Paper 2018/131

Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption

Ran Canetti, Yilei Chen, Leonid Reyzin, and Ron D. Rothblum


A hash function family is called correlation intractable if for all sparse relations, it is hard to find, given a random function from the family, an input-output pair that satisfies the relation (Canetti et al., STOC 98). Correlation intractability (CI) captures a strong Random-Oracle-like property of hash functions. In particular, when security holds for all sparse relations, CI suffices for guaranteeing the soundness of the Fiat-Shamir transformation from any constant round, statistically sound interactive proof to a non-interactive argument. However, to date, the only CI hash function for all sparse relations (Kalai et al., Crypto 17) is based on general program obfuscation with exponential hardness properties. We construct a simple CI hash function for arbitrary sparse relations, from any symmetric encryption scheme that satisfies some natural structural properties, and in addition guarantees that key recovery attacks mounted by polynomial-time adversaries have only exponentially small success probability - even in the context of key-dependent messages (KDM). We then provide parameter settings where ElGamal encryption and Regev encryption plausibly satisfy the needed properties. Our techniques are based on those of Kalai et al., with the main contribution being substituting a statistical argument for the use of obfuscation, therefore greatly simplifying the construction and basing security on better-understood intractability assumptions. In addition, we extend the definition of correlation intractability to handle moderately sparse relations so as to capture the properties required in proof-of-work applications (e.g. Bitcoin). We also discuss the applicability of our constructions and analyses in that regime.

Available format(s)
Publication info
A minor revision of an IACR publication in EUROCRYPT 2018
Contact author(s)
canetti @ bu edu
chenyilei ra @ gmail com
reyzin @ cs bu edu
ronr @ csail mit edu
2018-02-05: received
Short URL
Creative Commons Attribution


      author = {Ran Canetti and Yilei Chen and Leonid Reyzin and Ron D.  Rothblum},
      title = {Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2018/131},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.