TY - CHAP
AB - We construct more efficient cryptosystems with provable
security against adaptive attacks, based on simple and natural hardness
assumptions in the standard model. Concretely, we describe:
– An adaptively-secure variant of the efficient, selectively-secure LWE-
based identity-based encryption (IBE) scheme of Agrawal, Boneh,
and Boyen (EUROCRYPT 2010). In comparison to the previously
most efficient such scheme by Yamada (CRYPTO 2017) we achieve
smaller lattice parameters and shorter public keys of size O(log λ),
where λ is the security parameter.
– Adaptively-secure variants of two efficient selectively-secure pairing-
based IBEs of Boneh and Boyen (EUROCRYPT 2004). One is based
on the DBDH assumption, has the same ciphertext size as the cor-
responding BB04 scheme, and achieves full adaptive security with
public parameters of size only O(log λ). The other is based on a q-
type assumption and has public key size O(λ), but a ciphertext is
only a single group element and the security reduction is quadrat-
ically tighter than the corresponding scheme by Jager and Kurek
(ASIACRYPT 2018).
– A very efficient adaptively-secure verifiable random function where
proofs, public keys, and secret keys have size O(log λ).
As a technical contribution we introduce blockwise partitioning, which
leverages the assumption that a cryptographic hash function is weak
near-collision resistant to prove full adaptive security of cryptosystems.
AU - Jager, Tibor
AU - Kurek, Rafael
AU - Niehues, David
ID - 22057
SN - 0302-9743
T2 - Public-Key Cryptography – PKC 2021
TI - Efficient Adaptively-Secure IB-KEMs and VRFs via Near-Collision Resistance
ER -
TY - CHAP
AB - Verifiable random functions (VRFs), introduced by Micali,
Rabin and Vadhan (FOCS’99), are the public-key equivalent of pseudo-
random functions. A public verification key and proofs accompanying the
output enable all parties to verify the correctness of the output. How-
ever, all known standard model VRFs have a reduction loss that is much
worse than what one would expect from known optimal constructions of
closely related primitives like unique signatures. We show that:
1. Every security proof for a VRF that relies on a non-interactive
assumption has to lose a factor of Q, where Q is the number of adver-
sarial queries. To that end, we extend the meta-reduction technique
of Bader et al. (EUROCRYPT’16) to also cover VRFs.
2. This raises the question: Is this bound optimal? We answer this ques-
tion in the affirmative by presenting the first VRF with a reduction
from the non-interactive qDBDHI assumption to the security of VRF
that achieves this optimal loss.
We thus paint a complete picture of the achievability of tight verifiable
random functions: We show that a security loss of Q is unavoidable and
present the first construction that achieves this bound.
AU - Niehues, David
ID - 22059
SN - 0302-9743
T2 - Public-Key Cryptography – PKC 2021
TI - Verifiable Random Functions with Optimal Tightness
ER -
TY - CHAP
AB - Verifiable random functions (VRFs) are essentially digital signatures with additional properties, namely verifiable uniqueness and pseudorandomness, which make VRFs a useful tool, e.g., to prevent enumeration in DNSSEC Authenticated Denial of Existence and the CONIKS key management system, or in the random committee selection of the Algorand blockchain.
Most standard-model VRFs rely on admissible hash functions (AHFs) to achieve security against adaptive attacks in the standard model. Known AHF constructions are based on error-correcting codes, which yield asymptotically efficient constructions. However, previous works do not clarify how the code should be instantiated concretely in the real world. The rate and the minimal distance of the selected code have significant impact on the efficiency of the resulting cryptosystem, therefore it is unclear if and how the aforementioned constructions can be used in practice.
First, we explain inherent limitations of code-based AHFs. Concretely, we assume that even if we were given codes that achieve the well-known Gilbert-Varshamov or McEliece-Rodemich-Rumsey-Welch bounds, existing AHF-based constructions of verifiable random functions (VRFs) can only be instantiated quite inefficiently. Then we introduce and construct computational AHFs (cAHFs). While classical AHFs are information-theoretic, and therefore work even in presence of computationally unbounded adversaries, cAHFs provide only security against computationally bounded adversaries. However, we show that cAHFs can be instantiated significantly more efficiently. Finally, we use our cAHF to construct the currently most efficient verifiable random function with full adaptive security in the standard model.
AU - Jager, Tibor
AU - Niehues, David
ID - 21396
KW - Admissible hash functions
KW - Verifiable random functions
KW - Error-correcting codes
KW - Provable security
SN - 0302-9743
T2 - Lecture Notes in Computer Science
TI - On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions
ER -
TY - CONF
AU - Derler, David
AU - Jager, Tibor
AU - Slamanig, Daniel
AU - Striecks, Christoph
ID - 3105
T2 - Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29 - May 3, 2018 Proceedings, Part III
TI - Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange
ER -
TY - CONF
AU - Jager, Tibor
AU - Kakvi, Saqib
AU - May, Alexander
ID - 5442
SN - 9781450356930
T2 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18
TI - On the Security of the PKCS#1 v1.5 Signature Scheme
ER -
TY - CONF
AU - Jager, Tibor
AU - Kurek, Rafael
ID - 5861
T2 - Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part II
TI - Short Digital Signatures and ID-KEMs via Truncation Collision Resistance
ER -
TY - CONF
AU - Jager, Tibor
AU - Kurek, Rafael
AU - Pan, Jiaxin
ID - 5862
T2 - Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part III
TI - Simple and More Efficient PRFs with Tight Security from LWE and Matrix-DDH
ER -
TY - CONF
AU - Gjøsteen, Kristian
AU - Jager, Tibor
ID - 5438
T2 - Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part II
TI - Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange
ER -
TY - JOUR
AU - Liu, Jia
AU - Jager, Tibor
AU - Kakvi, Saqib
AU - Warinschi, Bogdan
ID - 9606
JF - Designs, Codes and Cryptography
SN - 0925-1022
TI - How to build time-lock encryption
ER -
TY - JOUR
AU - Jager, Tibor
AU - Kohlar, Florian
AU - Schäge, Sven
AU - Schwenk, Jörg
ID - 3108
IS - 4
JF - J. Cryptology
TI - Authenticated Confidential Channel Establishment and the Security of TLS-DHE
ER -
TY - CONF
AU - Günther, Felix
AU - Hale, Britta
AU - Jager, Tibor
AU - Lauer, Sebastian
ID - 3110
T2 - Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part III
TI - 0-RTT Key Exchange with Full Forward Secrecy
ER -
TY - CONF
AU - Hale, Britta
AU - Jager, Tibor
AU - Lauer, Sebastian
AU - Schwenk, Jörg
ID - 3109
T2 - Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Kanazawa, Japan, July 10-12, 2017, Proceedings
TI - Simple Security Definitions for and Constructions of 0-RTT Key Exchange
ER -
TY - CONF
AU - Jager, Tibor
AU - Stam, Martijn
AU - Stanley-Oakes, Ryan
AU - Warinschi, Bogdan
ID - 3111
T2 - Theory of Cryptography - 15th International Conference, TCC 2017, Baltimore, MD, USA, November 12-15, 2017, Proceedings, Part I
TI - Multi-key Authenticated Encryption with Corruptions: Reductions Are Lossy
ER -
TY - JOUR
AU - Kakvi, Saqib
AU - Kiltz, Eike
ID - 9607
JF - Journal of Cryptology
SN - 0933-2790
TI - Optimal Security Proofs for Full Domain Hash, Revisited
ER -
TY - JOUR
AU - Hofheinz, Dennis
AU - Jager, Tibor
ID - 3112
IS - 1
JF - Des. Codes Cryptography
TI - Tightly secure signatures and public-key encryption
ER -
TY - CONF
AU - Bader, Christoph
AU - Jager, Tibor
AU - Li, Yong
AU - Schäge, Sven
ID - 3117
T2 - Advances in Cryptology - EUROCRYPT 2016 - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part II
TI - On the Impossibility of Tight Cryptographic Reductions
ER -
TY - JOUR
AU - Heuer, Felix
AU - Jager, Tibor
AU - Schäge, Sven
AU - Kiltz, Eike
ID - 3113
IS - 6
JF - IET Information Security
TI - Selective opening security of practical public-key encryption schemes
ER -
TY - CONF
AU - Hofheinz, Dennis
AU - Jager, Tibor
AU - Rupp, Andy
ID - 3118
T2 - Theory of Cryptography - 14th International Conference, TCC 2016-B, Beijing, China, October 31 - November 3, 2016, Proceedings, Part II
TI - Public-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts
ER -
TY - JOUR
AU - Jager, Tibor
AU - Rupp, Andy
ID - 3114
IS - 3
JF - PoPETs
TI - Black-Box Accumulation: Collecting Incentives in a Privacy-Preserving Way
ER -
TY - CONF
AU - Hofheinz, Dennis
AU - Jager, Tibor
ID - 3119
T2 - Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10-13, 2016, Proceedings, Part I
TI - Verifiable Random Functions from Standard Assumptions
ER -