Cryptology ePrint Archive: Report 2021/494

Key-Oblivious Encryption from isogenies and its application to Accountable Tracing Signatures.

Surbhi Shaw and Ratna Dutta

Abstract: Key-oblivious encryption (KOE) is a newly developed cryptographic primitive that randomizes the public keys of an encryption scheme in an oblivious manner. It has applications in designing accountable tracing signature (ATS) that facilitates the group manager to revoke the anonymity of traceable users in a group signature while preserving the anonymity of non-traceable users. Despite of its importance and strong application, KOE has not received much attention in the literature.

In this work, we introduce the first isogeny-based KOE scheme. Isogeny is a fairly young post-quantum cryptographic field with sophisticated algebraic structures and unique security properties. Our KOE scheme is resistant to quantum attacks and derives its security from Commutative Supersingular Decisional Diffie-Hellman (CSSDDH), which is an isogeny based hard problem. More concretely, we have shown that our construction exhibits key randomizability, plaintext indistinguishability under key randomization and key privacy under key randomization in the standard model adapting the security framework of [KM15]. Furthermore, we have manifested instantiation of our scheme from cryptosystem based on Commutative Supersingular Isogeny Diffie-Hellman (CSIDH-512) [BKV19]. Additionally, we demonstrate the utility of our KOE scheme by leveraging it to construct an isogeny-based ATS scheme preserving anonymity under tracing, traceability, non-frameability, anonymity with accountability and trace obliviousness in the random oracle model following the security framework of [LNWX19].

Category / Keywords: cryptographic protocols / Post-quantum cryptography; Isogenies; Key-oblivious encryption; Accountable tracing signatures.

Date: received 17 Apr 2021

Contact author: surbhi_shaw at iitkgp ac in

Available format(s): PDF | BibTeX Citation

Version: 20210419:060932 (All versions of this report)

Short URL: ia.cr/2021/494


[ Cryptology ePrint archive ]