CCA-security from adaptive all-but-one lossy trapdoor functions

CCA-security from adaptive all-but-one lossy trapdoor functions

In this paper, we propose the notion of adaptive all-but-one lossy trapdoor functions (aABO-LTFs), a variant of all-but-one lossy trapdoor functions. An aABO-LTF is parameterised by a set of branches. Given the lossy branch, the function statistically loses the information of its inputs. Given injec...

Full description

Saved in:
Bibliographic Details
Published in:Theoretical computer science Vol. 883; pp. 99 - 121
Main Authors: Li, Qinyi, Boyen, Xavier, Foo, Ernest
Format: Journal Article
Language:English
Published: Elsevier B.V 03-09-2021
Subjects:
Adaptive ABO-LTFs
CCA security
Deterministic encryption
Key encapsulation
Lossy trapdoor functions
CCA security
Lossy trapdoor functions
Deterministic encryption
Adaptive ABO-LTFs
Key encapsulation
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we propose the notion of adaptive all-but-one lossy trapdoor functions (aABO-LTFs), a variant of all-but-one lossy trapdoor functions. An aABO-LTF is parameterised by a set of branches. Given the lossy branch, the function statistically loses the information of its inputs. Given injective branches, the function is injective, and there is a trapdoor that enables efficient function inversion. What differentiates an aABO-LTF and an ABO-LTF is that for an aABO-LTF, the lossy branch is indistinguishable from the other branches even if the adversary gets to ask for function inversions on any injective branches apart from the lossy branch. We demonstrate the usefulness of the adaptivity of aABO-LTFs by providing generic and efficient constructions of an adaptively chosen-ciphertext secure (CCA-secure) public-key encapsulation mechanism (KEM) and an adaptive deterministic public-key encryption (DPKE) without random oracles using aABO-LTFs in a very simple black-box way. Our constructions are direct in the sense of that it avoids generic transformations using one-time signatures or message authentication codes typically found in standard model CCA-secure constructions. Moreover, we show that aABO-LTFs can be instantiated generically by lossy trapdoor primitives, including lossy trapdoor functions (LTFs) and identity-based (lossy) trapdoor functions (IB-LTFs). We also demonstrate that the lattice-based ABO-LTFs proposed by Alwen et al. (CRYPTO'13) are aABO-LTFs. Several existing CCA-secure KEM and DPKE schemes can be described by our generic constrictions. Therefore, our work unifies these seemingly unrelated schemes and explains the design principles behind these schemes.
ISSN:0304-3975
1879-2294
DOI:10.1016/j.tcs.2021.06.014