We show how to construct chosen-plaintext secure (CPA) and chosen-ciphertext secure (CCA) public-key encryption (PKE) schemes from (adaptive) PEPRFs. The construction is simple, black-box, and admits a direct proof of security. We provide evidence that (adaptive) PEPRFs exist by showing constructions from injective trapdoor functions, hash proof systems, extractable hash proof systems, as well as a construction from puncturable PRFs with program obfuscation.
We introduce the notion of publicly sampleable PRFs (PSPRFs), which is a relaxation of PEPRFs, but nonetheless imply PKE. We show (adaptive) PSPRFs are implied by (adaptive) trapdoor relations. This helps us to unify and clarify many PKE schemes from seemingly unrelated general assumptions and paradigms under the notion of PSPRFs.
We explore similar extension on recently emerging constrained PRFs, and introduce the notion of publicly evaluable constrained PRFs, which, as an immediate application, implies attribute-based encryption.
We propose a twist on PEPRFs, which we call publicly evaluable and verifiable functions (PEVFs). Compared to PEPRFs, PEVFs have an additional promising property named public verifiability while the best possible security degrades to unpredictability. We justify the applicability of PEVFs by presenting a simple construction of ``hash-and-sign'' signatures, both in the random oracle model and the standard model.Category / Keywords: publicly evaluable PRF, TDF, HPS, EHPS, indistinguishability obfuscation, PKE, ABE, signature Original Publication (with major differences): SCN 2014 (9th Conference on Security and Cryptography for Networks) Date: received 30 Apr 2014, last revised 27 Feb 2016 Contact author: yuchen prc at gmail com Available format(s): PDF | BibTeX Citation Note: In this version, we correct some typos, and show how to construct PEPRFs from TDFs or PPRF+iO. Version: 20160227:103047 (All versions of this report) Short URL: ia.cr/2014/306 Discussion forum: Show discussion | Start new discussion