## Cryptology ePrint Archive: Report 2016/373

Dennis Hofheinz

Abstract: We present a new strategy for partitioning proofs, and use it to obtain new tightly secure encryption schemes. Specifically, we provide the following two conceptual contributions:

- A new strategy for tight security reductions that leads to compact public keys and ciphertexts.

- A relaxed definition of non-interactive proof systems for non-linear (OR-type'') languages. Our definition is strong enough to act as a central tool in our new strategy to obtain tight security, and is achievable both in pairing-friendly and DCR groups.

We apply these concepts in a generic construction of a tightly secure public-key encryption scheme. When instantiated in different concrete settings, we obtain the following:

- A public-key encryption scheme whose chosen-ciphertext security can be tightly reduced to the DLIN assumption in a pairing-friendly group. Ciphertexts, public keys, and system parameters contain 6, 24, and 2 group elements, respectively. This improves heavily upon a recent scheme of Gay et al. (Eurocrypt 2016) in terms of public key size, at the cost of using a symmetric pairing.

- The first public-key encryption scheme that is tightly chosen-ciphertext secure under the DCR assumption. While the scheme is not very practical (ciphertexts carry 29 group elements), it enjoys constant-size parameters, public keys, and ciphertexts.

Category / Keywords: public-key cryptography / Tight security reductions, pairing-friendly groups, decisional composite residuosity

Original Publication (with major differences): IACR-EUROCRYPT-2017

Date: received 13 Apr 2016, last revised 22 Jan 2017

Contact author: Dennis Hofheinz at kit edu

Available format(s): PDF | BibTeX Citation

Note: 2016-04-26: Corrected typos, including a problem in the formulation of key extractors. (No change of the theorems or constructions.) 2016-06-03: More typos, including a mistake in the description of honest key derivation. (No change in the theorems.) 2016-06-08: Corrected flaw in DCR-based one-time signature construction. 2016-07-03: Corrected flaw in Lemma 2.3 (part of PKE proof). No changes in construction. Added outlines of PKE proofs and fixed many typos and inconsistencies. 2017-01-22: Incorporated reviewer comments (clarifications and minor presentation changes).

Short URL: ia.cr/2016/373

[ Cryptology ePrint archive ]