Updatable Lossy Trapdoor Functions Under Consecutive Leakage

Lossy trapdoor functions (LTFs), introduced by Peikert and Waters (STOC’08), have already been found to be a very useful tool in constructing complex cryptographic primitives in a black-box manner, such as one-way trapdoor functions, deterministic public-key encryption, CCA-secure public-key encryption, etc. Due to the existence of the side-channel attack, the leakage of trapdoor information in lossy trapdoor function systems can lead to the impossibility of provable security. Recently, Zhang et al. introduced a model of consecutive and continual leakage-resilient and updatable lossy trapdoor functions (ULTFs) and provided a concrete construction to achieve the security. Meanwhile, they proposed a consecutive and continual leakage-resilient public-key encryption scheme. However, in this paper, we demonstrate that the correctness of injective function can not be satisfied. Furthermore, the attacker can easily distinguish the evaluation key of ULTFs generated by the challenger according to the security model. Finally, we show two new constructions based on the continual leakage-resilient public-key encryption scheme of Brakerski et al. (FOCS 2010) and demonstrate the security of our scheme in the consecutive and continual leakage model.

All-But-Many Lossy Trapdoor Functions under Decisional RSA Subgroup Assumption and Application

Lossy trapdoor functions (LTDFs) were introduced by Peikert and Waters (STOC 2008) and have a number of applications in cryptography. All-but-many lossy trapdoor functions (ABM-LTDFs) are generalizations of LTDFs studied by Hofheinz (Eurocrypt 2012). Specially, using ABM-LTDFs to construct public key encryption (PKE) scheme with selective opening security has been proven feasible. Existing ABM-LTDFs were built on pairings, lattices and decisional composite residuosity (DCR) assumption. However, pairing-based ABM-LTDFs and DCR-based ABM-LTDFs rely on non-standard assumptions. In this paper, we construct an ABM-LTDF under the decisional RSA subgroup (DRSA) assumption, and we employ it to construct PKE scheme with selective opening security. We also propose a construction of DCR-based ABM-LTDF relying on standard assumption in Appendix.

Tightly Secure Lossy Trapdoor Functions: Constructions and Applications

Lossy trapdoor functions (LTFs), introduced by Peiker and Waters in STOC’08, are functions that may be working in another injective mode or a lossy mode. Given such a function key, it is impossible to distinguish an injective key from a lossy key for any (probabilistic) polynomial-time adversary. This paper studies lossy trapdoor functions with tight security. First, we give a formal definition for tightly secure LTFs. Loosely speaking, a collection of LTFs is tightly secure if the advantage to distinguish a tuple of injective keys from a tuple of lossy keys does not degrade in the number of function keys. Then, we show that tightly secure LTFs can be used to construct public-key encryption schemes with tight CPA security in a multiuser, multichallenge setting, and with tight CCA security in a multiuser, one-challenge setting. Finally, we present a construction of tightly secure LTFs from the decisional Diffie-Hellman assumption.