- A new strategy for tight security reductions that leads to compact public keys and ciphertexts.
- A relaxed definition of non-interactive proof systems for non-linear (``OR-type'') languages. Our definition is strong enough to act as a central tool in our new strategy to obtain tight security, and is achievable both in pairing-friendly and DCR groups.
We apply these concepts in a generic construction of a tightly secure public-key encryption scheme. When instantiated in different concrete settings, we obtain the following:
- A public-key encryption scheme whose chosen-ciphertext security can be tightly reduced to the DLIN assumption in a pairing-friendly group. Ciphertexts, public keys, and system parameters contain 6, 24, and 2 group elements, respectively. This improves heavily upon a recent scheme of Gay et al. (Eurocrypt 2016) in terms of public key size, at the cost of using a symmetric pairing.
- The first public-key encryption scheme that is tightly chosen-ciphertext secure under the DCR assumption. While the scheme is not very practical (ciphertexts carry 29 group elements), it enjoys constant-size parameters, public keys, and ciphertexts.Category / Keywords: public-key cryptography / Tight security reductions, pairing-friendly groups, decisional composite residuosity Original Publication (with major differences): IACR-EUROCRYPT-2017 Date: received 13 Apr 2016, last revised 22 Jan 2017 Contact author: Dennis Hofheinz at kit edu Available format(s): PDF | BibTeX Citation Note: 2016-04-26: Corrected typos, including a problem in the formulation of key extractors. (No change of the theorems or constructions.) 2016-06-03: More typos, including a mistake in the description of honest key derivation. (No change in the theorems.) 2016-06-08: Corrected flaw in DCR-based one-time signature construction. 2016-07-03: Corrected flaw in Lemma 2.3 (part of PKE proof). No changes in construction. Added outlines of PKE proofs and fixed many typos and inconsistencies. 2017-01-22: Incorporated reviewer comments (clarifications and minor presentation changes). Version: 20170122:162210 (All versions of this report) Short URL: ia.cr/2016/373 Discussion forum: Show discussion | Start new discussion