AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
We introduce a new lattice-based cryptographic structure called a bonsai tree, and use it to resolve some important open problems in the area

Bonsai Trees, or How to Delegate a Lattice Basis

Journal of Cryptology, no. 4 (2012): 601-639

Cited by: 599|Views222
EI

Abstract

We introduce a new lattice-based cryptographic structure called a bonsai tree, and use it to resolve some important open problems in the area. Applications of bonsai trees include an efficient, stateless `hash-and-sign' signature scheme in the standard model (i.e., no random oracles), and the first hierarchical identity-based encryption (...More

Code:

Data:

Introduction
  • Lattice-based cryptographic schemes have undergone rapid development in recent years, and are attractive due to their low asymptotic complexity and potential resistance to quantum-computing attacks.
  • The authors' first application of bonsai trees is an efficient, stateless signature scheme that is secure in the standard model under conventional lattice assumptions.
  • The simulator can cultivate a bonsai tree whose growth toward the target identity is undirected, while controlling each branch off of that path; this setup makes it easy for the simulator to answer any legal secret-key query.
Highlights
  • Lattice-based cryptographic schemes have undergone rapid development in recent years, and are attractive due to their low asymptotic complexity and potential resistance to quantum-computing attacks
  • We put forward a new cryptographic notion called a bonsai tree, and give a realization based on hard lattice problems. (Section 1.2 gives an intuitive overview of bonsai trees, and Section 1.4 discusses their relation to other primitives and techniques.) We show that bonsai trees resolve some central open questions in lattice-based cryptography: to summarize, they remove the need for random oracles in many important applications, and facilitate delegation for purposes such as hierarchical identity-based encryption
  • The underlying hard problem is the standard short integer solution (SIS) problem dating back to the seminal work of Ajtai [5], which is known to be as hard as several worst-case approximation problems on lattices
  • Agrawal and Boyen [3] constructed a standard-model identity-based encryption based on learning with errors, which is secure under a selective-identity attack; their construction has structure similar to ours, but it does not address delegation, nor does it give an efficient signature scheme
  • Our main construction is a binary tree encryption (BTE) scheme, which suffices for full hierarchical identity-based encryption by hashing the components of the identities with a universal one-way or collision-resistant hash function [16]
  • We let pkid = (Aid, yid) denote the Key-Encapsulation Mechanism public key associated with identity vector id. – ROHIBE.Extract(Sid, id = id id): if t = |id | > d, output ⊥
Results
  • In contrast with prior hash-andsign schemes based on RSA [22, 19, 31, 32], the simulator cannot use an ‘accumulator’ to produce signatures for exactly the queried messages, but instead sets up the public key so that it knows enough trapdoors to cover all the messages.
  • Agrawal and Boyen [3] constructed a standard-model IBE based on LWE, which is secure under a selective-identity attack; their construction has structure similar to ours, but it does not address delegation, nor does it give an efficient signature scheme.
  • The probabilistic polynomial-time algorithm RandBasis(S, s√) takes a basis S of an m-dimensional integer lattice Λ and a parameter s ≥ S · ω, and outputs a basis S of Λ, generated as follows.
  • The authors use bonsai tree principles to construct a signature scheme that is existentially unforgeable under a static chosen-message attack.
  • The authors' main construction is a binary tree encryption (BTE) scheme, which suffices for full HIBE by hashing the components of the identities with a universal one-way or collision-resistant hash function [16].
  • Aid = A0 A(1id1) · · · A ∈ Znq ×(t+1)m, and let pkid = (Aid, y) denote the KEM public key associated with identity id.
  • Consider the two main applications of [16]: in the forward-secure encryption scheme the authors have k = 1, while in the generic BTE-to-HIBE transformation, k is the output length of some UOWHF.
Conclusion
  • It is given a uniformly random public key pk = (A, y) ∈ Znq ×(d+1)m × Znq , an encapsulation (b, p) ∈ Zm × Zq, and a bit k which either is encapsulated by (b, p) or is uniform and independent; the goal of S is to determine which is the case.
  • The {A} component of the master public key may be omitted, because each Aid can instead be constructed by querying the random oracle on, say, each prefix of the identity id.
  • The authors let pkid = (Aid, yid) denote the KEM public key associated with identity vector id.
Funding
  • Supported by the research program Sentinels. † This material is based upon work supported by the National Science Foundation under Grants CNS-0716786 and CNS-0749931, and by the US Department of Homeland Security under Contract Number HSHQDC-07-C-00006
Reference
  • Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. J. Cryptology 21(3), 350–391 (2008); Preliminary version in CRYPTO 2005
    Google ScholarLocate open access versionFindings
  • Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: EUROCRYPT 2010 (to appear, 2010)
    Google ScholarFindings
  • Agrawal, S., Boyen, X.: Identity-based encryption from lattices in the standard model (July 2009) (manuscript)
    Google ScholarFindings
  • Ajtai, M.: Generating hard instances of the short basis problem. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1–9. Springer, Heidelberg (1999)
    Google ScholarLocate open access versionFindings
  • Ajtai, M.: Generating hard instances of lattice problems. Quaderni di Matematica 13, 1–32 (2004); Preliminary version in STOC 1996
    Google ScholarLocate open access versionFindings
  • Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. In: STACS, pp. 75–86 (2009)
    Google ScholarLocate open access versionFindings
  • Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–23Springer, Heidelberg (2004)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459.
    Google ScholarLocate open access versionFindings
  • Boneh, D., Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007)
    Google ScholarLocate open access versionFindings
  • Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522.
    Google ScholarLocate open access versionFindings
  • Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003); Preliminary version in CRYPTO 2001
    Google ScholarLocate open access versionFindings
  • Boneh, D., Gentry, C., Hamburg, M.: Space-efficient identity based encryption without pairings. In: FOCS, pp. 647–657 (2007)
    Google ScholarFindings
  • Boyen, X., Nicoises, L., Trapdoors, V.: A Framework for Fully Secure Short Signatures and more. In: PKC 2010 (to appear, 2010)
    Google ScholarFindings
  • Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (without random oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. J. Cryptology 20(3), 265–294 (2007); Preliminary version in EUROCRYPT 2003
    Google ScholarLocate open access versionFindings
  • Cash, D., Hofheinz, D., Kiltz, E.: How to delegate a lattice basis. Cryptology ePrint Archive, Report 2009/351 (July 2009), http://eprint.iacr.org/
    Findings
  • Cocks, C.: An identity based encryption scheme based on quadratic residues. In: IMA Int. Conf., pp. 360–363 (2001)
    Google ScholarLocate open access versionFindings
  • Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. 3(3), 161–185 (2000); Preliminary version in CCS 1999
    Google ScholarLocate open access versionFindings
  • Di Crescenzo, G., Saraswat, V.: Public key encryption with searchable keywords based on Jacobi symbols. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 282–296. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • Dodis, Y., Fazio, N.: Public key broadcast encryption for stateless receivers. In: ACM Workshop on Digital Rights Management, pp. 61–80 (2002)
    Google ScholarLocate open access versionFindings
  • Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signatures without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139.
    Google ScholarLocate open access versionFindings
  • Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464.
    Google ScholarLocate open access versionFindings
  • Gentry, C., Halevi, S.: Hierarchical identity based encryption with polynomially many levels. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 437–456. Springer, Heidelberg (2009)
    Google ScholarLocate open access versionFindings
  • Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)
    Google ScholarFindings
  • Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)
    Google ScholarLocate open access versionFindings
  • Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131. Springer, Heidelberg (1997)
    Google ScholarLocate open access versionFindings
  • Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988); Preliminary version in FOCS 1984
    Google ScholarLocate open access versionFindings
  • Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: NTRUSIGN: Digital signatures using the NTRU lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Cohen, H. (ed.) ANTS 1996. LNCS, vol. 1122, pp. 267–288. Springer, Heidelberg (1996)
    Google ScholarLocate open access versionFindings
  • Hohenberger, S., Waters, B.: Realizing hash-and-sign signatures under standard assumptions. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 333–350.
    Google ScholarLocate open access versionFindings
  • Hohenberger, S., Waters, B.: Short and stateless signatures from the rsa assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670.
    Google ScholarLocate open access versionFindings
  • Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481.
    Google ScholarLocate open access versionFindings
  • Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS (2000)
    Google ScholarFindings
  • Leurent, G., Nguyen, P.Q.: How risky is the random-oracle model? In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 445–464.
    Google ScholarLocate open access versionFindings
  • Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol. 4052, pp. 144–155.
    Google ScholarLocate open access versionFindings
  • Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 37–54. Springer, Heidelberg (2008)
    Google ScholarLocate open access versionFindings
  • Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: EUROCRYPT (to appear, 2010)
    Google ScholarFindings
  • Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computational Complexity 16(4), 365–411 (2007); Preliminary version in FOCS 2002
    Google ScholarLocate open access versionFindings
  • Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems: a cryptographic perspective. The Kluwer International Series in Engineering and Computer Science, vol.
    Google ScholarLocate open access versionFindings
  • 671. Kluwer Academic Publishers, Boston (2002)
    Google ScholarFindings
  • [41] Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007); Preliminary version in FOCS 2004
    Google ScholarLocate open access versionFindings
  • [42] Micciancio, D., Warinschi, B.: A linear space algorithm for computing the Hermite normal form. In: ISSAC, pp. 231–236 (2001)
    Google ScholarFindings
  • [43] Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC, pp. 33–43 (1989)
    Google ScholarFindings
  • [44] Peikert, C.: Bonsai trees (or, arboriculture in lattice-based cryptography). Cryptology ePrint Archive, Report 2009/359 (July 2009), http://eprint.iacr.org/
    Findings
  • [45] Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC, pp. 333–342 (2009)
    Google ScholarFindings
  • [46] Peikert, C.: An efficient and parallel Gaussian sampler for lattices (2010) (manuscript)
    Google ScholarFindings
  • [47] Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166.
    Google ScholarLocate open access versionFindings
  • [48] Peikert, C., Rosen, A.: Lattices that admit logarithmic worst-case to average-case connection factors. In: STOC, pp. 478–487 (2007)
    Google ScholarFindings
  • [49] Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571.
    Google ScholarFindings
  • [50] Rabin, M.O.: Digitalized signatures and public-key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science (1979)
    Google ScholarFindings
  • [51] Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6) (2009); Preliminary version in STOC 2005
    Google ScholarLocate open access versionFindings
  • [52] Ruckert, M.: Strongly unforgeable signatures and hierarchical identity-based signatures from lattices without random oracles. In: PQCrypto (to appear, 2010)
    Google ScholarFindings
  • [53] Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
    Google ScholarLocate open access versionFindings
  • [54] Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367.
    Google ScholarLocate open access versionFindings
  • [55] Stehle, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635.
    Google ScholarLocate open access versionFindings
  • [56] Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)
    Google ScholarLocate open access versionFindings
  • [57] Waters, B.: Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636.
    Google ScholarLocate open access versionFindings
  • [58] Yao, D., Fazio, N., Dodis, Y., Lysyanskaya, A.: ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: ACM Conference on Computer and Communications Security, pp. 354–363 (2004)
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科