Cryptology ePrint Archive: Report 2019/291

CCA Security and Trapdoor Functions via Key-Dependent-Message Security

Fuyuki Kitagawa and Takahiro Matsuda and Keisuke Tanaka

Abstract: We study the relationship among public-key encryption (PKE) satisfying indistinguishability against chosen plaintext attacks (IND-CPA security), that against chosen ciphertext attacks (IND-CCA security), and trapdoor functions (TDF). Specifically, we aim at finding a unified approach and some additional requirement to realize IND-CCA secure PKE and TDF based on IND-CPA secure PKE, and show the following two main results.

As the first main result, we show how to achieve IND-CCA security via a weak form of key-dependent-message (KDM) security. More specifically, we construct an IND-CCA secure PKE scheme based on an IND-CPA secure PKE scheme and a secret-key encryption (SKE) scheme satisfying one-time KDM security with respect to projection functions (projection-KDM security). Projection functions are very simple functions with respect to which KDM security has been widely studied. Since the existence of projection-KDM secure PKE implies that of the above two building blocks, as a corollary of this result, we see that the existence of IND-CCA secure PKE is implied by that of projection-KDM secure PKE.

As the second main result, we extend the above construction of IND-CCA secure PKE into that of TDF by additionally requiring a mild requirement for each building block. Our TDF satisfies adaptive one-wayness. We can instantiate our TDF based on a wide variety of computational assumptions. Especially, we obtain the first TDF (with adaptive one-wayness) based on the sub-exponential hardness of constant-noise learning-parity-with-noise (LPN) problem.

Category / Keywords: public-key cryptography / chosen ciphertext security, trapdoor functions, key dependent message security

Date: received 13 Mar 2019

Contact author: kitagaw1 at is titech ac jp,fuyuki kitagawa@gmail com,t-matsuda@aist go jp,keisuke@is titech ac jp

Available format(s): PDF | BibTeX Citation

Version: 20190319:145704 (All versions of this report)

Short URL: ia.cr/2019/291


[ Cryptology ePrint archive ]