TY - THES AB - Modern-day communication has become more and more digital. While this comes with many advantages such as a more efficient economy, it has also created more and more opportunities for various adversaries to manipulate communication or eavesdrop on it. The Snowden revelations in 2013 further highlighted the seriousness of these threats. To protect the communication of people, companies, and states from such threats, we require cryptography with strong security guarantees. Different applications may require different security properties from cryptographic schemes. For most applications, however, so-called adaptive security is considered a reasonable minimal requirement of security. Cryptographic schemes with adaptive security remain secure in the presence of an adversary that can corrupt communication partners to respond to messages of the adversaries choice, while the adversary may choose the messages based on previously observed interactions. While cryptography is associated the most with encryption, this is only one of many primitives that are essential for the security of digital interactions. This thesis presents novel identity-based encryption (IBE) schemes and verifiable random functions (VRFs) that achieve adaptive security as outlined above. Moreover, the cryptographic schemes presented in this thesis are proven secure in the standard model. That is without making use of idealized models like the random oracle model. AU - Niehues, David ID - 29763 KW - public-key cryptography KW - lattices KW - pairings KW - verifiable random functions KW - identity-based encryption TI - More Efficient Techniques for Adaptively-Secure Cryptography ER - TY - CHAP AB - We construct more efficient cryptosystems with provable security against adaptive attacks, based on simple and natural hardness assumptions in the standard model. Concretely, we describe: – An adaptively-secure variant of the efficient, selectively-secure LWE- based identity-based encryption (IBE) scheme of Agrawal, Boneh, and Boyen (EUROCRYPT 2010). In comparison to the previously most efficient such scheme by Yamada (CRYPTO 2017) we achieve smaller lattice parameters and shorter public keys of size O(log λ), where λ is the security parameter. – Adaptively-secure variants of two efficient selectively-secure pairing- based IBEs of Boneh and Boyen (EUROCRYPT 2004). One is based on the DBDH assumption, has the same ciphertext size as the cor- responding BB04 scheme, and achieves full adaptive security with public parameters of size only O(log λ). The other is based on a q- type assumption and has public key size O(λ), but a ciphertext is only a single group element and the security reduction is quadrat- ically tighter than the corresponding scheme by Jager and Kurek (ASIACRYPT 2018). – A very efficient adaptively-secure verifiable random function where proofs, public keys, and secret keys have size O(log λ). As a technical contribution we introduce blockwise partitioning, which leverages the assumption that a cryptographic hash function is weak near-collision resistant to prove full adaptive security of cryptosystems. AU - Jager, Tibor AU - Kurek, Rafael AU - Niehues, David ID - 22057 SN - 0302-9743 T2 - Public-Key Cryptography – PKC 2021 TI - Efficient Adaptively-Secure IB-KEMs and VRFs via Near-Collision Resistance ER - TY - CHAP AB - Verifiable random functions (VRFs), introduced by Micali, Rabin and Vadhan (FOCS’99), are the public-key equivalent of pseudo- random functions. A public verification key and proofs accompanying the output enable all parties to verify the correctness of the output. How- ever, all known standard model VRFs have a reduction loss that is much worse than what one would expect from known optimal constructions of closely related primitives like unique signatures. We show that: 1. Every security proof for a VRF that relies on a non-interactive assumption has to lose a factor of Q, where Q is the number of adver- sarial queries. To that end, we extend the meta-reduction technique of Bader et al. (EUROCRYPT’16) to also cover VRFs. 2. This raises the question: Is this bound optimal? We answer this ques- tion in the affirmative by presenting the first VRF with a reduction from the non-interactive qDBDHI assumption to the security of VRF that achieves this optimal loss. We thus paint a complete picture of the achievability of tight verifiable random functions: We show that a security loss of Q is unavoidable and present the first construction that achieves this bound. AU - Niehues, David ID - 22059 SN - 0302-9743 T2 - Public-Key Cryptography – PKC 2021 TI - Verifiable Random Functions with Optimal Tightness ER - TY - CHAP AB - Verifiable random functions (VRFs) are essentially digital signatures with additional properties, namely verifiable uniqueness and pseudorandomness, which make VRFs a useful tool, e.g., to prevent enumeration in DNSSEC Authenticated Denial of Existence and the CONIKS key management system, or in the random committee selection of the Algorand blockchain. Most standard-model VRFs rely on admissible hash functions (AHFs) to achieve security against adaptive attacks in the standard model. Known AHF constructions are based on error-correcting codes, which yield asymptotically efficient constructions. However, previous works do not clarify how the code should be instantiated concretely in the real world. The rate and the minimal distance of the selected code have significant impact on the efficiency of the resulting cryptosystem, therefore it is unclear if and how the aforementioned constructions can be used in practice. First, we explain inherent limitations of code-based AHFs. Concretely, we assume that even if we were given codes that achieve the well-known Gilbert-Varshamov or McEliece-Rodemich-Rumsey-Welch bounds, existing AHF-based constructions of verifiable random functions (VRFs) can only be instantiated quite inefficiently. Then we introduce and construct computational AHFs (cAHFs). While classical AHFs are information-theoretic, and therefore work even in presence of computationally unbounded adversaries, cAHFs provide only security against computationally bounded adversaries. However, we show that cAHFs can be instantiated significantly more efficiently. Finally, we use our cAHF to construct the currently most efficient verifiable random function with full adaptive security in the standard model. AU - Jager, Tibor AU - Niehues, David ID - 21396 KW - Admissible hash functions KW - Verifiable random functions KW - Error-correcting codes KW - Provable security SN - 0302-9743 T2 - Lecture Notes in Computer Science TI - On the Real-World Instantiability of Admissible Hash Functions and Efficient Verifiable Random Functions ER - TY - CONF AU - Derler, David AU - Jager, Tibor AU - Slamanig, Daniel AU - Striecks, Christoph ID - 3105 T2 - Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29 - May 3, 2018 Proceedings, Part III TI - Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange ER - TY - CONF AU - Jager, Tibor AU - Kurek, Rafael ID - 5861 T2 - Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part II TI - Short Digital Signatures and ID-KEMs via Truncation Collision Resistance ER - TY - CONF AU - Jager, Tibor AU - Kurek, Rafael AU - Pan, Jiaxin ID - 5862 T2 - Advances in Cryptology - ASIACRYPT 2018 - 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part III TI - Simple and More Efficient PRFs with Tight Security from LWE and Matrix-DDH ER - TY - JOUR AU - Liu, Jia AU - Jager, Tibor AU - Kakvi, Saqib AU - Warinschi, Bogdan ID - 9606 JF - Designs, Codes and Cryptography SN - 0925-1022 TI - How to build time-lock encryption ER - TY - CONF AU - Gjøsteen, Kristian AU - Jager, Tibor ID - 5438 T2 - Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part II TI - Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange ER - TY - CONF AU - Jager, Tibor AU - Kakvi, Saqib AU - May, Alexander ID - 5442 SN - 9781450356930 T2 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18 TI - On the Security of the PKCS#1 v1.5 Signature Scheme ER - TY - JOUR AU - Jager, Tibor AU - Kohlar, Florian AU - Schäge, Sven AU - Schwenk, Jörg ID - 3108 IS - 4 JF - J. Cryptology TI - Authenticated Confidential Channel Establishment and the Security of TLS-DHE ER - TY - CONF AU - Hale, Britta AU - Jager, Tibor AU - Lauer, Sebastian AU - Schwenk, Jörg ID - 3109 T2 - Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Kanazawa, Japan, July 10-12, 2017, Proceedings TI - Simple Security Definitions for and Constructions of 0-RTT Key Exchange ER - TY - CONF AU - Günther, Felix AU - Hale, Britta AU - Jager, Tibor AU - Lauer, Sebastian ID - 3110 T2 - Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part III TI - 0-RTT Key Exchange with Full Forward Secrecy ER - TY - CONF AU - Jager, Tibor AU - Stam, Martijn AU - Stanley-Oakes, Ryan AU - Warinschi, Bogdan ID - 3111 T2 - Theory of Cryptography - 15th International Conference, TCC 2017, Baltimore, MD, USA, November 12-15, 2017, Proceedings, Part I TI - Multi-key Authenticated Encryption with Corruptions: Reductions Are Lossy ER - TY - JOUR AU - Kakvi, Saqib AU - Kiltz, Eike ID - 9607 JF - Journal of Cryptology SN - 0933-2790 TI - Optimal Security Proofs for Full Domain Hash, Revisited ER - TY - JOUR AU - Hofheinz, Dennis AU - Jager, Tibor ID - 3112 IS - 1 JF - Des. Codes Cryptography TI - Tightly secure signatures and public-key encryption ER - TY - JOUR AU - Heuer, Felix AU - Jager, Tibor AU - Schäge, Sven AU - Kiltz, Eike ID - 3113 IS - 6 JF - IET Information Security TI - Selective opening security of practical public-key encryption schemes ER - TY - JOUR AU - Jager, Tibor AU - Rupp, Andy ID - 3114 IS - 3 JF - PoPETs TI - Black-Box Accumulation: Collecting Incentives in a Privacy-Preserving Way ER - TY - CONF AU - Hofheinz, Dennis AU - Jager, Tibor AU - Khurana, Dakshita AU - Sahai, Amit AU - Waters, Brent AU - Zhandry, Mark ID - 3115 T2 - Advances in Cryptology - ASIACRYPT 2016 - 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016, Proceedings, Part II TI - How to Generate and Use Universal Samplers ER - TY - CONF AU - Horst, Matthias AU - Grothe, Martin AU - Jager, Tibor AU - Schwenk, Jörg ID - 3116 T2 - Cryptology and Network Security - 15th International Conference, CANS 2016, Milan, Italy, November 14-16, 2016, Proceedings TI - Breaking PPTP VPNs via RADIUS Encryption ER -