CryptoDB
Zhedong Wang
Publications
Year
Venue
Title
2024
PKC
Ring/Module Learning with Errors under Linear Leakage - Hardness and Applications
Abstract
This paper studies the hardness of decision Module Learning
with Errors (MLWE) under linear leakage, which has been used as a
foundation to derive more efficient lattice-based zero-knowledge proofs
in a recent paradigm of Lyubashevsky, Nguyen, and Seiler (PKC 21).
Unlike in the plain LWE setting, it was unknown whether this problem
remains provably hard in the module/ring setting.
This work shows a reduction from the search MLWE to decision MLWE with
linear leakage. Thus, the main problem remains hard asymptotically as
long as the non-leakage version of MLWE is hard. Additionally, we also
refine the paradigm of Lyubashevsky, Nguyen, and Seiler (PKC 21) by
showing a more fine-grained tradeoff between efficiency and leakage. This
can lead to further optimizations of lattice proofs under the paradigm.
2023
PKC
Functional Encryption against Probabilistic Queries: Definition, Construction and Applications
Abstract
Functional encryption (FE for short) can be used to calculate a function output of a message, without revealing other information about the message. There are mainly two types of security definitions for FE, exactly simulation-based security (SIM-security) and indistinguishability-based security (IND-security). The two types of security definitions both suffer from their own drawbacks: FE with SIM-security supporting all circuits cannot be constructed for unbounded number of ciphertext and/or key queries, while IND-security is sometimes not enough: there are examples where an FE scheme is IND-secure but not intuitively secure. In this paper, we present a new security definition which can avoid the drawbacks of both SIM-security and IND-security, called indistinguishability-based security against probabilistic queries (pIND-security for short), and we give an FE construction for all circuits which is secure for unbounded key/ciphertext queries under this new security definition. We prove that this new security definition is strictly between SIM-security and IND-security, and provide new applications for FE which were not known to be constructed from IND-secure or SIM-secure FE.
2023
CRYPTO
Almost Tight Multi-User Security under Adaptive Corruptions from LWE in the Standard Model
Abstract
In this work, we construct the {\it first} digital signature (SIG) and public-key encryption (PKE) schemes with almost tight multi-user security under adaptive corruptions based on the learning-with-errors (LWE) assumption in the standard model. Our PKE scheme achieves almost tight IND-CCA security and our SIG scheme achieves almost tight strong EUF-CMA security, both in the multi-user setting with adaptive corruptions. The security loss is quadratic in the security parameter, and independent of the number of users, signatures or ciphertexts. Previously, such schemes were only known to exist under number-theoretic assumptions or in classical random oracle model, thus vulnerable to quantum adversaries.
To obtain our schemes from LWE, we propose new frameworks for constructing SIG and PKE with a core technical tool named {\it probabilistic} quasi-adaptive hash proof system (pr-QA-HPS). As a new variant of HPS, our pr-QA-HPS provides {\it probabilistic} public and private evaluation modes that may toss coins. This is in stark contrast to the traditional HPS [Cramer and Shoup, Eurocrypt 2002] and existing variants like approximate HPS [Katz and Vaikuntanathan, Asiacrypt 2009], whose public and private evaluations are deterministic in their inputs. Moreover, we formalize a new property called evaluation indistinguishability by requiring statistical indistinguishability of the two probabilistic evaluation modes, even in the presence of the secret key. The evaluation indistinguishability, as well as other nice properties resulting from the probabilistic features of pr-QA-HPS, are crucial for the multi-user security proof of our frameworks under adaptive corruptions.
As for instantiations, we construct pr-QA-HPS from the LWE assumption and prove its properties with almost tight reductions, which admit almost tightly secure LWE-based SIG and PKE schemes under our frameworks. Along the way, we also provide new almost-tight reductions from LWE to multi-secret LWE, which may be of independent interest.
2022
PKC
Leakage-Resilient IBE/ABE with Optimal Leakage Rates from Lattices
📺
Abstract
We derive the first adaptively secure \ibe~and \abe for t-CNF, and selectively secure \abe for general circuits from lattices, with $1-o(1)$ leakage rates, in the both relative leakage model and bounded retrieval model (\BRM).
To achieve this, we first identify a new fine-grained security notion for \abe~-- partially adaptive/selective security, and instantiate this notion from \LWE. Then, by using this notion, we design a new key compressing mechanism for identity-based/attributed-based weak hash proof system (\ib/\ab-\whps) for various policy classes, achieving (1) succinct secret keys and (2) adaptive/selective security matching the existing non-leakage resilient lattice-based designs.
Using the existing connection between weak hash proof system and leakage resilient encryption, the succinct-key \ib/\ab-\whps~can yield the desired leakage resilient \ibe/\abe schemes with the optimal leakage rates in the relative leakage model. Finally, by further improving the prior analysis of the compatible locally computable extractors, we can achieve the optimal leakage rates in the \BRM.
2021
EUROCRYPT
New Lattice Two-Stage Sampling Technique and its Applications to Functional Encryption – Stronger Security and Smaller Ciphertexts
📺
Abstract
This work proposes a new lattice two-stage sampling technique, generalizing the prior two-stage sampling method of Gentry, Peikert, and Vaikuntanathan (STOC '08).
By using our new technique as a key building block,
we can significantly improve security and efficiency of the current state of the arts of simulation-based functional encryption. Particularly, our functional encryption achieves $(Q,\poly)$ simulation-based semi-adaptive security that allows arbitrary pre- and post-challenge key queries, and has succinct ciphertexts with only an additive $O(Q)$ overhead. %This significantly improves the current research frontier of simulation-based functional encryption.
Additionally, our two-stage sampling technique can derive new feasibilities of indistinguishability-based adaptively-secure $\IB$-$\FE$ for inner products and semi-adaptively-secure $\AB$-$\FE$ for inner products, breaking several technical limitations of the recent work by Abdalla, Catalano, Gay, and Ursu (Asiacrypt '20).
2021
PKC
Rate-1 Key-Dependent Message Security via Reusable Homomorphic Extractor against Correlated-Source Attacks
📺
Abstract
In this work, we first present general methods to construct information rate-1 PKE that is $\KDM^{(n)}$-secure with respect to \emph{block-affine} functions for any unbounded polynomial $n$.
To achieve this, we propose a new notion of extractor that satisfies \emph{reusability}, \emph{homomorphic}, and \emph{security against correlated-source attacks}, and show how to use this extractor to improve the information rate of the \KDM-secure PKE of Brakerski et al.~(Eurocrypt 18).
Then, we show how to amplify \KDM~security from block-affine function class into general bounded size circuits via a variant of the technique of Applebaum (Eurocrypt 11), achieving better efficiency.
Furthermore, we show how to generalize these approaches to the IBE setting.
Additionally, our PKE and IBE schemes are also leakage resilient, with leakage rates $1-o(1)$ against a slightly smaller yet still general class -- block leakage functions. We can instantiate the required building blocks from $\LWE$ or $\DDH$.
2021
TCC
Ring-based Identity Based Encryption – Asymptotically Shorter MPK and Tighter Security
📺
Abstract
This work constructs an identity based encryption from the
ring learning with errors assumption (RLWE), with shorter master public keys and tighter security analysis. To achieve this, we develop three new methods: (1) a new homomorphic equality test method using nice algebraic structures of the rings, (2) a new family of hash functions with natural homomorphic evaluation algorithms, and (3) a new insight for tighter reduction analyses. These methods can be used to improve other important cryptographic tasks, and thus are of general interests.
Particularly, our homomorphic equality test method can derive a new
method for packing/unpacking GSW-style encodings, showing a new
non-trivial advantage of RLWE over the plain LWE. Moreover, our new
insight for tighter analyses can improve the analyses of all the currently
known partition-based IBE designs, achieving the best of the both from
prior analytical frameworks of Waters (Eurocrypt ’05) and Bellare and
Ristenpart (Eurocrypt ’09).
2020
PKC
Almost Tight Security in Lattice with Polynomial Moduli - PRF, IBE, All-but-many LTF, and More
📺
Abstract
Achieving tight security is a fundamental task in cryptography. While one of the most important purposes of this task is to improve the overall efficiency of a construction (by allowing smaller security parameters), many current lattice-based instantiations do not completely achieve the goal. Particularly, a super-polynomial modulus seems to be necessary in all prior work for (almost) tight schemes that allow the adversary to conduct queries, such as PRF, IBE, and Signatures. As the super-polynomial modulus would affect the noise-to-modulus ratio and thus increase the parameters, this might cancel out the advantages (in efficiency) brought from the tighter analysis. To determine the full power of tight security/analysis in lattices, it is necessary to determine whether the super-polynomial modulus restriction is inherent. In this work, we remove the super-polynomial modulus restriction for many important primitives – PRF, IBE, All-but-many Lossy Trapdoor Functions, and Signatures. The crux relies on an improvement over the framework of Boyen and Li (Asiacrypt 16), and an almost tight reduction from LWE to LWR, which improves prior work by Alwen et al. (Crypto 13), Bogdanov et al. (TCC 16), and Bai et al. (Asiacrypt 15). By combining these two advances, we are able to derive these almost tight schemes under LWE with a polynomial modulus.
2020
CRYPTO
Rounding in the Rings
📺
Abstract
In this work, we conduct a comprehensive study on establishing
hardness reductions for (Module) Learning with Rounding over
rings (RLWR). Towards this, we present an algebraic framework of LWR,
inspired by a recent work of Peikert and Pepin (TCC '19). Then we show
a search-to-decision reduction for Ring-LWR, generalizing a result in
the plain LWR setting by Bogdanov et al. (TCC '15). Finally, we show a
reduction from Ring-LWE to Module Ring-LWR (even for leaky secrets),
generalizing the plain LWE to LWR reduction by Alwen et al. (Crypto
'13). One of our central techniques is a new ring leftover hash lemma,
which might be of independent interests.
2019
PKC
FE for Inner Products and Its Application to Decentralized ABE
Abstract
In this work, we revisit the primitive functional encryption (FE) for inner products and show its application to decentralized attribute-based encryption (ABE). Particularly, we derive an FE for inner products that satisfies a stronger notion, and show how to use such an FE to construct decentralized ABE for the class $$\{0,1\}$$-$$\mathsf {LSSS} $$ against bounded collusions in the plain model. We formalize the FE notion and show how to achieve such an FE under the LWE or DDH assumption. Therefore, our resulting decentralized ABE can be constructed under the same standard assumptions, improving the prior construction by Lewko and Waters (Eurocrypt 2011). Finally, we also point out challenges to construct decentralized ABE for general functions by establishing a relation between such an ABE and witness encryption for general NP statements.
Coauthors
- Parhat Abla (1)
- Xiong Fan (1)
- Dawu Gu (2)
- Shuai Han (1)
- Qiqi Lai (5)
- Shengli Liu (1)
- Feng-Hao Liu (8)
- Shi-Feng Sun (1)
- Geng Wang (1)
- Han Wang (1)
- Zhedong Wang (10)