The random oracle paradigm allows us to analyze the security of protocols and construction in an idealized model, where all parties have access to a truly random function. This is one of the most successful and well-studied models in cryptography. However, being such a strong idealized model, it is known to be susceptible to various weaknesses when implemented naively in “real-life”, as shown by Canetti, Goldreich and Halevi (J. ACM 2004). As a counter-measure, one could try to identify and implement only one or few of the properties a random oracle possesses that are needed for a specific setting. Such a systematic study was initiated by Canetti (CRYPTO 1997), who showed how to implement the property that the output of the function does not reveal anything regarding the input by constructing a point function obfucator. This property turned out to suffice in many follow-up works and applications. In this work, we tackle another natural property of random oracles and implement it in the standard model. The property we focus on is non-malleability, where it is guaranteed that the output on an input cannot be used to generate the output on any related point. We construct a point-obfuscator that is both point-hiding (à la Canetti) and is non-malleable. The cost of our construction is a single exponentiation on top of Canetti’s construction and could be used for any application where point obfuscators are used and obtain improved security guarantees. The security of our construction relies on variants of the DDH and power-DDH assumptions. On the technical side, we introduce a new technique for proving security of a construction based on a DDH-like assumption. We call this technique “double-exponentiation” and believe it will be useful in the future.
|Original language||American English|
|Title of host publication||Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings|
|Editors||Jesper Buus Nielsen, Vincent Rijmen|
|Number of pages||21|
|State||Published - 2018|
|Event||37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018 - Tel Aviv, Israel|
Duration: 29 Apr 2018 → 3 May 2018
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018|
|Period||29/04/18 → 3/05/18|
Bibliographical noteFunding Information:
I. Komargodski—Supported in part by a Packard Foundation Fellowship and AFOSR grant FA9550-15-1-0262. Initial parts of this work were done at the Weizmann Institute of Science, supported in part by a grant from the Israel Science Foundation (no. 950/16) and by a Levzion Fellowship. E. Yogev—Supported in part by a grant from the Israel Science Foundation (no. 950/16).
© International Association for Cryptologic Research 2018.