Paper 2013/341

Trapdoor Smooth Projective Hash Functions

Fabrice Benhamouda and David Pointcheval


Katz and Vaikuntanathan recently improved smooth projective hash functions in order to build one-round password-authenticated key exchange protocols (PAKE). To achieve security in the UC framework they allowed the simulator to extract the hashing key, which required simulation-sound non-interactive zero-knowledge proofs that are unfortunately inefficient. We improve the way the latter extractability is obtained by introducing the notion of trapdoor smooth projective hash function (TSPHF). A TSPHF is an SPHF with a trapdoor, which may not allow to recover the complete hashing key, but which still allows to compute the hash value, which is enough for an application to PAKE with UC-security against static corruptions. We additionally show that TSPHFs yield zero-knowledge proofs in two flows, with straight-line extractability. Besides those quite interesting applications of TSPHF, we also show how to generically build them on languages of ciphertexts, using any ElGamal-like encryption. Our concrete instantiations lead to efficient one-round UC-secure PAKE, extractable zero-knowledge arguments, and verifiable encryption of Waters signatures. In the case of the PAKE, our construction is the most efficient one-round UC-secure PAKE to date.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2013
Authenticated Key ExchangeZero-Knowledge ArgumentsVerifiable EncryptionTrapdoor Smooth Projective Hash Functions
Contact author(s)
fabrice ben hamouda @ ens fr
2013-08-28: last of 2 revisions
2013-06-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fabrice Benhamouda and David Pointcheval},
      title = {Trapdoor Smooth Projective Hash Functions},
      howpublished = {Cryptology ePrint Archive, Paper 2013/341},
      year = {2013},
      doi = {10.1007/978-3-642-40041-4_25},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.