Shengli Liu,Kefei Chen

DOI: https://doi.org/10.1109/INCoS.2011.101

2011-01-01

Abstract:In a proof of retrievability (POR) system, interactive POR protocols are executed between a storage server and clients, so that clients can be convinced that their data is available at the storage server, ready to be retrieved when needed. In an interactive POR protocol, clients initiate challenges to the server, and the server feedbacks responses to clients with input of the stored data. Retrievability means that it should be possible for a client to extract the his/her data from the server's valid responses. An essential step-stone leading to retrievability is server's unforgeability of valid responses, i.e, any server coming up valid responses to a client's challenges is actually storing the client's data with overwhelming probability. Unforgeability can be achieved with authentication schemes like MAC, Digital Signature, etc. With homomorphic linear authentication schemes, the authenticators can be aggregated into one tag for the challenges, hence reducing the communication complexity. In this paper, we explore some new homomorphic linear authenticator schemes in POR to provide unforgeability. Compared with the recent work of Shacham and Waters, our scheme enjoys the same shortest responses, but reduces the local storage from O(s) to O(1).

Shuai Han,Shengli Liu,Fangguo Zhang,Kefei Chen

DOI: https://doi.org/10.1145/2897845.2897859

2016-01-01

Abstract:Proofs of Data Possession/Retrievability (PoDP/PoR) schemes are essential to cloud storage services, since they can increase clients' confidence on the integrity and availability of their data. The majority of PoDP/PoR schemes are constructed from homomorphic linear authentication (HLA) schemes, which decrease the price of communication between the client and the server. In this paper, a new subclass of authentication codes, named epsilon-authentication codes, is proposed, and a modular construction of HLA schemes from epsilon-authentication codes is presented. We prove that the security notions of HLA schemes are closely related to the size of the authenticator/tag space and the successful probability of impersonation attacks (with non-zero source states) of the underlying epsilon-authentication codes. We show that most of HLA schemes used for the PoDP/PoR schemes are instantiations of our modular construction from some epsilon-authentication codes. Following this line, an algebraic curves-based epsilon-authentication code yields a new HLA scheme.

Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Xiao Zhang,Shengli Liu,Shuai Han

DOI: https://doi.org/10.1504/ijics.2019.098205

2019-01-01

International Journal of Information and Computer Security

Abstract:Proofs of retrievability (PoR) enables clients to outsource huge amount of data to cloud servers, and provides an efficient audit protocol, which can be employed to check that all the data is being maintained properly and can be retrieved from the server. In this paper, we present a generic construction of PoR from linearly homomorphic structure-preserving signature (LHSPS), which makes public verification possible. Authenticity and retrievability of our PoR scheme are guaranteed by the unforgeability of LHSPS. We further extend our result to dynamic PoR, which supports dynamic update of outsourced data. Our construction is free of complicated data structures like Merkle hash tree. With an instantiation of a recent LHSPS scheme proposed by Kiltz and Wee (EuroCrypt15), we derive a publicly verifiable (dynamic) PoR scheme. The security is based on standard assumptions and proved in the standard model.

Qi Xie,Guilin Wang,Fubiao Xia,Deren Chen

DOI: https://doi.org/10.1002/cpe.3058

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:By integrating self-certified public-key systems and the designated verifier proxy signature with message recovery, Wu and Lin proposed the first self-certified proxy convertible authenticated encryption (SP-CAE) scheme and its variants based on discrete logarithm problem (DLP) in 2009. Though their schemes are claimed provably secure, we demonstrate that their schemes are existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. Then we propose a provably secure SP-CAE scheme in the random oracle model.

Lin Li,Xiaofen Wang,Ting Chen

DOI: https://doi.org/10.1007/978-981-99-9331-4_20

2024-01-01

Abstract:Homomorphic signature allows any entity to generate a valid signature of new data without a secret key on behalf of the data owner (DO) by performing homomorphic operations on authenticated data. However, general homomorphic signature schemes have two problems: (i) the original signatures are generated by the DO, which may be computationally expensive; and (ii) the linear function f is randomly selected by the aggregator and cannot be specified by the DO, which limits the application scenarios of homomorphic signature. To address the problems above, in this paper we propose an authorized function homomorphic proxy signature scheme with sampling batch verification (AFHPS). Our scheme combines the advantages of homomorphic signature, proxy signature and functional signature, which enables DO to delegate the ability of signature of the original messages and the specified linear function f to the proxy signer and control its behavior. A concrete construction of our scheme is given in this paper, and we prove that it is secure under the co-CDH assumption. In addition, we show how to apply our scheme to realize authentication in blockchain.

Shimin Li,Xin Wang,Rui Zhang

DOI: https://doi.org/10.1007/978-3-319-94289-6_7

2018-01-01

Abstract:Homomorphic Message Authentication Code (MAC) allows a user to outsource data to an untrusted server and verify that results of computation on the data returned by the server are correct. Recently, much effort has been independently focused on whether a homomorphic MAC scheme supports data confidentiality or the authenticators can be efficiently verified. In this paper, we address the question of whether it is possible for homomorphic MAC to simultaneously achieve both the privacy and the efficiency . The answer is affirmative and we propose a new cryptographic primitive, privacy-preserving homomorphic MACs with efficient verification that can guarantee the authenticator can not reveal the underlying message. More precisely, our contributions are three-fold: ( i ) we introduce the primitive of privacy-preserving homomorphic MAC (PHMAC) that provides both data confidentiality and efficient verification, ( ii ) We provide a PHMAC construction which supports homogeneous polynomials, and demonstrate it shows high efficiency, ( iii ) We investigate how our PHMAC primitive with efficient verification can be employed to homomorphic authenticator-encryption and verifiable computation.

Xuan Zhou,Yuan Tian,Weidong Zhong,Tanping Zhou,Xiaoyuan Yang

DOI: https://doi.org/10.7717/peerj-cs.1978

2024-03-28

PeerJ Computer Science

Abstract:Linearly homomorphic signature (LHS) allows the acquisition of a new legal signature using the homomorphic operation of the original signatures. However, the public composability of LHS also prevents it from being used in some scenarios where the combiner needs to be designated. The LZZ22 scheme designates a combiner and preserves the signature structure by having the signer and the designated combiner share a secret. However, LZZ22 is not secure enough because the secret is constant. Here, we first prove that there is a polynomial time adversary that can crack the secret in LZZ22 through multiple signature queries. Then, we propose a new scheme, which realizes all the functions of LZZ22 and fixes the security problem by changing the secret with the message. The proposed scheme is shown to be secure against existential forgery on adaptively chosen subspace attacks under the random oracle model. Finally, we detail how to apply our scheme to the proxy signature and perform it on a personal computer, and the results show that our scheme is efficient.

computer science, information systems, artificial intelligence, theory & methods

Diego F. Aranha,Elena Pagnin

DOI: https://doi.org/10.1007/978-3-030-30530-7_14

2019-01-01

Abstract:We consider the problem of outsourcing computation on data authenticated by different users. Our aim is to describe and implement the simplest possible solution to provide data integrity in cloud-based scenarios. Concretely, our multi-key linearly homomorphic signature scheme (mklhsdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$${mathsf {mklhs}}$$end{document}) allows users to upload signed data on a server, and at any later point in time any third party can query the server to compute a linear combination of data authenticated by different users and check the correctness of the returned result. Our construction generalizes Boneh et al.’s linearly homomorphic signature scheme (PKC’09 [7]) to the multi-key setting and relies on basic tools of pairing-based cryptography. Compared to existing multi-key homomorphic signature schemes, our mklhsdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$${mathsf {mklhs}}$$end{document} is a conceptually simple and elegant direct construction, which trades-off privacy for efficiency. The simplicity of our approach leads us to a very efficient construction that enjoys significantly shorter signatures and higher performance than previous proposals. Finally, we implement mklhsdocumentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$${mathsf {mklhs}}$$end{document} using two different pairing-friendly curves at the 128-bit security level, a Barreto-Lynn-Scott curve and a Barreto-Naehrig curve. Our benchmarks illustrate interesting performance trade-offs between these parameters, involving the cost of exponentiation and hashing in pairing groups. We provide a discussion on such trade-offs that can be useful to other implementers of pairing-based protocols.

Ee-Chien Chang,Jia Xu

DOI: https://doi.org/10.1007/978-3-540-88313-5_15

2008-01-01

Abstract:We are interested in this problem: a verifier, with a small and reliable storage, wants to periodically check whether a remote server is keeping a large file x. A dishonest server, by adapting the challenges and responses, tries to discard partial information of x and yet evades detection. Besides the security requirements, there are considerations on communication, storage size and computation time. Juels et al. [10] gave a security model for Proof of Retrievability (\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document}) system. The model imposes a requirement that the original x can be recovered from multiple challenges-responses. Such requirement is not necessary in our problem. Hence, we propose an alternative security model for Remote Integrity Check (\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{RIC}$\end{document}). We study a few schemes and analyze their efficiency and security. In particular, we prove the security of a proposed scheme HENC. This scheme can be deployed as a \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system and it also serves as an example of an effective \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system whose “extraction” is not verifiable. We also propose a combination of the RSA-based scheme by Filho et al. [7] and the ECC-based authenticator by Naor et al. [12], which achieves good asymptotic performance. This scheme is not a \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} system and seems to be a secure \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{RIC}$\end{document}. In-so-far, all schemes that have been proven secure can also be adopted as \documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$\mathcal{POR}$\end{document} systems. This brings out the question of whether there are fundamental differences between the two models. To highlight the differences, we introduce a notion, trap-door compression, that captures a property on compressibility.

Tao Wang,Bo Yang,Hongyu Liu,Yong Yu,Guoyong Qiu,Zhe Xia

DOI: https://doi.org/10.1007/s00500-018-3155-4

IF: 3.732

2018-01-01

Soft Computing

Abstract:Public cloud data auditing allows a user to delegate an auditing job to a third party who is responsible for verifying whether a cloud server has faithfully stored a file or not. Proof of retrievability (PoR) is a widely used protocol for this kind of job. To the best of our knowledge, in the publicly verifiable setting with supporting data dynamics, all known PoR schemes are either rely on the random oracles or are built in the standard model but require nonstandard assumptions. In this paper, we present a scheme which explores the linear homomorphic signature and the sequence Merkle hash tree to construct the homomorphic linear authenticator for the PoR. The security of our proposed scheme can be proved in the standard model, assuming the hash function is collision resilient and the computational Diffie–Hellman assumption holds. The scheme also supports data modification, data insertion and data deletion. Furthermore, our technique can also be regarded as a novel paradigm by combining the homomorphic signature and authenticated data structure (with certain properties) to construct the homomorphic linear authenticator for the PoR protocols.

Fan Zhang,Philip Daian,Iddo Bentov

2018-01-01

Abstract:Conventional (M,N )-threshold signature schemes leave users with a painful choice. SettingM = N offers maximum resistance to key compromise. With this choice, though, loss of a single key renders the signing capability unavailable, creating paralysis in systems that use signatures for access control. Lower M improves availability, but at the expense of security. For example, a (3, 3)-multisignature cryptocurrency wallet experiences access-control paralysis upon loss of a single key, but a (2, 3)-multisig allows any two players to collude and steal funds from the third. In this paper, we introduce techniques that address this impasse by making general cryptographic access structures dynamic. Our schemes permit, e.g., a (3, 3)-multisig, to be downgraded to a (2, 3)multisig if a player goes missing. This downgrading is secure in the sense that it occurs only if a player is provably unavailable. Our main tool is what we call a Paralysis Proof, evidence that players, i.e., key holders, are unavailable or incapacitated. Using Paralysis Proofs, we show how to construct a Dynamic Access Structure System, which can securely and flexibly update target access structures without a trusted third party such as a system administrator. We present DASS constructions that combine a trust anchor (a trusted execution environment or smart contract) with a censorshipresistant channel in the form of a blockchain. We offer a formal framework for specifying DASS policies, and define and show how to achieve critical security and usability properties (safety, liveness, and paralysis-freeness) in a DASS. Paralysis Proofs can help address pervasive key-management challenges in many different settings. We present DASS schemes for three important example use cases: recovery of cryptocurrency funds should players become unavailable, returning funds to users when cryptocurrency custodians fail, and remediating critical smartcontract failures such as frozen funds. We report on practical implementations for Bitcoin and Ethereum.

Marwa Mouallem,Ittay Eyal

2024-06-26

Abstract:A myriad of authentication mechanisms embody a continuous evolution from verbal passwords in ancient times to contemporary multi-factor authentication. Nevertheless, digital asset heists and numerous identity theft cases illustrate the urgent need to revisit the fundamentals of user authentication. We abstract away credential details and formalize the general, common case of asynchronous authentication, with unbounded message propagation time. Our model, which might be of independent interest, allows for eventual message delivery, while bounding execution time to maintain cryptographic guarantees. Given credentials' fault probabilities (e.g., loss or leak), we seek mechanisms with the highest success probability. We show that every mechanism is dominated by some Boolean mechanism -- defined by a monotonic Boolean function on presented credentials. We present an algorithm for finding approximately optimal mechanisms. Previous work analyzed Boolean mechanisms specifically, but used brute force, which quickly becomes prohibitively complex. We leverage the problem structure to reduce complexity by orders of magnitude. The algorithm is readily applicable to practical settings. For example, we revisit the common approach in cryptocurrency wallets that use a handful of high-quality credentials. We show that adding low-quality credentials improves security by orders of magnitude.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Maura B. Paterson,Douglas R. Stinson,Jalaj Upadhyay

DOI: https://doi.org/10.48550/arXiv.1210.7756

2012-10-30

Abstract:There has been considerable recent interest in "cloud storage" wherein a user asks a server to store a large file. One issue is whether the user can verify that the server is actually storing the file, and typically a challenge-response protocol is employed to convince the user that the file is indeed being stored correctly. The security of these schemes is phrased in terms of an extractor which will recover or retrieve the file given any "proving algorithm" that has a sufficiently high success probability. This paper treats proof-of-retrievability schemes in the model of unconditional security, where an adversary has unlimited computational power. In this case retrievability of the file can be modelled as error-correction in a certain code. We provide a general analytical framework for such schemes that yields exact (non-asymptotic) reductions that precisely quantify conditions for extraction to succeed as a function of the success probability of a proving algorithm, and we apply this analysis to several archetypal schemes. In addition, we provide a new methodology for the analysis of keyed POR schemes in an unconditionally secure setting, and use it to prove the security of a modified version of a scheme due to Shacham and Waters under a slightly restricted attack model, thus providing the first example of a keyed POR scheme with unconditional security. We also show how classical statistical techniques can be used to evaluate whether the responses of the prover are accurate enough to permit successful extraction. Finally, we prove a new lower bound on storage and communication complexity of POR schemes.

Cryptography and Security,Combinatorics

Shengli Liu,van Hca Henk Tilborg,Jian Weng,K Chen

IF: 1.019

2014-01-01

Chinese Journal of Electronics

Abstract:An authentication code can be constructed with a family of e-Almost strong universal (e-ASU) hash functions, with the index of hash functions as the authentication key. This paper considers the performance of authentication codes from e-ASU, when the authentication key is only partially secret. We show how to apply the result to privacy amplification against active attacks in the scenario of two independent partially secret strings shared between a sender and a receiver. Keywords: Authentication code; Information theory; Privacy amplification; Unconditional security

Lin Chen,Tongzhou Qu,Anqi Yin

DOI: https://doi.org/10.1007/s11042-023-17984-1

IF: 2.577

2024-01-19

Multimedia Tools and Applications

Abstract:Password-based authentication is one of the most prevailing access control mechanism. Typical password-authenticated key exchange (PAKE) protocols are single-server settings and are therefore vulnerable to server compromise attack. To defend against such attack, multi-server PAKE schemes have been advanced, but most of which are built on non-quantum-secure hardness assumptions. Lattice-based cryptosystems are regarded as the most promising one for post-quantum eara by NIST, while the known multi-server password-based authentication solution over lattices achieves merely key transport and is public key infrastructure (PKI)-based, resulting in low efficiency and poor deployability. In this work, we resort to distributed smooth projective hash function (SPHF) to bridge the gap between multi-server PAKE protocol and quantum-security. We first design an exact SPHF and derive the first distributed SPHF over lattices by leveraging the additive homomorphic property of the strong learning with errors (LWE) problem. In particular, the relevant parameters of the public key encryption (PKE) scheme it predicates on are identified, thus eliminating the influence of incomplete lattice homomorphism on the correctness of our SPHFs. Pertinent lattice-based multi-server PAKE protocols are further proposed on both transparent and non-transparent transmission modes by integrating our distributed SPHF into the multi-server framework of Raimondo and Gennaro (EUROCRYPT'03). Our PAKE constructions are able to resist both quantum and sever compromise attacks as well as avoid the expensive cryptographic primitives, including non-interactive zero knowledge (NIZK) proofs, signature/verification, secret sharing and fully homomorphic encryption. Experimental results demonstrate that our SPHFs and PAKE protocols offer better efficiency.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Chaowen Guan,Kui Ren,Fangguo Zhang,Florian Kerschbaum,Jia Yu

DOI: https://doi.org/10.1007/978-3-319-24174-6_11

2015-01-01

Abstract:Proofs-of-Retrievability enables a client to store his data on a cloud server so that he executes an efficient auditing protocol to check that the server possesses all of his data in the future. During an audit, the server must maintain full knowledge of the client's data to pass, even though only a few blocks of the data need to be accessed. Since the first work by Juels and Kaliski, many PoR schemes have been proposed and some of them can support dynamic updates. However, all the existing works that achieve public verifiability are built upon traditional public-key cryptosystems which imposes a relatively high computational burden on low-power clients (e.g., mobile devices).In this work we explore indistinguishability obfuscation for building a Proof-of-Retrievability scheme that provides public verification while the encryption is based on symmetric key primitives. The resulting scheme offers light-weight storing and proving at the expense of longer verification. This could be useful in apations where outsourcing files is usually done by low-power client and verifications can be done by well equipped machines (e.g., a third party server). We also show that the proposed scheme can support dynamic updates. At last, for better assessing our proposed scheme, we give a performance analysis of our scheme and a comparison with several other existing schemes which demonstrates that our scheme achieves better performance on the data owner side and the server side.

Liang Zhao,Xingfeng Wang,Xinyi Huang

DOI: https://doi.org/10.1016/j.ins.2020.08.071

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>Private Information Retrieval (PIR) allows a client to privately retrieve some data from a public database. There exist two types of PIR: (computational) Single-server PIR (SPIR) and (information-theoretic) multi-server PIR. In this paper, we focus on exploring SPIR. We first propose a simple and efficient additively-homomorphic encryption scheme of which privacy is based on the learning with binary errors assumption that is known as an interesting candidate for practical lattice-based cryptography. Then, according to our proposed homomorphic encryption scheme, we give a Verifiable (single/multi-bit) SPIR (VSPIR) scheme for the single-query case under the malicious server model. To the best of our knowledge, our proposal is the first practical non-interactive VSPIR scheme employing an efficient probabilistic proof that can discover the forged result with overwhelming probability. The corresponding communication complexity and computational complexity are comparable with those of some typical SPIR schemes. Moreover, we extend our single-query VSPIR scheme to construct a non-interactive multi-query solution. In particular, the corresponding communication complexity and computational complexity are the same as those of the single-query scheme. Finally, we provide detailed implementation results to confirm efficiency of our proposals.</p>

computer science, information systems

Liu Shengli,Henk van Tilborg,Weng Jian,Chen Kefei

IF: 1.019

2014-01-01

Chinese Journal of Electronics

Abstract:An authentication code can be constructed with a family of epsilon-Almost strong universal (epsilon-ASU) hash functions, with the index of hash functions as the authentication key. This paper considers the performance of authentication codes from epsilon-ASU, when the authentication key is only partially secret. We show how to apply the result to privacy amplification against active attacks in the scenario of two independent partially secret strings shared between a sender and a receiver.

Shuai Han,Shengli Liu,Lin Lyu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-26951-7_15

2019-01-01

Abstract:We propose the concept of quasi-adaptive hash proof system (QAHPS), where the projection key is allowed to depend on the specific language for which hash values are computed. We formalize leakage-resilient(LR)-ardency for QAHPS by defining two statistical properties, including LR-< L-0, L-1 >-universal and LR-< L-0, L-1 >-key-switching. We provide a generic approach to tightly leakage-resilient CCA (LR-CCA) secure public-key encryption (PKE) from LR-ardent QAHPS. Our approach is reminiscent of the seminal work of Cramer and Shoup (Eurocrypt'02), and employ three QAHPS schemes, one for generating a uniform string to hide the plaintext, and the other two for proving the well-formedness of the ciphertext. The LR-ardency of QAHPS makes possible the tight LR-CCA security. We give instantiations based on the standard k-Linear (k-LIN) assumptions over asymmetric and symmetric pairing groups, respectively, and obtain fully compact PKE with tight LR-CCA security. The security loss is O(log Q(e)) where Q(e) denotes the number of encryption queries. Specifically, our tightly LR-CCA secure PKE instantiation from SXDH has only 4 group elements in the public key and 7 group elements in the ciphertext, thus is the most efficient one.