathcal {O}\).
Suppose, the advantage of \(\mathcal {A}\) in Game 1 is non-negligible. Then we construct an adversary \(\mathcal {B}\) against the security of pPRF (Definition 2) with the same advantage as follow.
:
-
1.
send \(x^*\) to its challenger
-
2.
The pPRF-challenger does the following:
-
(a)
generate K \(\leftarrow \) pPRF.Gen(\(1^{\lambda }\))
-
(b)
compute \(\textsf {fk}_{x^*} \leftarrow \textsf {pPRF.PuncKey}(\textsf {K}, x^*)\)
-
(c)
set \(y_0 \leftarrow \textsf {pPRF.Eval}(\textsf {K}, x^*)\) and \(y_1 \leftarrow \mathcal {Y}\)
-
(d)
pick \(b \leftarrow \{0, 1\}\)
-
(e)
return (\(\textsf {fk}_{x^*}, y_{b}\)) to \(\mathcal {B}\)
-
(a)
-
3.
compute \(\widetilde{C} \leftarrow i\mathcal {O}(1^{\lambda }, C[\textsf {fk}_{x^*}, x^*])\) and set \(\mathsf {ek} = \widetilde{C}\)
-
4.
get \(b^{\prime } \leftarrow \mathcal {A}(\textsf {ek}, \textsf {fk}_{x^*}, y_b)\)
-
5.
return 1 if \(b = b^{\prime }\)
Note that \(\mathcal {B}\) perfectly simulates Game 1 for \(\mathcal {A}\). If \(\mathcal {A}\) can guess the bit b in Game 1 with a non-negligible advantage, then \(\mathcal {B}\) breaks the security of pPRF with the same advantage. From the security of pPRF, we have
Finally, combining all the probabilities we conclude the proof.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Pal, T., Dutta, R. (2020). Semi-Adaptively Secure Offline Witness Encryption from Puncturable Witness PRF. In: Nguyen, K., Wu, W., Lam, K.Y., Wang, H. (eds) Provable and Practical Security. ProvSec 2020. Lecture Notes in Computer Science(), vol 12505. Springer, Cham. https://doi.org/10.1007/978-3-030-62576-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-62576-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62575-7
Online ISBN: 978-3-030-62576-4
eBook Packages: Computer ScienceComputer Science (R0)