Paper 2018/587

Offline Witness Encryption from Witness PRF and Randomized Encoding in CRS model

Tapas Pal and Ratna Dutta


Witness pseudorandom functions (witness PRFs) generate a pseudorandom value corresponding to an instance x of an NP language and the same pseudorandom value can be recomputed if a witness w that x is in the language is known. Zhandry (TCC 2016) introduced the idea of witness PRFs and gave a construction using multilinear maps. Witness PRFs can be interconnected with the recent powerful cryptographic primitive called witness encryption. In witness encryption, a message can be encrypted with respect to an instance x of an NP language and a decryptor that knows a witness w corresponding to the instance x can recover the message from the ciphertext. Mostly, witness encryption was constructed using obfuscation or multilinear maps. In this work, we build (single relation) witness PRFs using a puncturable pseudorandom function and a randomized encoding in common reference string (CRS) model. Next, we propose construction of an offline witness encryption having short ciphertexts from a public-key encryption scheme, an extractable witness PRF and a randomized encoding in CRS model. Furthermore, we show how to convert our single relation witness PRF into a multi-relation witness PRF and the offline witness encryption into an offline functional witness encryption scheme.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MAJOR revision.24th Australasian Conference on Information Security and Privacy (ACISP 2019)
Witness PRFOffline witness encryptionRandomized encoding.
Contact author(s)
tapas pal @ iitkgp ac in
2020-11-05: last of 2 revisions
2018-06-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tapas Pal and Ratna Dutta},
      title = {Offline Witness Encryption from Witness PRF and Randomized Encoding in CRS model},
      howpublished = {Cryptology ePrint Archive, Paper 2018/587},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.