Cryptology ePrint Archive: Report 2019/291

CCA Security and Trapdoor Functions via Key-Dependent-Message Security

Fuyuki Kitagawa and Takahiro Matsuda and Keisuke Tanaka

Abstract: We study the relationship among public-key encryption (PKE) satisfying indistinguishability against chosen plaintext attacks (IND-CPA security), that against chosen ciphertext attacks (IND-CCA security), and trapdoor functions (TDF). Specifically, we aim at finding a unified approach and some additional requirement to realize IND-CCA secure PKE and TDF based on IND-CPA secure PKE, and show the following two main results.

As the first main result, we show how to achieve IND-CCA security via a weak form of key-dependent-message (KDM) security. More specifically, we construct an IND-CCA secure PKE scheme based on an IND-CPA secure PKE scheme and a secret-key encryption (SKE) scheme satisfying one-time KDM security with respect to projection functions (projection-KDM security). Projection functions are elementary functions with respect to which KDM security has been widely studied. Since the existence of projection-KDM secure PKE implies that of the above two building blocks, as a corollary of this result, we see that the existence of IND-CCA secure PKE is implied by that of projection-KDM secure PKE.

As the second main result, we extend the above construction of IND-CCA secure PKE into that of TDF by additionally requiring a mild requirement for each building block. Our TDF satisfies adaptive one-wayness. We can instantiate our TDF based on a wide variety of computational assumptions. Especially, we obtain the first TDF (with adaptive one-wayness) based on the sub-exponential hardness of the constant-noise learning-parity-with-noise (LPN) problem.

In addition, we show that by extending the above constructions, we can obtain PKE schemes satisfying advanced security notions under CCA, that is, optimal rate leakage-resilience under CCA and selective-opening security under CCA. As a result, we obtain the first PKE schemes satisfying these security notions based on the computational Diffie-Hellman (CDH) assumption or the low-noise LPN assumption.

Category / Keywords: public-key cryptography / chosen ciphertext security, trapdoor functions, key dependent message security

Original Publication (with major differences): IACR-CRYPTO-2019

Date: received 13 Mar 2019, last revised 3 Jun 2021

Contact author: fuyuki kitagawa yh at hco ntt co jp,fuyuki kitagawa@gmail com,t-matsuda@aist go jp,keisuke@is titech ac jp

Available format(s): PDF | BibTeX Citation

Note: The proceedings version of this paper appeared in CRYPTO 2019. In this version, we provide several additional results on advanced security notions under CCA, that is, optimal rate leakage resilience under CCA and selective-opening security under CCA. The additional results are explained in the "Further Results'' paragraph in Section 1.2.

Version: 20210604:052530 (All versions of this report)

Short URL: ia.cr/2019/291


[ Cryptology ePrint archive ]