**Disjunctions for Hash Proof Systems: New Constructions and Applications**

*Michel Abdalla and Fabrice Benhamouda and David Pointcheval*

**Abstract: **Hash Proof Systems were first introduced by Cramer and Shoup (Eurocrypt'02) as a tool to construct efficient chosen-ciphertext-secure encryption schemes. Since then, they have found many other applications, including password authenticated key exchange, oblivious transfer, and zero-knowledge arguments. One of the aspects that makes hash proof systems so interesting and powerful is that they can be seen as implicit proofs of membership for certain languages. As a result, by extending the family of languages that they can handle, one often obtains new applications or new ways to understand existing schemes. In this paper, we show how to construct hash proof systems for the disjunction of languages defined generically over cyclic, bilinear, and multilinear groups. Among other applications, this enables us to construct the most efficient one-time simulation-sound (quasi-adaptive) non-interactive zero-knowledge arguments for linear languages over cyclic groups, the first one-round group password-authenticated key exchange without random oracles, the most efficient threshold structure-preserving chosen-ciphertext-secure encryption scheme, and the most efficient one-round password authenticated key exchange in the UC framework.

**Category / Keywords: **public-key cryptography / Hash Proof System, Non-Interactive Zero-Knowledge Proof, Group Password Authenticated Key Exchange, Threshold Encryption, Linearly Homomorphic Signature, Structure Preserving Primitive

**Original Publication**** (with major differences): **IACR-EUROCRYPT-2015

**Date: **received 18 Jun 2014, last revised 2 Oct 2015

**Contact author: **fabrice ben hamouda at ens fr

**Available format(s): **PDF | BibTeX Citation

**Note: **2015-10-02: mention of the fact that the core idea of diverse vector space was already present in the paper "Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption" from Cramer and Shoup (http://eprint.iacr.org/2001/085).
2015-03-03: transposition of all matrices to match notation in "An Algebraic Framework for Diffie-Hellman Assumptions" from Escala et al. (http://eprint.iacr.org/2013/377), and various editorial improvements.

**Version: **20151002:193815 (All versions of this report)

**Short URL: **ia.cr/2014/483

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]