International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Carla Ràfols

Affiliation: Universitat Pompeu Fabra, Spain

Publications

Year
Venue
Title
2019
PKC
Shorter Quadratic QA-NIZK Proofs
Despite recent advances in the area of pairing-friendly Non-Interactive Zero-Knowledge proofs, there have not been many efficiency improvements in constructing arguments of satisfiability of quadratic (and larger degree) equations since the publication of the Groth-Sahai proof system (JoC’12). In this work, we address the problem of aggregating such proofs using techniques derived from the interactive setting and recent constructions of SNARKs. For certain types of quadratic equations, this problem was investigated before by González et al. (ASIACRYPT’15). Compared to their result, we reduce the proof size by approximately 50% and the common reference string from quadratic to linear, at the price of using less standard computational assumptions. A theoretical motivation for our work is to investigate how efficient NIZK proofs based on falsifiable assumptions can be. On the practical side, quadratic equations appear naturally in several cryptographic schemes like shuffle and range arguments.
2019
ASIACRYPT
Structure-Preserving and Re-randomizable RCCA-Secure Public Key Encryption and Its Applications
Re-randomizable RCCA-secure public key encryption (Rand-RCCA PKE) schemes reconcile the property of re-randomizability of the ciphertexts with the need of security against chosen-ciphertexts attacks. In this paper we give a new construction of a Rand-RCCA PKE scheme that is perfectly re-randomizable. Our construction is structure-preserving, can be instantiated over Type-3 pairing groups, and achieves better computation and communication efficiency than the state of the art perfectly re-randomizable schemes (e.g., Prabhakaran and Rosulek, CRYPTO’07). Next, we revive the Rand-RCCA notion showing new applications where our Rand-RCCA PKE scheme plays a fundamental part: (1) We show how to turn our scheme into a publicly-verifiable Rand-RCCA scheme; (2) We construct a malleable NIZK with a (variant of) simulation soundness that allows for re-randomizability; (3) We propose a new UC-secure Verifiable Mix-Net protocol that is secure in the common reference string model. Thanks to the structure-preserving property, all these applications are efficient. Notably, our Mix-Net protocol is the most efficient universally verifiable Mix-Net (without random oracle) where the CRS is an uniformly random string of size independent of the number of senders. The property is of the essence when such protocols are used in large scale.
2019
ASIACRYPT
Shorter Pairing-Based Arguments Under Standard Assumptions
Alonso González Carla Ràfols
This paper constructs efficient non-interactive arguments for correct evaluation of arithmetic and boolean circuits with proof size O(d) group elements, where d is the multiplicative depth of the circuit, under falsifiable assumptions. This is achieved by combining techniques from SNARKs and QA-NIZK arguments of membership in linear spaces. The first construction is very efficient (the proof size is $$\approx 4d$$ group elements and the verification cost is $$\approx 4d$$ pairings and $$O(n+n'+d)$$ exponentiations, where n is the size of the input and $$n'$$ of the output) but one type of attack can only be ruled out assuming the knowledge soundness of QA-NIZK arguments of membership in linear spaces. We give an alternative construction which replaces this assumption with a decisional assumption in bilinear groups at the cost of approximately doubling the proof size. The construction for boolean circuits can be made zero-knowledge with Groth-Sahai proofs, resulting in a NIZK argument for circuit satisfiability based on falsifiable assumptions in bilinear groups of proof size $$O(n+d)$$.Our main technical tool is what we call an “argument of knowledge transfer”. Given a commitment $$C_1$$ and an opening x, such an argument allows to prove that some other commitment $$C_2$$ opens to f(x), for some function f, even if $$C_2$$ is not extractable. We construct very short, constant-size, pairing-based arguments of knowledge transfer with constant-time verification for any linear function and also for Hadamard products. These allow to transfer the knowledge of the input to lower levels of the circuit.
2017
JOFC
2016
ASIACRYPT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
TCC
2015
ASIACRYPT
2014
CRYPTO
2014
PKC
2014
EPRINT
2013
CRYPTO
2010
PKC
2009
PKC
2007
EPRINT
CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts
In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of $n$ receivers and a threshold $t$, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least $t$ receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is $\O(n)$. In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts' length is $\O(n-t)$. The construction uses secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption.
2006
EPRINT
Certificate-Based Encryption Without Random Oracles
Paz Morillo Carla Ràfols
We present a certificate-based encryption scheme which is fully secure in the standard model. Our scheme is based on the identity-based encryption scheme of Waters \cite{W05}. Although some generic constructions from IBE to CBE has been previously proposed, they use the Random Oracle heuristic or provide less practical schemes than ours. Finally, we point out that one of the existing generic constructions going from IBE to CBE is flawed.

Program Committees

PKC 2020
Asiacrypt 2019
PKC 2018
Asiacrypt 2018
Crypto 2015