Paper 2022/835

Covert Authentication from Lattices

Rajendra Kumar, National University of Singapore
Khoa Nguyen, University of Wollongong
Abstract

Introduced by von Ahn et al. (STOC’05), covert two-party computation is an appealing cryptographic primitive that allows Al- ice and Bob to securely evaluate a function on their secret inputs in a steganographic manner, i.e., even the existence of a computation is oblivious to each party - unless the output of the function is favourable to both. A prominent form of covert computation is covert authentica- tion, where Alice and Bob want to authenticate each other based on their credentials, in a way such that the party who does not hold the appro- priate credentials cannot pass the authentication and is even unable to distinguish a protocol instance from random noise. Jarecki (PKC’14) put forward a blueprint for designing covert authentication protocols, which relies on a covert conditional key-encapsulation mechanism, an identity escrow scheme, a covert commitment scheme and a Σ-protocol satisfying several specific properties. He also proposed an instantiation based on the Strong RSA, the Decisional Quadratic Residuosity and the Decisional Diffie-Hellman assumptions. Despite being very efficient, Jarecki’s con- struction is vulnerable against quantum adversaries. In fact, designing covert authentication protocols from post-quantum assumptions remains an open problem. In this work, we present several contributions to the study of covert authentication protocols. First, we identify several technical obstacles in realizing Jarecki’s blueprint under lattice assumptions. To remedy, we then provide a new generic construction of covert Mutual Authentica- tion (MA) protocol, that departs from given blueprint and that requires somewhat weaker properties regarding the employed cryptographic ingre- dients. Next, we instantiate our generic construction based on commonly used lattice assumptions. The protocol is proven secure in the random oracle model, assuming the hardness of the Module Learning With Errors (M-LWE) and Module Short Integer Solution (M-SIS) and the NTRU problems, and hence, is potentially quantum-safe. In the process, we also develop an approximate smooth projective hashing function associated with a covert commitment, based on the M-LWE assumption. We then demonstrate that this new ingredient can be smoothly combined with existing lattice-based techniques to yield a secure covert MA scheme.

Note: Full version.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. 20th International Conference on Applied Cryptography and Network Security
Keywords
Covert authentication commitments zero-knowledge proofs conditional KEM approximate SPH lattices M-LWE M-SIS
Contact author(s)
rjndr2503 @ gmail com
khoa @ uow edu au
History
2022-06-27: approved
2022-06-24: received
See all versions
Short URL
https://ia.cr/2022/835
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/835,
      author = {Rajendra Kumar and Khoa Nguyen},
      title = {Covert Authentication from Lattices},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/835},
      year = {2022},
      url = {https://eprint.iacr.org/2022/835}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.