[go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in
Menu
Find a journal Publish with us Track your research
Search
Saved research
Cart
  1. Home
  2. Journal of Cryptology
  3. Article

Programmable Hash Functions and Their Applications

  • Published: 29 April 2011
  • Volume 25, pages 484–527, (2012)
  • Cite this article
Download PDF
Save article
View saved research
Journal of Cryptology Aims and scope Submit manuscript
Programmable Hash Functions and Their Applications
Download PDF
  • Dennis Hofheinz1 &
  • Eike Kiltz2 

  • 1116 Accesses

  • 37 Citations

  • 3 Altmetric

  • Explore all metrics

Abstract

We introduce a new combinatorial primitive called programmable hash functions (PHFs). PHFs can be used to program the output of a hash function such that it contains solved or unsolved discrete logarithm instances with a certain probability. This is a technique originally used for security proofs in the random oracle model. We give a variety of standard model realizations of PHFs (with different parameters).

The programmability makes PHFs a suitable tool to obtain black-box proofs of cryptographic protocols when considering adaptive attacks. We propose generic digital signature schemes from the strong RSA problem and from some hardness assumption on bilinear maps that can be instantiated with any PHF. Our schemes offer various improvements over known constructions. In particular, for a reasonable choice of parameters, we obtain short standard model digital signatures over bilinear maps.

Article PDF

Download to read the full article text

Similar content being viewed by others

A Fast and Simple Partially Oblivious PRF, with Applications

Chapter © 2022

Computational Security

Chapter © 2021

A Server-Assisted Hash-Based Signature Scheme

Chapter © 2017

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.
  • Computability and Recursion Theory
  • Mathematical Applications in Computer Science
  • Open Source
  • Real Functions
  • Special Functions
  • Blockchain
  • Quantum Cryptography and Key Distribution Techniques

References

  1. M. Abdalla, D. Catalano, A. Dent, J. Malone-Lee, G. Neven, N. Smart, Identity-based encryption gone wild, in ICALP 2006: 33rd International Colloquium on Automata, Languages and Programming, Part II, ed. by M. Bugliesi, B. Preneel, V. Sassone, I. Wegener, Venice, Italy, July 10–14, 2006. Lecture Notes in Computer Science, vol. 4052 (Springer, Berlin, 2006), pp. 300–311

    Chapter  Google Scholar 

  2. S. Agrawal, D. Boneh, X. Boyen, Efficient lattice (H)IBE in the standard model, in Advances in Cryptology—EUROCRYPT 2010, ed. by H. Gilbert, French Riviera, May 30–June 3, 2010. Lecture Notes in Computer Science, vol. 6110 (Springer, Berlin, 2010), pp. 553–572

    Chapter  Google Scholar 

  3. N. Bari, B. Pfitzmann, Collision-free accumulators and fail-stop signature schemes without trees, in Advances in Cryptology—EUROCRYPT’97, ed. by W. Fumy, Konstanz, Germany, May 11–15, 1997. Lecture Notes in Computer Science, vol. 1233 (Springer, Berlin, 1997), pp. 480–494

    Google Scholar 

  4. M. Bellare, T. Ristenpart, Simulation without the artificial abort: Simplified proof and improved concrete security for Waters’ IBE scheme, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux, Cologne, Germany, April 26–30, 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 407–424

    Chapter  Google Scholar 

  5. M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in ACM CCS 93: 1st Conference on Computer and Communications Security, ed. by V. Ashby, Fairfax, Virginia, USA, November 3–5, 1993 (ACM, New York, 1993), pp. 62–73

    Chapter  Google Scholar 

  6. M. Bellare, P. Rogaway, The exact security of digital signatures: How to sign with RSA and Rabin, in Advances in Cryptology—EUROCRYPT’96, ed. by U.M. Maurer, Saragossa, Spain, May 12–16, 1996. Lecture Notes in Computer Science, vol. 1070 (Springer, Berlin, 1996), pp. 399–416

    Google Scholar 

  7. M. Bellare, O. Goldreich, S. Goldwasser, Incremental cryptography: the case of hashing and signing, in Advances in Cryptology—CRYPTO’94, ed. by Y. Desmedt, Santa Barbara, CA, USA, August 21–25, 1994. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994), pp. 216–233

    Google Scholar 

  8. O. Blazy, G. Fuchsbauer, D. Pointcheval, D. Vergnaud, Signatures on randomizable ciphertexts, in Public Key Cryptography (2011)

    Google Scholar 

  9. D. Boneh, X. Boyen, Efficient selective-ID secure identity based encryption without random oracles, in Advances in Cryptology—EUROCRYPT 2004, ed. by C. Cachin, J. Camenisch, Interlaken, Switzerland, May 2–6, 2004. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 223–238

    Chapter  Google Scholar 

  10. D. Boneh, X. Boyen, Secure identity based encryption without random oracles, in Advances in Cryptology—CRYPTO 2004, ed. by M. Franklin, Santa Barbara, CA, USA, August 15–19, 2004. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 443–459

    Chapter  Google Scholar 

  11. D. Boneh, X. Boyen, Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  12. D. Boneh, M.K. Franklin, Identity-based encryption from the Weil pairing, in Advances in Cryptology—CRYPTO 2001, ed. by J. Kilian, Santa Barbara, CA, USA, August 19–23, 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 213–229

    Chapter  Google Scholar 

  13. D. Boneh, M.K. Franklin, Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  14. D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing, in Advances in Cryptology—ASIACRYPT 2001, ed. by C. Boyd, Gold Coast, Australia, December 9–13, 2001. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2001), pp. 514–532

    Chapter  Google Scholar 

  15. D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  16. X. Boyen, General ad hoc encryption from exponent inversion IBE, in Advances in Cryptology—EUROCRYPT 2007. Lecture Notes in Computer Science, vol. 4515 (Springer, Berlin, 2007), pp. 394–411

    Chapter  Google Scholar 

  17. X. Boyen, Lattice mixing and vanishing trapdoors: A framework for fully secure short signatures and more, in PKC 2010: 13th International Conference on Theory and Practice of Public Key Cryptography, ed. by P.Q. Nguyen, D. Pointcheval, Paris, France, May 26–28, 2010. Lecture Notes in Computer Science, vol. 6056 (Springer, Berlin, 2010), pp. 499–517

    Chapter  Google Scholar 

  18. X. Boyen, Q. Mei, B. Waters, Direct chosen ciphertext security from identity-based techniques, in ACM CCS 05: 12th Conference on Computer and Communications Security, ed. by V. Atluri, C. Meadows, A. Juels, Alexandria, Virginia, USA, November 7–11, 2005 (ACM, New York, 2005), pp. 320–329

    Chapter  Google Scholar 

  19. S. Brands, An efficient off-line electronic cash system based on the representation problem. Report CS-R9323, Centrum voor Wiskunde en Informatica, March 1993

  20. J. Camenisch, A. Lysyanskaya, A signature scheme with efficient protocols, in SCN 02: 3rd International Conference on Security in Communication Networks, ed. by S. Cimato, C. Galdi, G. Persiano, Amalfi, Italy, September 12–13, 2002. Lecture Notes in Computer Science, vol. 2576 (Springer, Berlin, 2002), pp. 268–289

    Google Scholar 

  21. J. Camenisch, A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, in Advances in Cryptology—CRYPTO 2004, ed. by M. Franklin, Santa Barbara, CA, USA, August 15–19, 2004. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 56–72

    Chapter  Google Scholar 

  22. D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis, in Advances in Cryptology—EUROCRYPT 2010, ed. by H. Gilbert, French Riviera, May 30–June 3, 2010. Lecture Notes in Computer Science, vol. 6110 (Springer, Berlin, 2010), pp. 523–552

    Chapter  Google Scholar 

  23. D. Chaum, J.-H. Evertse, J. van de Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, in Advances in Cryptology—EUROCRYPT’87, ed. by D. Chaum, W.L. Price, Amsterdam, The Netherlands, April 13–15, 1988. Lecture Notes in Computer Science, vol. 304 (Springer, Berlin, 1988), pp. 127–141

    Google Scholar 

  24. D. Chaum, E. van Heijst, B. Pfitzmann, Cryptographically strong undeniable signatures, unconditionally secure for the signer, in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum, Santa Barbara, CA, USA, August 11–15, 1992. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 470–484

    Google Scholar 

  25. J.H. Cheon, Security analysis of the strong Diffie-Hellman problem, in Advances in Cryptology—EUROCRYPT 2006, ed. by S. Vaudenay, St. Petersburg, Russia, May 28–June 1, 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 1–11

    Chapter  Google Scholar 

  26. B. Chevallier-Mames, M. Joye, A practical and tightly secure signature scheme without hash function, in Topics in Cryptology—CT-RSA 2007, ed. by M. Abe, San Francisco, CA, USA, February 5–9, 2007. Lecture Notes in Computer Science, vol. 4377 (Springer, Berlin, 2007), pp. 339–356

    Chapter  Google Scholar 

  27. J.-S. Coron, On the exact security of full domain hash, in Advances in Cryptology—CRYPTO 2000, ed. by M. Bellare, Santa Barbara, CA, USA, August 20–24, 2000. Lecture Notes in Computer Science, vol. 1880 (Springer, Berlin, 2000), pp. 229–235

    Chapter  Google Scholar 

  28. R. Cramer, V. Shoup, Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. 3(3), 161–185 (2000)

    Article  Google Scholar 

  29. I. Damgård, M. Koprowski, Generic lower bounds for root extraction and signature schemes in general groups, in Advances in Cryptology—EUROCRYPT 2002, ed. by L.R. Knudsen, Amsterdam, The Netherlands, April 28–May 2, 2002. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 256–271

    Chapter  Google Scholar 

  30. Y. Dodis, R. Oliveira, K. Pietrzak, On the generic insecurity of the full domain hash, in Advances in Cryptology—CRYPTO 2005, ed. by V. Shoup, Santa Barbara, CA, USA, August 14–18, 2005. Lecture Notes in Computer Science, vol. 3621 (Springer, Berlin, 2005), pp. 449–466

    Chapter  Google Scholar 

  31. U. Feige, A. Fiat, A. Shamir, Zero-knowledge proofs of identity. J. Cryptol. 1(2), 77–94 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  32. W. Feller, An Introduction to Probability Theory and Its Applications, vol. 1, 3rd edn. (Wiley, New York, 1968)

    MATH  Google Scholar 

  33. M. Fischlin, The Cramer–Shoup strong-RSA signature scheme revisited, in PKC 2003: 6th International Workshop on Theory and Practice in Public Key Cryptography, ed. by Y. Desmedt, Miami, USA, January 6–8, 2003. Lecture Notes in Computer Science, vol. 2567 (Springer, Berlin, 2003), pp. 116–129

    Chapter  Google Scholar 

  34. E. Fujisaki, T. Okamoto, Statistical zero knowledge protocols to prove modular polynomial relations, in Advances in Cryptology—CRYPTO’97, ed. by B.S. Kaliski Jr., Santa Barbara, CA, USA, August 17–21, 1997. Lecture Notes in Computer Science, vol. 1294 (Springer, Berlin, 1997), pp. 16–30

    Google Scholar 

  35. J. Furukawa, H. Imai, An efficient group signature scheme from bilinear maps, in ACISP 05: 10th Australasian Conference on Information Security and Privacy, ed. by C. Boyd, J.M. González Nieto, Brisbane, Queensland, Australia, July 4–6, 2005. Lecture Notes in Computer Science, vol. 3574 (Springer, Berlin, 2005), pp. 455–467

    Google Scholar 

  36. R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle, in Advances in Cryptology—EUROCRYPT’99, ed. by J. Stern, Prague, Czech Republic, May 2–6, 1999. Lecture Notes in Computer Science, vol. 1592 (Springer, Berlin, 1999), pp. 123–139

    Google Scholar 

  37. C. Gentry, Practical identity-based encryption without random oracles, in Advances in Cryptology—EUROCRYPT 2006, ed. by S. Vaudenay, St. Petersburg, Russia, May 28–June 1, 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 445–464

    Chapter  Google Scholar 

  38. C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in 40th Annual ACM Symposium on Theory of Computing, ed. by R.E. Ladner, C. Dwork, Victoria, British Columbia, Canada, May 17–20, 2008 (ACM, New York, 2008), pp. 197–206

    Google Scholar 

  39. S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  40. J. Groth, Cryptography in subgroups of ℤ n , in TCC 2005: 2nd Theory of Cryptography Conference, ed. by J. Kilian, Cambridge, MA, USA, February 10–12, 2005. Lecture Notes in Computer Science, vol. 3378 (Springer, Berlin, 2005), pp. 50–65

    Google Scholar 

  41. L.C. Guillou, J.-J. Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory, in Advances in Cryptology—EUROCRYPT’88, ed. by C.G. Günther, Davos, Switzerland, May 25–27, 1988. Lecture Notes in Computer Science, vol. 330 (Springer, Berlin, 1988), pp. 123–128

    Google Scholar 

  42. J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  43. D. Hofheinz, E. Kiltz, Secure hybrid encryption from weakened key encapsulation, in Advances in Cryptology—CRYPTO 2007, ed. by A. Menezes, Santa Barbara, CA, USA, August 19–23, 2007. Lecture Notes in Computer Science, vol. 4622 (Springer, Berlin, 2007), pp. 553–571

    Chapter  Google Scholar 

  44. D. Hofheinz, E. Kiltz, Practical chosen ciphertext secure encryption from factoring, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux, Cologne, Germany, April 26–30, 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 313–332

    Chapter  Google Scholar 

  45. S. Hohenberger, B. Waters, Short and stateless signatures from the RSA assumption, in Advances in Cryptology—CRYPTO 2009, ed. by S. Halevi, Santa Barbara, CA, USA, August 16–20, 2009. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 654–670

    Chapter  Google Scholar 

  46. Q. Huang, D.S. Wong, New constructions of convertible undeniable signature schemes without random oracles. Cryptology ePrint Archive, Report 2009/517 (2009). http://eprint.iacr.org/

  47. B.D. Hughes, Random Walks and Random Environments: Vol. 1: Random Walks (Oxford University Press, London, 1995)

    MATH  Google Scholar 

  48. M. Joye, How (not) to design strong-RSA signatures. Des. Codes Cryptogr. (2011)

  49. E. Kiltz, Chosen-ciphertext security from tag-based encryption, in TCC 2006: 3rd Theory of Cryptography Conference, ed. by S. Halevi, T. Rabin, New York, NY, USA, March 4–7, 2006. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 581–600

    Google Scholar 

  50. E. Kiltz, D. Galindo, Direct chosen-ciphertext secure identity-based key encapsulation without random oracles, in ACISP 2006. Lecture Notes in Computer Science, vol. 4058 (Springer, Berlin, 2006), pp. 336–347

    Google Scholar 

  51. E. Kiltz, D. Galindo, Direct chosen-ciphertext secure identity-based key encapsulation without random oracles. Theor. Comput. Sci. 410(47–49), 5093–5111 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  52. E. Kiltz, Y. Vahlis, CCA2 secure IBE: Standard model efficiency through authenticated symmetric encryption, in Topics in Cryptology—CT-RSA 2008, ed. by T. Malkin, San Francisco, CA, USA, April 7–11, 2008. Lecture Notes in Computer Science, vol. 4964 (Springer, Berlin, 2008), pp. 221–238

    Chapter  Google Scholar 

  53. E. Kiltz, K. Pietrzak, D. Cash, A. Jain, D. Venturi, Efficient authentication from hard learning problems, in EUROCRYPT (2011)

    Google Scholar 

  54. V. Lyubashevsky, D. Micciancio, Asymptotically efficient lattice-based digital signatures, in TCC 2008: 5th Theory of Cryptography Conference, ed. by R. Canetti, San Francisco, CA, USA, March 19–21, 2008. Lecture Notes in Computer Science, vol. 4948 (Springer, Berlin, 2008), pp. 37–54

    Google Scholar 

  55. A. Miyaji, M. Nakabayashi, S. Takano, New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundam. E84-A(5), 1234–1243 (2001)

    Google Scholar 

  56. D. Naccache, D. Pointcheval, J. Stern, Twin signatures: An alternative to the hash-and-sign paradigm, in ACM CCS 01: 8th Conference on Computer and Communications Security, Philadelphia, PA, USA, November 5–8, 2001 (ACM, New York, 2001), pp. 20–27

    Chapter  Google Scholar 

  57. T. Okamoto, Efficient blind and partially blind signatures without random oracles, in TCC 2006: 3rd Theory of Cryptography Conference, ed. by S. Halevi, T. Rabin, New York, NY, USA, March 4–7, 2006. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 80–99

    Google Scholar 

  58. C. Peikert, B. Waters, Lossy trapdoor functions and their applications, in 40th Annual ACM Symposium on Theory of Computing, ed. by R.E. Ladner, C. Dwork, Victoria, British Columbia, Canada, May 17–20, 2008 (ACM, New York, 2008), pp. 187–196

    Google Scholar 

  59. R. Sakai, K. Ohgishi, M. Kasahara, Cryptosystems based on pairing, in SCIS 2000, Okinawa, Japan, January 2000

    Google Scholar 

  60. S. Schäge, Tight proofs for signature schemes without random oracles, in EUROCRYPT (2011)

    Google Scholar 

  61. S. Schäge, J. Schwenk, A CDH-based ring signature scheme with short signatures and public keys, in FC 2010: 14th International Conference on Financial Cryptography and Data Security, ed. by R. Sion, Tenerife, Canary Islands, Spain, January 25–28, 2010. Lecture Notes in Computer Science, vol. 6052 (Springer, Berlin, 2010), pp. 129–142

    Google Scholar 

  62. Secure hash standard. National Institute of Standards and Technology, NIST FIPS PUB 180-1, U.S. Department of Commerce, April 1995

  63. V. Shoup, A Computational Introduction to Number Theory and Algebra (Cambridge University Press, Cambridge, 2005)

    MATH  Google Scholar 

  64. B. Waters, Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions, in Advances in Cryptology—CRYPTO 2009, ed. by S. Halevi, Santa Barbara, CA, USA, August 16–20, 2009. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 619–636

    Chapter  Google Scholar 

  65. B.R. Waters, Efficient identity-based encryption without random oracles, in Advances in Cryptology—EUROCRYPT 2005, ed. by R. Cramer, Aarhus, Denmark, May 22–26, 2005. Lecture Notes in Computer Science, vol. 3494 (Springer, Berlin, 2005), pp. 114–127

    Chapter  Google Scholar 

  66. H. Zhu, New digital signature scheme attaining immunity to adaptive chosen-message attack. Chin. J. Electron. 10(4), 484–486 (2001)

    Google Scholar 

  67. H. Zhu, A formal proof of zhu’s signature scheme. Cryptology ePrint Archive, Report 2003/155 (2003). http://eprint.iacr.org/

Download references

Author information

Authors and Affiliations

  1. Institut für Kryptographie und Sicherheit, Karlsruhe Institute of Technology, Karlsruhe, Germany

    Dennis Hofheinz

  2. Fakultät für Mathematik, Ruhr-Universität Bochum, Bochum, Germany

    Eike Kiltz

Authors
  1. Dennis Hofheinz
    View author publications

    Search author on:PubMed Google Scholar

  2. Eike Kiltz
    View author publications

    Search author on:PubMed Google Scholar

Corresponding author

Correspondence to Eike Kiltz.

Additional information

Communicated by Kenneth G. Paterson

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hofheinz, D., Kiltz, E. Programmable Hash Functions and Their Applications. J Cryptol 25, 484–527 (2012). https://doi.org/10.1007/s00145-011-9102-5

Download citation

  • Received: 13 February 2010

  • Published: 29 April 2011

  • Issue date: July 2012

  • DOI: https://doi.org/10.1007/s00145-011-9102-5

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Key words

  • Hash functions
  • Digital signatures
  • Standard model

Advertisement

Search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Journal finder
  • Publish your research
  • Language editing
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our brands

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Discover
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Legal notice
  • Cancel contracts here

62.210.185.4

Not affiliated

Springer Nature

© 2026 Springer Nature