Zilong Wang,Honggang Hu,Mengce Zheng,Jiehui Nan

DOI: https://doi.org/10.1007/978-981-15-0818-9_7

2019-01-01

Abstract:Password-based authenticated key exchange (PAKE) protocols allow two users who share only a short, low-entropy password to establish a consistent cryptographically strong session key. In 2009, Katz and Vaikuntanathan gave the first lattice-base PAKE from approximate smooth projective hash function (ASPHF) which is a variant of smooth projective hash function (SHPF). In 2017, Zhang and Yu introduced a two-round PAKE based on splittable PKEs. An error-correcting code (ECC) was used in these protocols to deal with the errors intrinsically in learning with errors (LWE) assumption, and the protocol is asymmetric as the session key is decided be just one user. In this paper, an error correcting technique called reconciliation mechanism, which was first introduced to construct a key exchange protocol from lattice, is adopted to construct more efficient lattice-based PAKEs with reduced computation complexity and communication complexity. Moreover, the new PAKEs are symmetric.

Jiang Zhang,Yu Yu

DOI: https://doi.org/10.1007/978-3-319-70700-6_2

2017-01-01

Abstract:Password-based authenticated key exchange (PAKE) enables two users with shared low-entropy passwords to establish cryptographically strong session keys over insecure networks. At Asiacrypt 2009, Katz and Vaikuntanathan showed a generic three-round PAKE based on any CCA-secure PKE with associated approximate smooth projective hashing (ASPH), which helps to obtain the first PAKE from lattices. In this paper, we give a framework for constructing PAKE from CCA-secure PKE with associated ASPH, which uses only two-round messages by carefully exploiting a splittable property of the underlying PKE and its associated non-adaptive ASPH. We also give a splittable PKE with associated non-adaptive ASPH based on the LWE assumption, which finally allows to instantiate our two-round PAKE framework from lattices.

Jiang Zhang,Yu Chen,Zhenfeng Zhang

DOI: https://doi.org/10.1007/s00145-023-09488-w

2023-12-01

Journal of Cryptology

Abstract:Driven by the open problem raised by Hofheinz and Kiltz (J Cryptol 25(3):484–527, 2012), we study the formalization of lattice-based programmable hash function (PHF) and give three types of concrete constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the inhomogeneous small integer solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is a collision-resistant hash function, which gives a direct application of this new primitive. We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain new short signature schemes and IBE schemes from (ideal) lattices. Specifically, by instantiating the generic constructions with our Type-II and Type-III PHF constructions, we immediately obtain two short signatures and two IBE schemes with asymptotically much shorter keys. A major downside which inherits from our Type-II and Type-III PHF constructions is that we can only prove the security of the new signatures and IBEs in the bounded security model that the number Q of the adversary's queries is required to be known in advance. Another downside is that the computational time of our new signatures and IBEs is a linear function of Q , which is large for typical parameters. To overcome the above limitations, we also give a refined way of using Type-II and Type-III PHFs to construct lattice-based short signatures with short verification keys in the full security model. In particular, our methods depart from the confined guessing technique of Böhl et al. (Eurocrypt'13) that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio (Crypto'14) and by Alperin-Sheriff (PKC'15) and allow us to achieve much tighter security from weaker hardness assumptions.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Lin Chen,Tongzhou Qu,Anqi Yin

DOI: https://doi.org/10.1007/s11042-023-17984-1

IF: 2.577

2024-01-19

Multimedia Tools and Applications

Abstract:Password-based authentication is one of the most prevailing access control mechanism. Typical password-authenticated key exchange (PAKE) protocols are single-server settings and are therefore vulnerable to server compromise attack. To defend against such attack, multi-server PAKE schemes have been advanced, but most of which are built on non-quantum-secure hardness assumptions. Lattice-based cryptosystems are regarded as the most promising one for post-quantum eara by NIST, while the known multi-server password-based authentication solution over lattices achieves merely key transport and is public key infrastructure (PKI)-based, resulting in low efficiency and poor deployability. In this work, we resort to distributed smooth projective hash function (SPHF) to bridge the gap between multi-server PAKE protocol and quantum-security. We first design an exact SPHF and derive the first distributed SPHF over lattices by leveraging the additive homomorphic property of the strong learning with errors (LWE) problem. In particular, the relevant parameters of the public key encryption (PKE) scheme it predicates on are identified, thus eliminating the influence of incomplete lattice homomorphism on the correctness of our SPHFs. Pertinent lattice-based multi-server PAKE protocols are further proposed on both transparent and non-transparent transmission modes by integrating our distributed SPHF into the multi-server framework of Raimondo and Gennaro (EUROCRYPT'03). Our PAKE constructions are able to resist both quantum and sever compromise attacks as well as avoid the expensive cryptographic primitives, including non-interactive zero knowledge (NIZK) proofs, signature/verification, secret sharing and fully homomorphic encryption. Experimental results demonstrate that our SPHFs and PAKE protocols offer better efficiency.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Shuai Han,Shengli Liu,Lin Lyu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-26951-7_15

2019-01-01

Abstract:We propose the concept of quasi-adaptive hash proof system (QAHPS), where the projection key is allowed to depend on the specific language for which hash values are computed. We formalize leakage-resilient(LR)-ardency for QAHPS by defining two statistical properties, including LR-< L-0, L-1 >-universal and LR-< L-0, L-1 >-key-switching. We provide a generic approach to tightly leakage-resilient CCA (LR-CCA) secure public-key encryption (PKE) from LR-ardent QAHPS. Our approach is reminiscent of the seminal work of Cramer and Shoup (Eurocrypt'02), and employ three QAHPS schemes, one for generating a uniform string to hide the plaintext, and the other two for proving the well-formedness of the ciphertext. The LR-ardency of QAHPS makes possible the tight LR-CCA security. We give instantiations based on the standard k-Linear (k-LIN) assumptions over asymmetric and symmetric pairing groups, respectively, and obtain fully compact PKE with tight LR-CCA security. The security loss is O(log Q(e)) where Q(e) denotes the number of encryption queries. Specifically, our tightly LR-CCA secure PKE instantiation from SXDH has only 4 group elements in the public key and 7 group elements in the ciphertext, thus is the most efficient one.

Jiehui Nan,Mengce Zheng,Zilong Wang,Honggang Hu

DOI: https://doi.org/10.1007/978-981-15-0818-9_17

2019-01-01

Abstract:In cyber security, authenticated key exchange (AKE) can be used to achieve the privacy and authentication of data. As a relevant cryptographic protocol, password-based authenticated key exchange (PAKE) has been studied for its convenience. Recently, Katz and Vaikuntanathan proposed a round-optimal PAKE from smooth projective hash functions (SPHFs). However, the instantiation of smooth projective hash functions depends on the underlying NP-relation which is a CCA-secure encryption relation in their construction. In this paper, we apply a new cryptographic primitive named witness PRFs to construct PAKE. In our settings, the concrete construction of witness PRFs is independent of the underlying NP-relation. At this point, our construction is more general, and furthermore, we have a discussion on some possible NP-relations, which could be used to construct secure PAKE in our settings.

Zilong Wang,Honggang Hu

DOI: https://doi.org/10.1007/978-981-13-3095-7_8

2018-01-01

Abstract:Lattice-based cryptographic primitives are believed to have the property against attacks by quantum computers. In this work, we present a KEA-style authenticated key exchange protocol based on the ring learning with errors problem whose security is proven in the BR model with weak perfect forward secrecy. With properties of KEA such as implicit key authentication and simplicity, our protocol also enjoys many properties of lattice-based cryptography, namely asymptotic efficiency, conceptual simplicity, worst-case hardness assumption, and resistance to attacks by quantum computers. Our lattice-based authenticated key exchange protocol is more efficient than the protocol of Zhang et al. (EUROCRYPT 2015) with more concise structure, smaller key size and lower bandwidth. Also, our protocol enjoys the advantage of optimal online efficiency and we improve our protocol with pre-computation.

Qi-Qi Lai,Bo Yang,Yong Yu,Zhe Xia,Yan-Wei Zhou,Yuan Chen

DOI: https://doi.org/10.1007/s11390-018-1885-5

IF: 1.871

2018-01-01

Journal of Computer Science and Technology

Abstract:Identity-based hash proof system is a basic and important primitive. It is widely utilized to construct cryptographic schemes and protocols that are secure against key-leakage attacks. In this paper, we introduce the concept of updatable identity-based hash proof system, in which the related master secret key and the identity secret key can be updated securely. Then, we instantiate this primitive based on lattices in the standard model. Moreover, we introduce an application of this new primitive by giving a generic construction of leakage-resilient public-key encryption schemes with anonymity. This construction can be considered as the integration of the bounded-retrieval model and the continual leakage model. Compared with the existing leakage-resilient schemes, our construction not only is more efficient but also can resist much more key leakage.

Chunsheng Gu

Abstract:: Constructing efficient and secured fully homomorphic encryption is still an open problem. By generalizing approximate GCD to approximate ideal lattice, a somewhat homomorphic encryption scheme is first presented based on partial approximate ideal lattice problem (PAILP) over the integers. The scheme is then converted it into a fully homomorphic encryption scheme (FHE) by applying Gentry’s bootstrappable techniques. Next, the security of the somewhat homomorphic encryption scheme is reduced to solving a partial approximate ideal lattice problem. Furthermore, a PAILP-based batch FHE and an AILP-based FHE are constructed. Finally, the PAILP/AILP-based FHE is implemented, and the performance of the proposed scheme is demonstrated to be better than that of previous schemes by computational experimental.

Mathematics,Computer Science

Jiang Zhang,Zhenfeng Zhang,Jintai Ding,Michael Snook,Oezguer Dagdelen

DOI: https://doi.org/10.1007/978-3-662-46803-6_24

2015-01-01

Abstract:In this paper, we present a practical and provably secure two-pass AKE protocol from ideal lattices, which is conceptually simple and has similarities to the Diffie-Hellman based protocols such as HMQV (CRYPTO 2005) and OAKE (CCS 2013). Our protocol does not rely on other cryptographic primitives—in particular, it does not use signatures—simplifying the protocol and resting the security solely on the hardness of the ring learning with errors problem. The security is proven in the Bellare-Rogaway model with weak perfect forward secrecy. We also give a one-pass variant of our two-pass protocol, which might be appealing in specific applications. Several concrete choices of parameters are provided, and a proof-of-concept implementation shows that our protocols are indeed practical.

Oded Regev

DOI: https://doi.org/10.48550/arXiv.cs/0309051

2003-09-29

Abstract:We introduce the use of Fourier analysis on lattices as an integral part of a lattice based construction. The tools we develop provide an elegant description of certain Gaussian distributions around lattice points. Our results include two cryptographic constructions which are based on the worst-case hardness of the unique shortest vector problem. The main result is a new public key cryptosystem whose security guarantee is considerably stronger than previous results ($O(n^{1.5})$ instead of $O(n^7)$). This provides the first alternative to Ajtai and Dwork's original 1996 cryptosystem. Our second result is a family of collision resistant hash functions which, apart from improving the security in terms of the unique shortest vector problem, is also the first example of an analysis which is not based on Ajtai's iterative step. Surprisingly, both results are derived from one theorem which presents two indistinguishable distributions on the segment $[0,1)$. It seems that this theorem can have further applications and as an example we mention how it can be used to solve an open problem related to quantum computation.

Cryptography and Security

Kübra Seyhan,Sedat Akleylek

DOI: https://doi.org/10.7717/peerj-cs.1791

2024-01-31

PeerJ Computer Science

Abstract:In this article, we propose a novel bilateral generalization inhomogenous short integer solution (BiGISIS)-based password-authenticated key exchange (PAKE) scheme for post-quantum era security. The hardness assumption of the constructed PAKE is based on newly proposed hard lattice problem, BiGISIS. The main aim of this article is to provide a solution for the post-quantum secure PAKE scheme, which is one of the open problems in the literature. The proposed PAKE is the first BiGISIS-based PAKE that satisfies anonymity and reusable key features. The bilateral-pasteurization (BiP) approach is used to obtain the reusable key, and anonymity is achieved thanks to the additional identity components and hash functions. The reusable key structure reduces the time in the key generation, and anonymity prevents illegal user login attempts. The security analysis is done by following the real-or-random (RoR) model assumptions. As a result of security examinations, perfect forward secrecy (PFS) and integrity are satisfied, and the resistance against eavesdropping, manipulation-based attack (MBA), hash function simulation, impersonation, signal leakage attack (SLA), man-in-the-middle (MitM), known-key security (KKS), and offline password dictionary attack (PDA) is captured. According to the comparison analysis, the proposed PAKE is the first SLA-resistant lattice-based PAKE with reusable key and anonymity properties.

computer science, information systems, artificial intelligence, theory & methods

Jintai Ding,Saed Alsayigh,Jean Lancrenon,R. Saraswathy,Michael Snook

DOI: https://doi.org/10.1007/978-3-319-52153-4_11

2017-01-01

Abstract:Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. Password-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in [19] to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols PAK and PPK [13,41], but in the lattice-based setting. The new protocol resembling PAK is three-pass, and provides mutual explicit authentication, while the protocol following the structure of PPK is two-pass, and provides implicit authentication. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to PAK and PPK, which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for PAK and PPK.

Yuan,Yuan,Zhao,Zhou,Shao,Wang,Zhao

DOI: https://doi.org/10.3390/e26090729

IF: 2.738

2024-08-29

Entropy

Abstract:In recent years, research on attribute-based encryption (ABE) has expanded into the quantum domain. Because a traditional single authority can cause the potential single point of failure, an improved lattice-based quantum-resistant identity authentication and policy attribute encryption scheme is proposed, in which the generation of random values is optimized by adjusting parameters in the Gaussian sampling algorithm to improve overall performance. Additionally, in the key generation phase, attributes are processed according to their shared nature, which reduces the computational overhead of the authorization authority. In the decryption phase, the basis transformation of the Lenstra–Lenstra–Lovász (LLL) lattice reduction algorithm is utilized to rapidly convert shared matrices into the shortest vector form, which can reduce the computational cost of linear space checks. The experimental results demonstrate that the proposed method not only improves efficiency but also enhances security compared with related schemes.

physics, multidisciplinary

Yiming Li,Shengli Liu

DOI: https://doi.org/10.3233/jcs-220121

2024-01-01

Journal of Computer Security

Abstract:Identity-based chameleon hash (IBCH) is a cryptographic primitive with nice properties. IBCH equips each user with a trapdoor and the hash values can be publicly evaluated w.r.t. the identity of any user. On the one hand, it is hard to find collisions for the hash values without the user’s trapdoor. On the other hand, with the help of the user’s trapdoor, finding collisions becomes easy. An important application of IBCH is to upgrade an identity-based signature (IBS) scheme to an on-line/off-line identity-based signature (OO-IBS) scheme. OO-IBS is a useful tool to provide authenticity in lightweight smart devices, since it only involves light on-line computations and does not need key certificate. Up to now, there are many IBCH constructions from traditional number-theoretic assumptions like RSA, CDH, etc. However, none of the existing IBCH schemes achieve the post-quantum security in the standard model. In this paper, we propose a new IBCH scheme from lattices. The security of our IBCH is reduced to a well-accepted lattice-based assumption – the Short Integer Solution (SIS) assumption in the standard model. Our work provides the first post-quantum solution to IBCH in the standard model.

Ignacio Cascudo Pueyo,Hao Chen,Ronald Cramer,Chaoping Xing

DOI: https://doi.org/10.1007/978-3-642-03356-8_28

2009-01-01

Abstract:This work deals with "MPC-friendly" linear secret sharing schemes (LSSS), a mathematical primitive upon which secure multi-party computation (MPC) can be based and which was introduced by Cramer, Damgaard and Maurer (EUROCRYPT 2000). Chen and Cramer proposed a special class of such schemes that is constructed from algebraic geometry and that enables efficient secure multi-party computation over fixed finite fields (CRYPTO 2006). We extend this in four ways. First, we propose an abstract coding-theoretic framework in which this class of schemes and its (asymptotic) properties can be cast and analyzed. Second, we show that for every finite field ${\mathbb F}_q$, there exists an infinite family of LSSS over ${\mathbb F}_q$ that is asymptotically good in the following sense: the schemes are "ideal," i.e., each share consists of a single ${\mathbb F}_q$-element, and the schemes have t-strong multiplication on n players, where the corruption tolerance $\frac{3t}{n-1}$ tends to a constant 驴(q) with 0 驴(q) n tends to infinity. Moreover, when $|{\mathbb F}_q|$ tends to infinity, 驴(q) tends to 1, which is optimal. This leads to explicit lower bounds on $\widehat{\tau}(q)$, our measure of asymptotic optimal corruption tolerance. We achieve this by combining the results of Chen and Cramer with a dedicated field-descent method. In particular, in the ${\mathbb F}_2$-case there exists a family of binary t-strongly multiplicative ideal LSSS with $\frac{3t}{n-1}\approx 2.86\%$ when n tends to infinity, a one-bit secret and just a one-bit share for every player. Previously, such results were shown for ${\mathbb F}_q$ with q 驴 49 a square. Third, we present an infinite family of ideal schemes with t-strong multiplication that does not rely on algebraic geometry and that works over every finite field ${\mathbb F}_q$. Its corruption tolerance vanishes, yet still $\frac{3t}{n-1}= \Omega(1/(\log\log n)\log n)$. Fourth and finally, we give an improved non-asymptotic upper bound on corruption tolerance.

Zhiyong Zheng,fengxia liu,Yunfan Lu,Kun Tian

DOI: https://doi.org/10.36227/techrxiv.17626391.v1

2022-01-06

Abstract:Cyclic lattices and ideal lattices were introduced by Micciancio in \cite{D2}, Lyubashevsky and Micciancio in \cite{L1} respectively, which play an efficient role in Ajtai's construction of a collision resistant Hash function (see \cite{M1} and \cite{M2}) and in Gentry's construction of fully homomorphic encryption (see \cite{G}). Let $R=Z[x]/\langle \phi(x)\rangle$ be a quotient ring of the integer coefficients polynomials ring, Lyubashevsky and Micciancio regarded an ideal lattice as the correspondence of an ideal of $R$, but they neither explain how to extend this definition to whole Euclidean space $\mathbb{R}^n$, nor exhibit the relationship of cyclic lattices and ideal lattices. In this paper, we regard the cyclic lattices and ideal lattices as the correspondences of finitely generated $R$-modules, so that we may show that ideal lattices are actually a special subclass of cyclic lattices, namely, cyclic integer lattices. In fact, there is a one to one correspondence between cyclic lattices in $\mathbb{R}^n$ and finitely generated $R$-modules (see Theorem \ref{th4} below). On the other hand, since $R$ is a Noether ring, each ideal of $R$ is a finitely generated $R$-module, so it is natural and reasonable to regard ideal lattices as a special subclass of cyclic lattices (see corollary \ref{co3.4} below). It is worth noting that we use more general rotation matrix here, so our definition and results on cyclic lattices and ideal lattices are more general forms. As application, we provide cyclic lattice with an explicit and countable upper bound for the smoothing parameter (see Theorem \ref{th5} below). It is an open problem that is the shortest vector problem on cyclic lattice NP-hard? (see \cite{D2}). Our results may be viewed as a substantial progress in this direction.

Zhang Xiaojun,Xu Chunxiang,Xie Run,Jin Chunhua

DOI: https://doi.org/10.1049/cje.2018.01.012

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:Recently, how to retrieve the encrypted data efficiently from a cloud storage system becomes a hot topic. Public key encryption with keyword search (PEKS) can allow one to search the encrypted data with a keyword efficiently. Due to the booming of post-quantum cryptography, we propose public key encryption with keyword search from lattice assumption, which can resist quantum computer attacks. We delegate a particular cloud server to search the results, thus only the designated cloud server can finish the test process. Our scheme has been proved ciphertext indistinguishability in the standard model, which can reflect its security in the real world. To the best of our knowledge, our scheme is the first construction based on lattice in the standard model, which is a step stone in the post-quantum cryptographic communication.

Zechao Liu,Zoe L. Jiang,Xuan Wang,Yulin Wu,S.M. Yiu

DOI: https://doi.org/10.1109/BDCloud.2018.00146

2018-01-01

Abstract:Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology that provides fine-grained access control as well as data confidentiality. It enables one sender to encrypt the data for more receivers, and to specify a policy on who can decrypt the ciphertext using his/her attributes alone. However, most existing ABE schemes are constructed on bilinear maps and they cannot resist quantum attacks. In this paper, we propose a multi-authority CP-ABE (MA-CPABE) scheme on ideal lattices which is still secure in post-quantum era. On one hand, multiple attribute authorities are required when user's attributes cannot be managed by a central authority. On the other hand, compared with generic lattice, the ideal lattice has extra algebraic structure and can be used to construct more efficient cryptographic applications. By adding some virtual attributes for each authority, our scheme can support flexible threshold access policy. Security analysis shows that the proposed scheme is secure against chosen plaintext attack (CPA) in the standard model under the ring learning with errors (R-LWE) assumption.

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security