Lossy Trapdoor Functions from Smooth Homomorphic Hash Proof Systems

In STOC ’08, Peikert and Waters introduced a powerful new primitive called Lossy Trapdoor Functions (LTDFs). Since their introduction, lossy trapdoor functions have found many uses in cryptography. In the work of Peikert and Waters, lossy trapdoor functions were used to give an efficient construction of a chosen-ciphertext secure (IND-CCA2) cryptosystem. Lossy trapdoor functions were then shown to imply deterministic encryption by Bellare, Fischlin, O’Neill and Ristenpart in CRYPTO ’08. In TCC ’09, Rosen and Segev showed that lossy trapdoor functions are correlated product secure, meaning that they remain one-way even when evaluated on correlated inputs. In their work, Peikert and Waters gave constructions of LTDFs from the Decisional DiffieHellman (DDH) assumption and lattice assumptions. Bellare et al., and Rosen and Segev also gave (identical) efficient constructions of LTDFs from Paillier’s Decisional Composite Residuosity (DCR) assumption. To date, these remain the only known constructions of lossy trapdoor functions. In this work we extend the notion of smooth hash proof systems as defined by Cramer and Shoup in Eurocrypt ’02, to include an additional homomorphic property. We call this primitive smooth homomorphic hash proof systems. We show that smooth homomorphic projective hash proof systems include all Diverse Group Systems as defined by Cramer and Shoup. Using this definition, we show that • Smooth homomorphic hash proof systems imply LTDFs. • Diverse group systems as defined in [CS02] imply LTDFs. These are the first known generic constructions of LTDFs. • Applying our generic construction the specific constructions of smooth hash proof systems given by Cramer and Shoup, we obtain the first construction of LTDFs from the quadratic residuosity (QR) assumption. We also obtain a novel construction of LTDFs from Paillier’s decisional composite residuosity (DCR) assumption. • Applying our results to the results of Bellare et al. we obtain a construction of deterministic encryption from smooth homomorphic hash proof systems. • Applying our results to the results of Rosen and Segev, we obtain a construction of correlated product secure functions from smooth homomorphic hash proof systems. This provides the first construction of correlated product secure functions from the QR assumption. • Applying the black-box separation results of Rosen and Segev, we show that there is a blackbox separation between smooth homomorphic hash proof systems and one-way trapdoor permutations. • While homomorphic encryption can never be IND-CCA2 secure, we notice that smooth homomorphic hash proof systems yield a homomorphic IND-CCA1 secure cryptosystem. ISSN 1433-8092 Electronic Colloquium on Computational Complexity, Report No. 127 (2009)