@phdthesis{29763, abstract = {{Modern-day communication has become more and more digital. While this comes with many advantages such as a more efficient economy, it has also created more and more opportunities for various adversaries to manipulate communication or eavesdrop on it. The Snowden revelations in 2013 further highlighted the seriousness of these threats. To protect the communication of people, companies, and states from such threats, we require cryptography with strong security guarantees. Different applications may require different security properties from cryptographic schemes. For most applications, however, so-called adaptive security is considered a reasonable minimal requirement of security. Cryptographic schemes with adaptive security remain secure in the presence of an adversary that can corrupt communication partners to respond to messages of the adversaries choice, while the adversary may choose the messages based on previously observed interactions. While cryptography is associated the most with encryption, this is only one of many primitives that are essential for the security of digital interactions. This thesis presents novel identity-based encryption (IBE) schemes and verifiable random functions (VRFs) that achieve adaptive security as outlined above. Moreover, the cryptographic schemes presented in this thesis are proven secure in the standard model. That is without making use of idealized models like the random oracle model.}}, author = {{Niehues, David}}, keywords = {{public-key cryptography, lattices, pairings, verifiable random functions, identity-based encryption}}, title = {{{More Efficient Techniques for Adaptively-Secure Cryptography}}}, doi = {{10.25926/rdtq-jw45}}, year = {{2022}}, } @inbook{22057, abstract = {{We construct more efficient cryptosystems with provable security against adaptive attacks, based on simple and natural hardness assumptions in the standard model. Concretely, we describe: – An adaptively-secure variant of the efficient, selectively-secure LWE- based identity-based encryption (IBE) scheme of Agrawal, Boneh, and Boyen (EUROCRYPT 2010). In comparison to the previously most efficient such scheme by Yamada (CRYPTO 2017) we achieve smaller lattice parameters and shorter public keys of size O(log λ), where λ is the security parameter. – Adaptively-secure variants of two efficient selectively-secure pairing- based IBEs of Boneh and Boyen (EUROCRYPT 2004). One is based on the DBDH assumption, has the same ciphertext size as the cor- responding BB04 scheme, and achieves full adaptive security with public parameters of size only O(log λ). The other is based on a q- type assumption and has public key size O(λ), but a ciphertext is only a single group element and the security reduction is quadrat- ically tighter than the corresponding scheme by Jager and Kurek (ASIACRYPT 2018). – A very efficient adaptively-secure verifiable random function where proofs, public keys, and secret keys have size O(log λ). As a technical contribution we introduce blockwise partitioning, which leverages the assumption that a cryptographic hash function is weak near-collision resistant to prove full adaptive security of cryptosystems.}}, author = {{Jager, Tibor and Kurek, Rafael and Niehues, David}}, booktitle = {{Public-Key Cryptography – PKC 2021}}, isbn = {{9783030752446}}, issn = {{0302-9743}}, title = {{{Efficient Adaptively-Secure IB-KEMs and VRFs via Near-Collision Resistance}}}, doi = {{10.1007/978-3-030-75245-3_22}}, year = {{2021}}, } @inbook{22059, abstract = {{Verifiable random functions (VRFs), introduced by Micali, Rabin and Vadhan (FOCS’99), are the public-key equivalent of pseudo- random functions. A public verification key and proofs accompanying the output enable all parties to verify the correctness of the output. How- ever, all known standard model VRFs have a reduction loss that is much worse than what one would expect from known optimal constructions of closely related primitives like unique signatures. We show that: 1. Every security proof for a VRF that relies on a non-interactive assumption has to lose a factor of Q, where Q is the number of adver- sarial queries. To that end, we extend the meta-reduction technique of Bader et al. (EUROCRYPT’16) to also cover VRFs. 2. This raises the question: Is this bound optimal? We answer this ques- tion in the affirmative by presenting the first VRF with a reduction from the non-interactive qDBDHI assumption to the security of VRF that achieves this optimal loss. We thus paint a complete picture of the achievability of tight verifiable random functions: We show that a security loss of Q is unavoidable and present the first construction that achieves this bound.}}, author = {{Niehues, David}}, booktitle = {{Public-Key Cryptography – PKC 2021}}, isbn = {{9783030752477}}, issn = {{0302-9743}}, title = {{{Verifiable Random Functions with Optimal Tightness}}}, doi = {{10.1007/978-3-030-75248-4_3}}, year = {{2021}}, } @inbook{21396, abstract = {{Verifiable random functions (VRFs) are essentially digital signatures with additional properties, namely verifiable uniqueness and pseudorandomness, which make VRFs a useful tool, e.g., to prevent enumeration in DNSSEC Authenticated Denial of Existence and the CONIKS key management system, or in the random committee selection of the Algorand blockchain. Most standard-model VRFs rely on admissible hash functions (AHFs) to achieve security against adaptive attacks in the standard model. Known AHF constructions are based on error-correcting codes, which yield asymptotically efficient constructions. However, previous works do not clarify how the code should be instantiated concretely in the real world. The rate and the minimal distance of the selected code have significant impact on the efficiency of the resulting cryptosystem, therefore it is unclear if and how the aforementioned constructions can be used in practice. First, we explain inherent limitations of code-based AHFs. Concretely, we assume that even if we were given codes that achieve the well-known Gilbert-Varshamov or McEliece-Rodemich-Rumsey-Welch bounds, existing AHF-based constructions of verifiable random functions (VRFs) can only be instantiated quite inefficiently. Then we introduce and construct computational AHFs (cAHFs). While classical AHFs are information-theoretic, and therefore work even in presence of computationally unbounded adversaries, cAHFs provide only security against computationally bounded adversaries. However, we show that cAHFs can be instantiated significantly more efficiently. Finally, we use our cAHF to construct the currently most efficient verifiable random function with full adaptive security in the standard model.}}, author = {{Jager, Tibor and Niehues, David}}, booktitle = {{Lecture Notes in Computer Science}}, isbn = {{9783030384708}}, issn = {{0302-9743}}, keywords = {{Admissible hash functions, Verifiable random functions, Error-correcting codes, Provable security}}, location = {{Waterloo, Canada}}, title = {{{On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions}}}, doi = {{10.1007/978-3-030-38471-5_13}}, year = {{2020}}, } @inproceedings{3105, author = {{Derler, David and Jager, Tibor and Slamanig, Daniel and Striecks, Christoph}}, booktitle = {{Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29 - May 3, 2018 Proceedings, Part III}}, pages = {{425----455}}, title = {{{Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange}}}, doi = {{10.1007/978-3-319-78372-7_14}}, year = {{2018}}, } @inproceedings{5861, author = {{Jager, Tibor and Kurek, Rafael}}, booktitle = {{Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part II}}, pages = {{221--250}}, title = {{{Short Digital Signatures and ID-KEMs via Truncation Collision Resistance}}}, doi = {{10.1007/978-3-030-03329-3_8}}, year = {{2018}}, } @inproceedings{5862, author = {{Jager, Tibor and Kurek, Rafael and Pan, Jiaxin}}, booktitle = {{Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part III}}, pages = {{490--518}}, title = {{{Simple and More Efficient PRFs with Tight Security from LWE and Matrix-DDH}}}, doi = {{10.1007/978-3-030-03332-3_18}}, year = {{2018}}, } @article{9606, author = {{Liu, Jia and Jager, Tibor and Kakvi, Saqib and Warinschi, Bogdan}}, issn = {{0925-1022}}, journal = {{Designs, Codes and Cryptography}}, pages = {{2549--2586}}, title = {{{How to build time-lock encryption}}}, doi = {{10.1007/s10623-018-0461-x}}, year = {{2018}}, } @inproceedings{5438, author = {{Gjøsteen, Kristian and Jager, Tibor}}, booktitle = {{Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part II}}, title = {{{Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange}}}, doi = {{10.1007/978-3-319-96881-0_4}}, year = {{2018}}, } @inproceedings{5442, author = {{Jager, Tibor and Kakvi, Saqib and May, Alexander}}, booktitle = {{Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18}}, isbn = {{9781450356930}}, publisher = {{ACM Press}}, title = {{{On the Security of the PKCS#1 v1.5 Signature Scheme}}}, doi = {{10.1145/3243734.3243798}}, year = {{2018}}, } @article{3108, author = {{Jager, Tibor and Kohlar, Florian and Schäge, Sven and Schwenk, Jörg}}, journal = {{J. Cryptology}}, number = {{4}}, pages = {{1276----1324}}, title = {{{Authenticated Confidential Channel Establishment and the Security of TLS-DHE}}}, doi = {{10.1007/s00145-016-9248-2}}, year = {{2017}}, } @inproceedings{3109, author = {{Hale, Britta and Jager, Tibor and Lauer, Sebastian and Schwenk, Jörg}}, booktitle = {{Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Kanazawa, Japan, July 10-12, 2017, Proceedings}}, pages = {{20----38}}, title = {{{Simple Security Definitions for and Constructions of 0-RTT Key Exchange}}}, doi = {{10.1007/978-3-319-61204-1_2}}, year = {{2017}}, } @inproceedings{3110, author = {{Günther, Felix and Hale, Britta and Jager, Tibor and Lauer, Sebastian}}, booktitle = {{Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part III}}, pages = {{519----548}}, title = {{{0-RTT Key Exchange with Full Forward Secrecy}}}, doi = {{10.1007/978-3-319-56617-7_18}}, year = {{2017}}, } @inproceedings{3111, author = {{Jager, Tibor and Stam, Martijn and Stanley-Oakes, Ryan and Warinschi, Bogdan}}, booktitle = {{Theory of Cryptography - 15th International Conference, TCC 2017, Baltimore, MD, USA, November 12-15, 2017, Proceedings, Part I}}, pages = {{409----441}}, title = {{{Multi-key Authenticated Encryption with Corruptions: Reductions Are Lossy}}}, doi = {{10.1007/978-3-319-70500-2_14}}, year = {{2017}}, } @article{9607, author = {{Kakvi, Saqib and Kiltz, Eike}}, issn = {{0933-2790}}, journal = {{Journal of Cryptology}}, pages = {{276--306}}, title = {{{Optimal Security Proofs for Full Domain Hash, Revisited}}}, doi = {{10.1007/s00145-017-9257-9}}, year = {{2017}}, } @article{3112, author = {{Hofheinz, Dennis and Jager, Tibor}}, journal = {{Des. Codes Cryptography}}, number = {{1}}, pages = {{29----61}}, title = {{{Tightly secure signatures and public-key encryption}}}, doi = {{10.1007/s10623-015-0062-x}}, year = {{2016}}, } @article{3113, author = {{Heuer, Felix and Jager, Tibor and Schäge, Sven and Kiltz, Eike}}, journal = {{IET Information Security}}, number = {{6}}, pages = {{304----318}}, title = {{{Selective opening security of practical public-key encryption schemes}}}, doi = {{10.1049/iet-ifs.2015.0507}}, year = {{2016}}, } @article{3114, author = {{Jager, Tibor and Rupp, Andy}}, journal = {{PoPETs}}, number = {{3}}, pages = {{62----82}}, title = {{{Black-Box Accumulation: Collecting Incentives in a Privacy-Preserving Way}}}, year = {{2016}}, } @inproceedings{3115, author = {{Hofheinz, Dennis and Jager, Tibor and Khurana, Dakshita and Sahai, Amit and Waters, Brent and Zhandry, Mark}}, booktitle = {{Advances in Cryptology - ASIACRYPT 2016 - 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016, Proceedings, Part II}}, pages = {{715----744}}, title = {{{How to Generate and Use Universal Samplers}}}, doi = {{10.1007/978-3-662-53890-6_24}}, year = {{2016}}, } @inproceedings{3116, author = {{Horst, Matthias and Grothe, Martin and Jager, Tibor and Schwenk, Jörg}}, booktitle = {{Cryptology and Network Security - 15th International Conference, CANS 2016, Milan, Italy, November 14-16, 2016, Proceedings}}, pages = {{159----175}}, title = {{{Breaking PPTP VPNs via RADIUS Encryption}}}, doi = {{10.1007/978-3-319-48965-0_10}}, year = {{2016}}, }