Cryptology ePrint Archive: Report 2014/483

Disjunctions for Hash Proof Systems: New Constructions and Applications

Michel Abdalla and Fabrice Benhamouda and David Pointcheval

Abstract: Hash Proof Systems were first introduced by Cramer and Shoup (Eurocrypt'02) as a tool to construct efficient chosen-ciphertext-secure encryption schemes. Since then, they have found many other applications, including password authenticated key exchange, oblivious transfer, and zero-knowledge arguments. One of the aspects that makes hash proof systems so interesting and powerful is that they can be seen as implicit proofs of membership for certain languages. As a result, by extending the family of languages that they can handle, one often obtains new applications or new ways to understand existing schemes. In this paper, we show how to construct hash proof systems for the disjunction of languages defined generically over cyclic, bilinear, and multilinear groups. Among other applications, this enables us to construct the most efficient one-time simulation-sound (quasi-adaptive) non-interactive zero-knowledge arguments for linear languages over cyclic groups, the first one-round group password-authenticated key exchange without random oracles, the most efficient threshold structure-preserving chosen-ciphertext-secure encryption scheme, and the most efficient one-round password authenticated key exchange in the UC framework.

Category / Keywords: public-key cryptography / Hash Proof System, Non-Interactive Zero-Knowledge Proof, Group Password Authenticated Key Exchange, Threshold Encryption, Linearly Homomorphic Signature, Structure Preserving Primitive

Original Publication (with major differences): IACR-EUROCRYPT-2015

Date: received 18 Jun 2014, last revised 3 Mar 2015

Contact author: fabrice ben hamouda at ens fr

Available format(s): PDF | BibTeX Citation

Note: 2015-03-03: transposition of all matrices to match notation in "An Algebraic Framework for Diffie-Hellman Assumptions" from Escala et al. (, and various editorial improvements.

Version: 20150303:194030 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]