Memory-Tight Reductions for Practical Key Encapsulation Mechanisms

Rishiraj Bhattacharyya

doi:10.1007/978-3-030-45374-9_9

Memory-Tight Reductions for Practical Key Encapsulation Mechanisms

Rishiraj Bhattacharyya^*

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The efficiency of a black-box reduction is an important goal of modern cryptography. Traditionally, the time complexity and the success probability were considered as the main aspects of efficiency measurements. In CRYPTO 2017, Auerbach et al. introduced the notion of memory-tightness in cryptographic reductions and showed a memory-tight reduction of the existential unforgeability of the RSA-FDH signature scheme. Unfortunately, their techniques do not extend directly to the reductions involving intricate RO-programming. The problem seems to be inherent as all the other existing results on memory-tightness are lower bounds and impossibility results. In fact, Auerbach et al. conjectured that a memory-tight reduction for security of Hashed-ElGamal KEM is impossible. We refute the above conjecture. Using a simple RO simulation technique, we provide memory-tight reductions of security of the Cramer-Shoup and the ECIES version of Hashed-ElGamal KEM.We prove memory-tight reductions for different variants of Fujisaki-Okamoto Transformation. We analyze the modular transformations introduced by Hofheinz, Hövermanns and Kiltz (TCC 2017). In addition to the constructions involving implicit rejection, we present a memory-tight reduction for the security of the transformation. Our techniques can withstand correctness-errors, and applicable to several lattice-based KEM candidates.

Original language	English
Title of host publication	Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
Editors	Aggelos Kiayias, Markulf Kohlweiss, Petros Wallden, Vassilis Zikas
Publisher	Springer Vieweg
Pages	249-278
Number of pages	30
ISBN (Print)	9783030453732
DOIs	https://doi.org/10.1007/978-3-030-45374-9_9
Publication status	Published - 2020
Event	23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020 - Edinburgh, United Kingdom Duration: 4 May 2020 → 7 May 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12110 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020
Country/Territory	United Kingdom
City	Edinburgh
Period	4/05/20 → 7/05/20

Bibliographical note

Funding Information:
We thank Eike Kiltz for encouraging us to write up and submit the work. We are thankful to the reviewers for their comments on this and the previous versions of the paper. The author is supported by SERB ECR/2017/001974.

Publisher Copyright:
© 2020, International Association for Cryptologic Research.

Keywords

FO transformation
Hashed-ElGamal
Memory-tight reduction

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-45374-9_9

Cite this

Bhattacharyya, R. (2020). Memory-Tight Reductions for Practical Key Encapsulation Mechanisms. In A. Kiayias, M. Kohlweiss, P. Wallden, & V. Zikas (Eds.), Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings (pp. 249-278). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12110 LNCS). Springer Vieweg. https://doi.org/10.1007/978-3-030-45374-9_9

Bhattacharyya, Rishiraj. / Memory-Tight Reductions for Practical Key Encapsulation Mechanisms. Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. editor / Aggelos Kiayias ; Markulf Kohlweiss ; Petros Wallden ; Vassilis Zikas. Springer Vieweg, 2020. pp. 249-278 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a8cfba478e48499bb2a544ffc10660f2,

title = "Memory-Tight Reductions for Practical Key Encapsulation Mechanisms",

abstract = "The efficiency of a black-box reduction is an important goal of modern cryptography. Traditionally, the time complexity and the success probability were considered as the main aspects of efficiency measurements. In CRYPTO 2017, Auerbach et al. introduced the notion of memory-tightness in cryptographic reductions and showed a memory-tight reduction of the existential unforgeability of the RSA-FDH signature scheme. Unfortunately, their techniques do not extend directly to the reductions involving intricate RO-programming. The problem seems to be inherent as all the other existing results on memory-tightness are lower bounds and impossibility results. In fact, Auerbach et al. conjectured that a memory-tight reduction for security of Hashed-ElGamal KEM is impossible. We refute the above conjecture. Using a simple RO simulation technique, we provide memory-tight reductions of security of the Cramer-Shoup and the ECIES version of Hashed-ElGamal KEM.We prove memory-tight reductions for different variants of Fujisaki-Okamoto Transformation. We analyze the modular transformations introduced by Hofheinz, H{\"o}vermanns and Kiltz (TCC 2017). In addition to the constructions involving implicit rejection, we present a memory-tight reduction for the security of the transformation. Our techniques can withstand correctness-errors, and applicable to several lattice-based KEM candidates.",

keywords = "FO transformation, Hashed-ElGamal, Memory-tight reduction",

author = "Rishiraj Bhattacharyya",

note = "Funding Information: We thank Eike Kiltz for encouraging us to write up and submit the work. We are thankful to the reviewers for their comments on this and the previous versions of the paper. The author is supported by SERB ECR/2017/001974. Publisher Copyright: {\textcopyright} 2020, International Association for Cryptologic Research.; 23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020 ; Conference date: 04-05-2020 Through 07-05-2020",

year = "2020",

doi = "10.1007/978-3-030-45374-9_9",

language = "English",

isbn = "9783030453732",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Vieweg",

pages = "249--278",

editor = "Aggelos Kiayias and Markulf Kohlweiss and Petros Wallden and Vassilis Zikas",

booktitle = "Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings",

address = "Germany",

}

Bhattacharyya, R 2020, Memory-Tight Reductions for Practical Key Encapsulation Mechanisms. in A Kiayias, M Kohlweiss, P Wallden & V Zikas (eds), Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12110 LNCS, Springer Vieweg, pp. 249-278, 23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020, Edinburgh, United Kingdom, 4/05/20. https://doi.org/10.1007/978-3-030-45374-9_9

Memory-Tight Reductions for Practical Key Encapsulation Mechanisms. / Bhattacharyya, Rishiraj.
Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. ed. / Aggelos Kiayias; Markulf Kohlweiss; Petros Wallden; Vassilis Zikas. Springer Vieweg, 2020. p. 249-278 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12110 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Memory-Tight Reductions for Practical Key Encapsulation Mechanisms

AU - Bhattacharyya, Rishiraj

N1 - Funding Information: We thank Eike Kiltz for encouraging us to write up and submit the work. We are thankful to the reviewers for their comments on this and the previous versions of the paper. The author is supported by SERB ECR/2017/001974. Publisher Copyright: © 2020, International Association for Cryptologic Research.

PY - 2020

Y1 - 2020

N2 - The efficiency of a black-box reduction is an important goal of modern cryptography. Traditionally, the time complexity and the success probability were considered as the main aspects of efficiency measurements. In CRYPTO 2017, Auerbach et al. introduced the notion of memory-tightness in cryptographic reductions and showed a memory-tight reduction of the existential unforgeability of the RSA-FDH signature scheme. Unfortunately, their techniques do not extend directly to the reductions involving intricate RO-programming. The problem seems to be inherent as all the other existing results on memory-tightness are lower bounds and impossibility results. In fact, Auerbach et al. conjectured that a memory-tight reduction for security of Hashed-ElGamal KEM is impossible. We refute the above conjecture. Using a simple RO simulation technique, we provide memory-tight reductions of security of the Cramer-Shoup and the ECIES version of Hashed-ElGamal KEM.We prove memory-tight reductions for different variants of Fujisaki-Okamoto Transformation. We analyze the modular transformations introduced by Hofheinz, Hövermanns and Kiltz (TCC 2017). In addition to the constructions involving implicit rejection, we present a memory-tight reduction for the security of the transformation. Our techniques can withstand correctness-errors, and applicable to several lattice-based KEM candidates.

AB - The efficiency of a black-box reduction is an important goal of modern cryptography. Traditionally, the time complexity and the success probability were considered as the main aspects of efficiency measurements. In CRYPTO 2017, Auerbach et al. introduced the notion of memory-tightness in cryptographic reductions and showed a memory-tight reduction of the existential unforgeability of the RSA-FDH signature scheme. Unfortunately, their techniques do not extend directly to the reductions involving intricate RO-programming. The problem seems to be inherent as all the other existing results on memory-tightness are lower bounds and impossibility results. In fact, Auerbach et al. conjectured that a memory-tight reduction for security of Hashed-ElGamal KEM is impossible. We refute the above conjecture. Using a simple RO simulation technique, we provide memory-tight reductions of security of the Cramer-Shoup and the ECIES version of Hashed-ElGamal KEM.We prove memory-tight reductions for different variants of Fujisaki-Okamoto Transformation. We analyze the modular transformations introduced by Hofheinz, Hövermanns and Kiltz (TCC 2017). In addition to the constructions involving implicit rejection, we present a memory-tight reduction for the security of the transformation. Our techniques can withstand correctness-errors, and applicable to several lattice-based KEM candidates.

KW - FO transformation

KW - Hashed-ElGamal

KW - Memory-tight reduction

UR - http://www.scopus.com/inward/record.url?scp=85090016563&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-45374-9_9

DO - 10.1007/978-3-030-45374-9_9

M3 - Conference contribution

AN - SCOPUS:85090016563

SN - 9783030453732

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 249

EP - 278

BT - Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings

A2 - Kiayias, Aggelos

A2 - Kohlweiss, Markulf

A2 - Wallden, Petros

A2 - Zikas, Vassilis

PB - Springer Vieweg

T2 - 23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020

Y2 - 4 May 2020 through 7 May 2020

ER -

Bhattacharyya R. Memory-Tight Reductions for Practical Key Encapsulation Mechanisms. In Kiayias A, Kohlweiss M, Wallden P, Zikas V, editors, Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. Springer Vieweg. 2020. p. 249-278. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-45374-9_9

Memory-Tight Reductions for Practical Key Encapsulation Mechanisms

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this