 Research
 Open Access
 Published:
Predicate encryption against masterkey tampering attacks
Cybersecurity volume 2, Article number: 22 (2019)
Abstract
Many real world attacks often target the implementation of a cryptographic scheme, rather than the algorithm itself, and a system designer has to consider new models that can capture these attacks. For example, if the key can be tampered by physical attacks on the device, the security of the scheme becomes totally unclear. In this work, we investigate predicate encryption (PE), a powerful encryption primitive, in the setting of tampering attacks. First, we show that many existing frameworks to construct PE are vulnerable to tampering attacks. Then we present a new security notion to capture such attacks. Finally, we take Attrapadung’s framework in Eurocrypt’14 as an example to show how to “compile" these frameworks to tampering resilient ones. Moreover, our method is compatible with the original pair encoding schemes without introducing any redundancy.
Introduction
Predicate Encryption (PE) (Lewko et al. 2010; Okamoto and Takashima 2009, 2010, 2012; Lewko and Waters 2010; Katz et al. 2008) is a new paradigm of publickey encryption that supports finegrained access control policy. In PE, secret keys are associated with parameters X, ciphertexts are associated with parameters Y and a secret key can decrypt the ciphertext if and only if R(X,Y)=1, where R is a predicate for X and Y. Identitybased encryption (IBE) is the simplest kind of PE where R is a equality predicate. PE is powerful and broadly applicable, however, constructing PE schemes and proving their security are complex. Especially, constructing fully secure PE schemes for complex predicates such as for regular languages is a big challenge.
Wee (2014) and Attrapadung (2014) proposed generic frameworks to construct PE schemes with new primitives called predicate encodings or pair encodings respectively (Here we focus on pair encodings, which are more general) and proved the full security utilizing the powerful tool— dual system encryption introduced by Waters Waters (2009) in compositeorder groups. Limited by the inefficiency, Attrapadung (2016) and Agrawal and Chase (2016) presented a similar generic framework in primeorder groups. By far, constructing pair encoding schemes instead of PE schemes for new predicates has significantly simplified the process of designing and analyzing fully secure PE schemes.
The traditional security requirement for PE — full security (or called INDCPA) assumes that the adversary only has blackbox access to the system and thus the master key and secret keys are completely hidden from the adversary. However, such assumption may not always hold in practice. Many real world attacks often target the implementation of a cryptographic scheme, rather than the algorithm itself, and a system designer has to consider new models that can capture these attacks. For example, if the key can be leaked via leakage attacks (Kocher 1996; Kocher et al. 1999) or modified via tampering attacks (Biham and Shamir 1997; Boneh et al. 1997; Agrawal et al. 2003) on the device, the security of the scheme becomes totally unclear. In this work, we only focus on the latter. The key could be a signing key of a signature scheme, a decryption key of an encryption scheme, or the master key of a PE scheme. In PE, the privacy of the master key is the cornerstone of the PE security and it is fatal when the master key is tampered.
Tampering resilience (i.e., tampering attack security)^{Footnote 1} was initiated by Bellare and Kohno (2003), whose targets were pseudorandom permutation (PRP) and pseudorandom function (PRF). Later, Bellare, Cash, and Miller (2011) generalized the concept to other cryptographic primitives, including PKE, signature and IBE. Roughly speaking, the tampering attacks allow the adversary to modify the key of a cryptographic scheme and observe the output under the falsified key. However, except IBE (PE with a simple equality predicate), tampering attacks were not considered for the complicated primitive, PE. In this work, we try to investigate the problem, namely, PE against tampering attacks.
Overall, from the practical perspective, our work can be seen a stepping stone towards the practicality of PE, in which tampering attacks are unavoidable. From the theoretical perspective, we show how to achieve tampering resilience for more complicated primitives than previously known.
Our Contributions. In this work, we focus on the security of PE when the master key is tampered and construct a generic fully secure PE framework against tampering attacks. Our contributions are threefold.
First, we find that the existing generic PE frameworks (Attrapadung 2014; 2016; Wee 2014; Agrawal and Chase 2016; Chen et al. 2015) are vulnerable to tampering attacks. Note that tampering attacks are out of the scope of these work, so we did not disprove any of the previous results. However, we’d like to show that tampering attacks are powerful and one should consider countermeasures.
Recall that the crux of constructing PE schemes in these frameworks is designing appropriate encoding schemes. One property of the encoding scheme is linearity, which is important to the security proof but also can be a useful tool to threaten the security of PE in the tampering attack. Concretely, with the help of linearity, the adversary is able to recover the secret key by choosing appropriate tampering functions. Since these frameworks cover most of the existing PE constructions, these PE schemes are vulnerable to tampering attacks.
Second, we extend the full security notion for PE to the setting of tampering attacks. We model tampering attacks by providing the adversary with access a tampering oracle: the adversary is allowed to submit a tampering function^{Footnote 2} ϕ and receives secret keys generated under the falsified master key ϕ(msk). The adversary can query the tampering oracle adaptively and repeatedly. If all tampering functions appeared in the tampering oracle are the identity function, our definition is exactly the standard model of full security.
Note that restrictions on tampering functions are necessary, otherwise there are trivial tampering attacks. For instance, if we allow the adversary to make any polynomial of arbitrary tampering queries, the master key can be recovered bitbybit, as shown by Gennaro et al. (2004). Therefore, we need to either limit the type of tampering functions or limit the number of tampering queries to bypass the impossibility of unrestricted tampering. And since our attacks on existing PE frameworks are given with linear functions, constant functions and affine functions, here we confine tampering functions are algebraic but allow any polynomial of tampering queries.
Finally, we present a generic, fully secure and tampering resilient PE framework and prove its security within the methodology of dual system encryption. Our main tool is a new primitive called Tampering Resilient Function (TRF). Intuitively, a function H is a tampering resilient function if H(x) is random even given the output of H applied to related inputs ϕ(x) where ϕ(x)≠x. We take Attrapadung’s framework (Attrapadung 2014) as an example to explain how to construct secure PE schemes against tampering attacks. And, significantly, our costs are comparable to those of the original framework.
We also give concrete constructions of TRF. Obviously, the random oracle is a simple TRF. Whereas these frameworks (Attrapadung 2014; 2016; Wee 2014; Agrawal and Chase 2016; Chen et al. 2015) are proposed to construct fully secure PE schemes in the standard model, we expect to instantiate TRF without the random oracle. With the help of other primitives such as the NonMalleable Key Derivation Function (NMKDF), the continuous NonMalleable Key Derivation Function (cNMKDF), the Tampering Resilient Pseudorandom Function (TRPRF)^{Footnote 3} and the Correlated Input Secure Hash (CISH) function, we obtain instantiations of TRF in the standard model.
Our Technique. The reason why the existing PE frameworks are insecure against tampering attacks is the key malleability caused by the linearity of the underling pair encoding schemes and it is nature to construct tampering resilient PE schemes by breaking the property. More specifically, in the model of full security, secret keys SK_{X} for X that can decrypt the challenge ciphertext associated Y^{∗} are forbidden to query. However, the adversary in our new security model can obtain secret keys \(\text {SK}^{\prime }_{X}\) for such X under the falsified master key except SK_{X} generated under the original master key. Using key malleability, a valid SK_{X} can be generated from \(\text {SK}^{\prime }_{X}\). Hence, we expect that \(\text {SK}^{\prime }_{X}\) are independent from SK_{X} so that they are useless for the adversary to break PE schemes.
Due to the above observation, we define a new primitive TRF and utilize it mapping the master key before generating secret keys to achieve tampering resilience. The property of TRF that the output H(x) is random even given H(ϕ(x)) as long as ϕ(x)≠x ensures that the adversary cannot utilize \(\text {SK}^{\prime }_{X}\) to obtain the additional advantage. In other words, the adversary cannot generate a properly distributed SK_{X} correctly without the original master key. Meanwhile, without the key malleability, we cannot reduce the security of the modified PE schemes to the original ones and need to prove using the dual system encryption techniques.
Related Work. Since the seminal work of Bellare and Kohno (2003), a lot of tampering resilient symmetric and asymmetric cryptographic primitives were proposed (Bellare and Cash 2010; Bellare et al. 2011, 2012, 2014; Kalai et al. 2011; Liu and Lysyanskaya 2012; Wee 2012; Damgård et al. 2013, 2015; Fujisaki and Xagawa 2016; Faonio and Venturi 2016; Qin et al. 2015). Gennaro et al. (2004) proved that it is impossible to construct secure cryptographic primitives when the tampering functions are arbitrary and the number of tampering queries is unbounded. Hence, the key to construct secure schemes is how to circumvent these restrictions.
One way is considering restricted tampering. By specifying the type of tampering functions, there existed secure PRF, PRP, PKE, symmetric encryption (SE) and signature resilient to linear functions (Bellare and Cash 2010; Bellare et al. 2011; Wee 2012), IBE resilient to affine and polynomial functions (Bellare et al. 2012), IBE resilient to invertible functions (Fujisaki and Xagawa 2015). By restricting the number of tampering queries the adversary is allowed to make, Damgård et al. (2013) proposed secure PKE schemes and signatures resilient to arbitrary tampering functions. In addition, with the bounded tampering resilient model, Faonio and Venturi (2016) gave the first signature construction in the standard model and the first CCAsecure PKE without NIZK.
Another way to bypass the impossibility is taking advantage of extra mechanisms, such as keyupdating mechanisms and selfdestruct mechanisms (Kalai et al. 2011; Gennaro et al. 2004; Fujisaki and Xagawa 2016).
Most of above work focused on SE and PKE except the one by Bellare et al. (2012). They proposed similar tampering attacks on BonehFranklin IBE scheme (Boneh and Franklin 2001) and Waters IBE scheme (Waters 2005) but repaired IBE schemes in a different way from ours. To an extent, the reason for such tampering attacks on PE or IBE is due to the key malleability property of the original schemes. Bellare et al. (2012) employed the property together with a component called collision resistant identity renaming to reduce tampering resilience of the new schemes to the base ones in the blackbox way. However, the way no longer works in the standard model. Our strategy is to destroy the key malleability property directly to prove tampering resilience of new schemes. Moreover, the master public key of modified PE schemes (Bellare et al. 2012) depends on the tampering function form. If tampering functions are complex, such as highdegree polynomials, the master public key is huge. However in our work, we only add a function to map the master key without bringing any redundant elements to the original schemes. Finally, our framework can apply to PE schemes more than IBE schemes.
Preliminary
In this section, we present some basic notations and definitions that are used in our construction.
Notations. If S is a set, let S denote the number of its elements, and \(x \xleftarrow {\$} S\) denotes that x is uniformly sampled from S. Let U_{n} denote the uniform distribution over {0,1}^{n}. Denote [n] the set \(\{1, 2, \dots, n\}\). A bold face letter represents a vector (e.g. a), and an uppercase letter represents a matrix (e.g. A). For vectors \(\mathbf {a} = (a_{1}, \dots, a_{n})\) and \(\mathbf {b} = (b_{1}, \dots, b_{n})\), we denote dot product as \(\mathbf {a} \cdot \mathbf {b} = (a_{1}b_{1}, \dots, a_{n}b_{n})\). Let g^{a} be the vector \(\left (g^{a_{1}}, \dots, g^{a_{n}}\right)\). We denote negl(λ) a negligible function of λ.
Tampering resilient function
In this section, we introduce a new primitive called Tampering Resilient Function (TRF), which will be used as a main tool of our tampering resilient PE schemes. Intuitively, a function H is a tampering resilient function if the output H(x) is still random even if the adversary obtains outputs of H(ϕ(x)) with some ϕ(x)≠x.
Definition 1
(Tampering Resilient Function) Let \(\mathcal {F} = \left \{{\phi }  {\phi }: \{0, 1\}^{n} \rightarrow \{0, 1\}^{n}\right \}\) be any family of functions. Say \(\mathcal {H} = \left \{\mathrm {H}  \mathrm {H}: \{0, 1\}^{n} \rightarrow \{0, 1\}^{k}\right \}\) is a family of tampering resilient functions if for \(\forall x \xleftarrow {\$} U_{n}, {\phi } \xleftarrow {\$} \mathcal {F}, \mathrm {H} \xleftarrow {\$} \mathcal {H}, {\phi }(x) \neq x\), the following two distributions are indistinguishable:
{H(x), H(ϕ(x))} and {y, H(ϕ(x))}
where \(y \xleftarrow {\$} U_{k}\).
Composite order bilinear groups
Let \(({\mathbb G},\mathbb {G}_{T})\) be cyclic groups of composite order N=p_{1}p_{2}p_{3}, where p_{1},p_{2},p_{3} are distinct primes. A bilinear group generator \(\mathcal {G}\) takes as input a security parameter λ and outputs a description \((\mathbb {G}, \mathbb {G}_{T}, e, N)\) where e is an efficiently computable bilinear map. Let \(\mathbb {G}_{p_{i}}\) denote the subgroup of \(\mathbb {G}\) of order p_{i} and g_{i} denote a random generator of \(\mathbb {G}_{p_{i}}\). Each element \(h \in \mathbb {G}\) can be written as \(h = g_{1}^{a}g_{2}^{b}g_{3}^{c}\). The bilinear map e satisfies the following properties:

Nondegenerate: For all generators g of \(\mathbb {G}\), e(g,g)≠1.

Bilinear: For all \(a, b \in \mathbb {Z}_{N}\), \(e\left (g^{a}, g^{b}\right) = e(g, g)^{ab}\).

Orthogonality: For \(g \in \mathcal {G}_{p_{i}}, h \in \mathcal {G}_{p_{j}}\) where i≠j, \(e(g, h) = 1 \in \mathbb {G}_{T}\).
We will take advantage of the following three Subgroup Decision (SD) Assumptions (Waters 2009; Lewko and Waters 2010) to prove the security of our construction.
Definition 2
(SD1) The SD1 problem is to guess β∈{0,1}, given \(\left (\mathbf {param}_{\mathbb {G}}, g_{1}, \allowbreak g_{3}, T_{\beta }\right)\), where
Definition 3
(SD2) The SD2 problem is to guess β∈{0,1}, given \(\left (\mathbf {param}_{\mathbb {G}}, g_{1}, \allowbreak g_{3}, g_{1}^{u}g_{2}^{z}, g_{2}^{v}g_{3}^{\rho }, T_{\beta }\right)\), where
Definition 4
(SD3) The SD3 problem is to guess β∈{0,1}, given \(\left (\mathbf {param}_{\mathbb {G}}, g_{1}, \allowbreak g_{2}, g_{3}, g_{1}^{\alpha }g_{2}^{u}, g_{1}^{s}g_{2}^{v}, T_{\beta }\right)\), where
To construct the tampering resilient PE framework, we additional define a variant of SD3, which is called TRFSD3, to handle tampering queries in the security proof. Let \(\mathrm {H}: {\{0, 1\}^{n}} \rightarrow \mathbb {Z}_{N}\) be a tampering resilient function and \(\phi _{i}: \mathbb {Z}_{N} \rightarrow \mathbb {Z}_{N}\) be an algebraic tampering function.
Definition 5
(TRFSD3]) The TRFSD3 problem is to guess β∈{0,1}, given \(\left (\mathbf {param}_{\mathbb {G}}, g_{1}, g_{2}, g_{3}, \allowbreak g_{1}^{\mathrm {H}(\phi _{i}(\alpha))}g_{2}^{u},\right. \left. g_{1}^{\mathrm {H}(\alpha)}g_{2}^{u}, g_{1}^{s}g_{2}^{v}, T_{\beta }\right)\), where
Due to the property of TRF, H(ϕ_{i}(α)) is independent from H(α). Thus, if SD3 holds in \(\mathcal {G}\), so does TRFSD3.
Dual system predicate encryption
We consider the predicate family \(R = \{R_{\kappa }\}_{\kappa \in \mathbb {N}^{c}}\) for some constant c, where \(R_{\kappa }: \mathcal {X} \times \mathcal {Y} \rightarrow \{0, 1\} \) is a predicate mapping a key parameter \(X \in \mathcal {X}\) and a ciphertext parameter \(Y \in \mathcal {Y}\) to {0,1}. The family index κ=(n_{1},n_{2},...) specifies the description of a predicate of R_{κ}∈R and the first entry n_{1} in κ specifies the domain. In this work, we omit κ and write R_{N} for simplicity when its domain is Z_{N}. We say that R is domaintransferable^{Footnote 4} if for p that divides N, then there exist two maps \(f_{1}: \mathcal {X}_{N} \rightarrow \mathcal {X}_{p}, f_{2}: \mathcal {Y}_{N} \rightarrow \mathcal {Y}_{p}\) such that for all \(X \in \mathcal {X}_{N}, Y \in \mathcal {Y}_{N}\):

Completeness. If R_{N}(X,Y)=1 then R_{p}(f_{1}(X),f_{2}(Y))=1.

Soundness. If R_{N}(X,Y)=0, then R_{p}(f_{1}(X),f_{2}(Y))=0. Otherwise there exists an algorithm which can output a nontrivial factor F such that pF,FN.
A predicate encryption (PE) for a predicate R consists of four algorithms: Setup, KeyGen, Encrypt, Decrypt, while a dual system PE scheme additionally have three algorithms, SetupSF, KeyGenSF and EncryptSF. Note that the last three algorithms are not parts of the PE scheme, they are only needed for security purposes.
\(\mathbf {Setup}(\lambda) \rightarrow (\text {MSK}, \text {PP})\). The setup algorithm takes in a security parameter λ and outputs a public parameter PP and a master key MSK.
\(\mathbf {KeyGen}(\text {MSK}, X) \rightarrow \text {SK}_{X}\). The key generation algorithm takes in a master key MSK and a parameter X, then it outputs a normal secret key SK_{X}.
\(\mathbf {Encrypt}(\text {PP}, Y, \textit {M}) \rightarrow \text {CT}_{Y}\). The encryption algorithm takes in a public parameter PP, a message M and a parameter Y, and outputs a normal ciphertext CT_{Y}.
\(\mathbf {Decrypt}(\text {CT}_{Y}, \text {SK}_{X}) \rightarrow M\). The decrypt algorithm takes in a ciphertext CT_{Y} and a secret key SK_{X}, and outputs a message M if R(X,Y)=1 for X and Y.
\(\mathbf {SetupSF}(\lambda) \rightarrow (\text {MSK}, \text {PP})\). The semifunctional setup algorithm takes in a security parameter λ and outputs a public parameter PP, a master key MSK and some parameters used to generate semifunctional keys and ciphertexts.
\(\mathbf {KeyGenSF}(\text {MSK}, X) \rightarrow \text {SK}_{X}\). The semifunctional key generation algorithm takes in a master key MSK and a parameter X, then it outputs a semifunctional secret key SK_{X}.
\(\mathbf {EncryptSF}(\text {PP}, Y, \textit {M}) \rightarrow \mathrm {CT_{Y}}\). The semifunctional encryption algorithm takes in a public parameter PP, a message M and a parameter Y, and outputs a semifunctional ciphertext CT_{Y}.
Correctness. We require the correctness condition holds that for all \(X \in \mathcal {X}, Y \in \mathcal {Y}\), if R(X,Y)=1, we have Decrypt(Encrypt(PP,Y,M),KeyGen(MSK,X))=M.
Security model
In this work, we consider the situation where the adversary has unexpected power to tamper with the master key and it is not captured by the standard full security notion for PE. In this section, we extend the full security notion to the setting of tampering attacks by providing the adversary an additional tampering oracle. Informally, in our new model, besides secret keys generated under the original master key, the adversary is also allowed to obtain secret keys generated under the falsified master key, which is derived from the original master key with the tampering function chosen by the adversary adaptively.
Note that restrictions on tampering functions are necessary, otherwise there are trivial tampering attacks. For instance, as shown by Gennaro et al. (2004), if the adversary is allowed to make any polynomial of arbitrary tampering queries, the master key may be recovered bitbybit. Therefore, we need to either limit the type of tampering functions or limit the number of tampering queries to bypass the impossibility of unrestricted tampering. And since our attacks on existing PE frameworks are given with linear functions, constant functions and affine functions, here we confine tampering functions are algebraic but allow any polynomial of tampering queries.
Denote the tampering functions by \(\phi :\mathcal {MSK} \rightarrow \mathcal {MSK}\). An PE scheme Π is secure against such tampering functions if for all PPT adversaries \(\mathcal {A}\) it holds that
where the game \(\mathbf {Exp}_{\mathcal {A}, \Pi }^{{trpe}}(\lambda)\) is defined blow. The adversary \(\mathcal {A}\) may adaptively make (unbounded) polynomially many key generation queries to the tampering oracle and receive secret keys generated under the falsified master key ϕ(MSK) both in Phase 1 and Phase 2. Key generation queries for X where R(X,Y^{∗})=1 (Y^{∗} is the target parameter) under the original master key are forbidden. The restriction is natural, otherwise the adversary can get secret keys that can decrypt the challenge ciphertext to win the security game directly. We use a table \(\mathcal {L}\) to record X in key generation queries under the original master key. Notice that if all the tampering functions appeared in the key generation queries are the identity functions, our definition is exactly the model of full security (i.e. INDCPA security).
\(\mathbf {Exp}_{\mathcal {A}, \Pi }^{{trpe}}(\lambda)\):
Setup. In this phase, the challenger runs \( (\text {MSK}, \text {PP}) \leftarrow \textbf {Setup}(\lambda)\) and gives PP to the adversary \(\mathcal {A}\). Besides, the challenger should initialize the list \(\mathcal {L}\).
Phase 1. In this phase, \(\mathcal {A}\) is allowed to make key generation queries under the falsified master key with algebraic tampering functions. Upon receiving a parameter X and a tampering function ϕ_{i}, the challenger runs \(\text {SK}_{X} \leftarrow \mathbf {KeyGen}(\text {MSK}^{\prime }, X)\) in which \(\text {MSK}^{\prime } = \phi _{i}(\text {MSK})\) and returns SK_{X} to \(\mathcal {A}\). If ϕ_{i} is the identity function, the challenger adds X to \(\mathcal {L}\).
Challenge. The adversary submits two messages M_{0},M_{1} and a challenge parameter Y^{∗} with the restriction R(X,Y^{∗})=0 for \(\forall X \in \mathcal {L}\). The challenger flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \(\text {CT}^{*}_{Y^{*}} \leftarrow \mathbf {Encrypt}(\text {PP}, Y^{*}, \textit {M}_{b})\). Then it returns \(\text {CT}^{*}_{Y^{*}}\).
Phase 2. In this phase, the challenger answers key generation queries in the same way as in Phase 1.
Guess.\(\mathcal {A}\) outputs b^{′}∈{0,1}. If b^{′}=b, the output of the game is 1.
A weaker security definition is nonadaptively (or selectively) tampering resilient in which the tampering functions are fixed in advance. That is, the adversary must submit a set of tampering functions before seeing the public parameters. Since the Assumption TRFSD3 depends on tampering functions, we are only able to construct PE schemes against nonadaptive tampering attacks.
Tampering attacks on existing PE frameworks
Wee (2014) and Attrapadung (2014) proposed generic frameworks for fully secure PE constructions via notions called predicate encodings or pair encodings respectively in compositeorder bilinear groups. Later, similar frameworks in primeorder groups were also proposed (Chen et al. 2015; Attrapadung 2016; Agrawal and Chase 2016). These frameworks are generic in the sense that they can be applied to almost arbitrary predicate R.
In this section, we show these frameworks are not secure against masterkey tampering attacks. Note that tampering attacks are beyond the scope of the security model in these work, so we did not disprove any of the previous results. For simplicity, we take Attrapadung’s framework (Attrapadung 2014) as an example to illustrate our attacks in the subsequent parts, but these attacks are also applicable for other frameworks (Wee 2014; Attrapadung 2016; Agrawal and Chase 2016; Chen et al. 2015).
Pair encoding scheme: syntax
Recall that a pair encoding scheme (Attrapadung 2014) for predicate family R consists of four deterministic algorithms as follows:

\(\mathbf {Param}(\kappa) \rightarrow n\). The algorithm takes in κ and outputs an integer n, which specifies the dimension of the common variable \(\mathbf {h} = (h_{1}, \dots, h_{n})\).

\(\mathbf {Enc1}(X) \rightarrow (\mathbf {k} = (k_{1}, \dots, k_{m_{1}}); m_{2})\). The algorithm takes in a key parameter X and outputs a sequence of polynomials k and the dimension of the variable \(\mathbf {r} = (r_{1}, \dots, r_{m_{2}})\). \(\{k_{i}\}_{i \in [m_{1}]}\phantom {\dot {i}\!}\) is a linear combination of the master key α and variables r,h.
$$k_{i} = a_{i}\alpha + \sum_{j \in [m_{2}]} a_{i, j}r_{j} + \sum_{j \in [m_{2}], l \in [n]} a_{i, l, j}h_{l}r_{j}$$ 
\(\mathbf {Enc2}(Y) \rightarrow (\mathbf {c} = (c_{1}, \dots, c_{w_{1}}); w_{2})\). The algorithm takes in a ciphertext parameter Y and outputs a sequence of polynomials c and the dimension of the variable \(\mathbf {s} = (s,s_{1}, \dots, s_{w_{2}})\). \(\{c_{i}\}_{i \in [w_{1}]}\phantom {\dot {i}\!}\) is a linear combination of variables s,h.
$$c_{i} = b_{i}s + \sum_{j \in [w_{2}]} b_{i, j}s_{j} + \sum_{l \in [n]} b^{\prime}_{i, l}h_{l}s + \sum_{j \in [w_{2}], l \in [n]} b_{i, l, j}h_{l}s_{j}$$ 
\(\mathbf {Pair}(X, Y) \rightarrow \mathbf {E}\). The algorithm takes in X,Y and outputs \(\mathbf {E} \in {\mathbb Z}_{N}^{m_{1} \times {w_{1}}}\).
Correctness. For any \(X \in \mathcal {X}, Y \in \mathcal {Y}\), let \((\mathbf {k}; m_{2}) \leftarrow \mathbf {Enc1}(X), (\mathbf {c}; w_{2}) \leftarrow \mathbf {Enc2}(Y), \mathbf {E} \leftarrow \mathbf {Pair}(X, Y)\), if R(X,Y)=1, the correctness of the pair encoding scheme is required to satisfy the following equation:
It is obvious that the syntax of pair encoding implies the following two properties: parametervanishing and linearity.
When proving the security of PE, parametervanishing and linearity make it possible to switch normal ciphertexts and keys to semifunctional ones indistinguishably. However, linearity also makes PE vulnerable to tampering attacks. The detailed attacks is provided in the subsequent sections.
Pair encoding scheme: security definition
Our construction is compatible with previous pair encoding schemes (Attrapadung 2014; Wee 2014; Attrapadung 2016; Agrawal and Chase 2016; Chen et al. 2015). There are two security notions in the pair encoding scheme (Attrapadung 2014)—perfectly masterkey hiding security and computationally masterkey hiding security. Here we recall the security definitions as follows.
Perfectly Masterkey Hiding Security. The pair encoding scheme P is perfectly masterkey hiding (PMH) if the following two distributions are identical. If R(X,Y)=0, let \(n \leftarrow \mathbf {Param}(\kappa), (\mathbf {k}; m_{2}) \leftarrow \mathbf {Enc1}(X), (\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y)\):
c(s,h),k(0,r,h) and c(s,h),k(α,r,h) where the probability is taken over \(\alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {s} \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\).
Computationally Masterkey Hiding Security. We define two computational security notions: selectively masterkey hiding security (SMH) and coselectively masterkey hiding security (CMH) in a bilinear group generator \(\mathcal {G}\) through the following game template \(\mathbf {Exp}_{\mathcal {G}, b, \mathcal {A}, G}\) for the flavor G∈{SMH,CMH}. It takes as input the security parameter λ and does the experiment with the adversary \(\mathcal {A} = (\mathcal {A}_{1}, \mathcal {A}_{2})\) as follows:
where st denotes the state information and the oracles \(\mathcal {O}^{1}\) and \(\mathcal {O}^{2}\) are defined below:

Selective Security. \(\mathcal {O}^{1}\) can be queried once while \(\mathcal {O}^{2}\) can be queried many times.

\(\mathcal {O}_{\text {SMH}, b, \alpha, \mathbf {h}}^{1}(Y^{*})\): Run \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\) and pick \(\mathbf {s} \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\). Return \(\mathbf {C} \leftarrow g_{2}^{\mathbf {c}(\mathbf {s}, \mathbf {h})}\).

\(\mathcal {O}_{\text {SMH}, b, \alpha, \mathbf {h}}^{2}(X)\): If R(X,Y^{∗})=1, return ⊥.
Else, run \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and pick \(\mathbf {r} \allowbreak \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}\). Return \(\mathbf {K} \leftarrow \)
$$\left\{\begin{array}{ll} g_{2}^{\mathbf{k}(0, \mathbf{r}, \mathbf{h})} & \text{if b }= 0 \\ g_{2}^{\mathbf{k}(\alpha, \mathbf{r}, \mathbf{h})} & \text{if b }= 1.\\ \end{array}\right.$$


Coselective Security. Both \(\mathcal {O}^{1}\) and \(\mathcal {O}^{2}\) can be queried only once.

\(\mathcal {O}_{\text {CMH}, b, \alpha, \mathbf {h}}^{1}(Y^{*})\): Run \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and pick \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}\). Return
$$\mathbf{K} \leftarrow \left\{\begin{array}{ll} g_{2}^{\mathbf{k}(0, \mathbf{r}, \mathbf{h})} & \text{if b } = 0 \\ g_{2}^{\mathbf{k}(\alpha, \mathbf{r}, \mathbf{h})} & \text{if b }= 1.\\ \end{array}\right. $$ 
\(\mathcal {O}_{\text {CMH}, b, \alpha, \mathbf {h}}^{2}(X)\): If R(X,Y^{∗})=1, return ⊥.
Else, run \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\) and pick \(\mathbf {s}\allowbreak \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\). Return \(\mathbf {C} \leftarrow g_{2}^{\mathbf {c}(\mathbf {s}, \mathbf {h})}\).

For a PPT adversary \(\mathcal {A}\), we define the advantage of the \(\mathcal {A}\) in the security game \(\mathbf {Exp}_{\mathcal {G}, b, \mathcal {A}, G}\) for the flavor G∈{SMH,CMH} as:
A pair encoding scheme P is selectively (resp. coselectively) masterkey hiding in \(\mathcal {G}\) if \(Adv_{\mathcal {A}}^{SMH}(\lambda)\) (resp. \(Adv_{\mathcal {A}}^{CMH}(\lambda)\)) is negligible in λ. If both hold, we say P is doubly selectively masterkey hiding.
Review Attrapadung’s framework (Attrapadung 2014)
With the pair encoding scheme, the PE framework in Attrapadung (2014) is given below: \(\mathbf {Setup}(\lambda) \rightarrow (\text {MSK}, \text {PP})\). Run \((\mathbb {G}, \mathbb {G}_{T}, e, N, p_{1}, p_{2}, p_{3}) \allowbreak \xleftarrow {\$} \mathcal {G}(\lambda)\). Pick \(g_{1} \xleftarrow {\$} \mathbb {G}_{p_{1}}, g_{3} \xleftarrow {\$} \mathbb {G}_{p_{3}}\). Run \(n \leftarrow \mathbf {Param}(\kappa)\). Choose \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}\) and \(\alpha \xleftarrow {\$} \mathbb {Z}_{N}\). The public key is \(\text {PP} = \left (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\alpha }\right)\) and the master key is MSK=α.
\(\mathbf {KeyGen}(\text {MSK}, X) \rightarrow \text {SK}_{X}\). Run \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\). Pick \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Output the secret key SK_{X} as follows:
\(\mathbf {Encrypt}(\text {PP}, Y, \textit {M}) \rightarrow \text {CT}_{Y}\). Run \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y)\). Pick \(\mathbf {s} = (s, s_{1}, \dots, s_{w_{2}}) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\). Output the secret key CT_{Y}=(C_{0},C_{1}) as follows:
\(\mathbf {Decrypt}(\text {CT}_{Y}, \text {SK}_{X}) \rightarrow M\). Check whether R(X,Y)=1. If yes, run \(\mathbf {E} \leftarrow \mathbf {Pair}(X, Y)\). Compute M as follows:
Tampering attacks on Attrapadung’s framework
In the setting of tampering attacks, the adversary is allowed to tamper the master key and gets secret keys generated under the falsified master key. We show that Attrapadung’s framework (Attrapadung 2014) is not tampering resilient by specifying particular tampering functions. The master key is an exponent \(\alpha \in \mathbb {Z}_{N}\). Suppose the tampering function is linear, w.l.o.g. \(msk^{\prime } = \phi (\alpha) = t\alpha \). Having access to the key generation oracle under the falsified master key ϕ(α), the adversary obtains
where each polynomial k_{i} of k(tα,r,h) is a linear combination of the master key α and variables r,h. Because of the linearity of α and r in k, we are able to get a properly distributed secret key \(\text {SK}_{X} = g_{1}^{\mathbf {k}_{X}(\alpha, \mathbf {r}^{\prime }, \mathbf {h})}\) under the original master key α with a new randomness \(\mathbf {r}^{\prime } = t^{1}\mathbf {r}\) by raising \(\text {SK}^{\prime }_{X}\) to t^{−1}. In this way the adversary can win the security game because he can get secret keys for X where R(X,Y^{∗})=1 and Y^{∗} is used in the challenge ciphertext.
Besides the linear functions, Attrapadung’s framework (Attrapadung 2014) is not secure against other algebraic functions. Suppose the tampering function is affine, w.l.o.g. \(msk^{\prime } = \phi (\alpha) = t\alpha + c\). With a call to the key generation oracle for X under the falsified master key ϕ(α) where R(X,Y^{∗})=1, the adversary obtains
Raising \(\text {SK}^{\prime }_{X,\text {aff}}\) to t^{−1} resulting a secret key \(\text {SK}_{X,\text {aff}} = g_{1}^{\mathbf {k}_{X}(\alpha + t^{1}c, \mathbf {r}^{\prime }, \mathbf {h})}\) under the original master key α with a new randomness \(\mathbf {r}^{\prime } = t^{1}\mathbf {r}\). Decrypt the challenge ciphertext using SK_{X,aff}, the adversary obtains
Then the adversary continues to make a key generation call for X with a constant tampering function ϕ(α)=t^{−1}c and obtains
After decrypting with SK_{X,con}, the adversary is able to compute \(e(g_{1}, g_{1})^{t^{1}cs}\). Thus, combining an affine function and a constant function, the adversary is able to recover e(g_{1},g_{1})^{αs} to decrypt the challenge ciphertext.
Remark 1
Although the master key in other frameworks (Wee 2014; Chen et al. 2015; Attrapadung 2016; Agrawal and Chase 2016) is a group element in the form of \(g_{1}^{\alpha }\) where g_{1} is the generator of a primeorder group or a primeorder subgroup of compositeorder groups, similar tampering attacks still exist. Suppose the tampering function is a simple polynomial, w.l.o.g. \(msk^{\prime } = \phi (g_{1}^{\alpha }) = g_{1}^{t\alpha }\). The remaining parts are the same.
Note that Bellare et al. (2012) presented similar tampering attacks on BonehFranklin IBE scheme (Boneh and Franklin 2001) and Waters IBE scheme(Waters 2005). The cause of such tampering attacks is a paradoxical property called key malleability, which means that there is a simulator can transform a secret key generated by the original master key to one generated by the falsified master key. On the one hand, key malleability allows us to reduce the security of the tampering resilient PE to the security of base one in the blackbox way, as Bellare et al. did (Bellare et al. 2012). But on the other hand, we can also derive properly distributed secret keys from those under the falsified master key to break the security of schemes and that is the reason for above tampering attacks. Bellare et al. took advantage of key malleability together with another component called identity renaming scheme to prove tampering resilience of new IBE schemes. In contrast, we destroy the property to construct secure PE schemes. In the next section, we show how to construct tampering resilient PE schemes.
Our generic tampering resilient PE framework
In this section, we propose a secure and generic PE framework from pair encoding against algebraic tampering functions, which is a slightly modified version of the original one. The only thing we alter is the way the master key used. That is, we keep the master key unchanged, but before using it, we first add a function to map the master key and use the mapped key to generate public parameters and secret keys. Next we will explain how to use the idea to fix Attrapadung’s framework (Attrapadung 2014) to achieve tampering resilience.
Generic construction
Let \(\mathcal {H} = \left \{{\{0, 1\}^{n}} \rightarrow \mathbb {Z}_{N}\right \}\) be a family of tampering resilient functions. Denote by \(P = \left (\mathbf {Param}, \mathbf {Enc1}, \mathbf {Enc2}, \allowbreak \mathbf {Pair}\right)\) a pair encoding scheme for predicate family R. The PE framework is given as follows:
\(\mathbf {Setup}(\lambda) \rightarrow (\text {MSK}, \text {PP})\). Run \((\mathbb {G}, \mathbb {G}_{T}, e, N, p_{1}, p_{2}, p_{3}) \allowbreak \xleftarrow {\$} \mathcal {G}(\lambda)\). Pick \(g_{1} \xleftarrow {\$} \mathbb {G}_{p_{1}}, \allowbreak g_{3} \xleftarrow {\$} \mathbb {G}_{p_{3}}\). Run \(n \leftarrow \mathbf {Param}(\kappa)\). Choose \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}\) and \(\alpha \xleftarrow {\$} \mathbb {Z}_{N}\). Choose \(\mathrm {H} \xleftarrow {\$} \mathcal {H}\). The public key is \(\text {PP} = \left (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)}, \allowbreak \mathrm {H}\right)\) and the master key is MSK=α.
\(\mathbf {KeyGen}(\text {MSK}, X) \rightarrow \text {SK}_{X}\). Run \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\). Pick \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Output the secret key SK_{X} as follows:
\(\mathbf {Encrypt}(\text {PP}, Y, \textit {M}) \rightarrow \text {CT}_{Y}\). Run \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y)\). Pick \(\mathbf {s} = \left (s, s_{1}, \dots, s_{w_{2}}\right) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\). Output the ciphertext CT_{Y}=(C_{0},C_{1}) as follows:
\(\mathbf {Decrypt}(\text {CT}_{Y}, \text {SK}_{X}) \rightarrow M\). Check whether R(X,Y)=1. If yes, run \(\mathbf {E} \leftarrow \mathbf {Pair}(X, Y)\). Compute M as follows:
Correctness. Due to the correctness of the pair encoding scheme, for R(X,Y)=1, we have
Semifunctional Algorithms. We additionally define semifunctional algorithms used in the security proof.
\(\mathbf {SetupSF}(\lambda) \rightarrow (\text {MSK}, \text {PP}, g_{2}, \hat {\mathbf {h}})\). The algorithm is the same as Setup except it additionally outputs a generator \(g_{2} \xleftarrow {\$} \mathbb {G}_{p_{2}}\) and a semifunctional parameter \(\hat {\mathbf {h}} \xleftarrow {\$} \mathbb {Z}_{N}^{n}\).
\(\mathbf {KeyGenSF}(\text {MSK}, X, g_{2}, \hat {\mathbf {h}}, type, \hat {\alpha }) \rightarrow \text {SK}_{X}\). Run \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\). Pick \(\mathbf {r}, \hat {\mathbf {r}} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Output the secret key SK_{X} depending on the input type t∈{1,2,3} as follows:
\(\mathbf {EncryptSF}(\text {PP}, Y, \textit {M}, g_{2}, \hat {\mathbf {h}}) \rightarrow \text {CT}_{Y}\). Run \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y)\). Pick \(\mathbf {s} = (s, s_{1}, \dots, s_{w_{2}}), \hat {\mathbf {s}} = (\hat {s}, \hat {s}_{1}, \dots, \hat {s}_{w_{2}}) \allowbreak \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\). Output the ciphertext CT_{Y}=(C_{0},C_{1}) as follows:
Security proof
If the pair encoding scheme P is doubly selectively masterkey hiding and the family \(\mathcal {H}\) is tampering resilient, the above framework is fully secure and tampering resilient against algebraic tampering functions. More precisely, we present the following theorem.
Theorem 1
Suppose that a pair encoding scheme P for predicate R is selectively and coselectively masterkey hiding, the Subgroup Decision Assumptions are intractable in \(\mathcal {G}\) and \(\mathcal {H}\)is a family of tampering resilient functions. Also suppose that P is domaintransferable. The framework above is fully secure and nonadaptively tampering resilient with algebraic tampering functions. For any PPT adversary \(\mathcal {A}\), there exist adversaries \(\mathcal {B}_{1}, \dots, \mathcal {B}_{6}\) with almost the same running time as \(\mathcal {A}\)such that for any security parameter λ:
where q_{1},q_{2} is the number of key generation queries in Phase 1 and Phase 2 respectively and q_{all}=q_{1}+q_{2}.
The proof is similar to that of Attrapadung’s framework (Attrapadung 2014), except the adversary in our security definition is allowed to receive secret keys generated under the falsified master key even for parameters X satisfy R(X,Y^{∗})=1 where Y^{∗} is used in the challenge ciphertext. We define a sequence of games and complete the proof of Theorem 1 by proving the indistinguishability between adjacent games. Each game is defined as follows and the difference compared with the previous one is given in Table 1.
G_{real}: The original game. G_{res}: Replace the restriction R_{N}(X,Y^{∗})=0 with \(R_{p_{2}}(X, Y^{*}) = 0\). G_{0}: The normal challenge ciphertext is modified to be semifunctional type. G_{k,t}: The kth queried secret is modified to be semifunctional of typet where k∈[1,q_{1}],t∈{1,2,3}.\(\mathbf {G}_{q_{1}+t}\): All secret keys queried in Phase 2 are modified to be semifunctional of typet where t∈{1,2,3}. G_{final}: The semifunctional challenge ciphertext is modified to the ciphertext of a random message.
We provide a proof profile in Fig. 1, including all the assumptions and security definitions used in the proof (To clarity, TRF is used throughout the proof and only two places are marked in the figure). The key is to prove that additional secret keys under the falsified master key won’t help the adversary break the security of PE. We sketch the proof idea here. Divide these secret keys into two cases. For X that R(X,Y^{∗})=0, tampering resilience follows from the masterkey hiding of the underlying pair encoding scheme P directly. For X that R(X,Y^{∗})=1, the adversary is able to compute e(g_{1},g_{1})^{H(ϕ(α))s} with the help of the correctness of P. However, the tampering function ϕ cannot be the identity function in this case so that the adversary still cannot recover the masking e(g_{1},g_{1})^{H(α)s} used in the ciphertext from e(g_{1},g_{1})^{H(ϕ(α))s} due to the property of the tampering resilient function H.
Let \(Adv_{\mathcal {A}}^{i}\) denote the advantage of \(\mathcal {A}\) in G_{i}. Notice that the advantage of \(\mathcal {A}\) in \(\mathbf {G}_{final} Adv_{\mathcal {A}}^{final}\) is 0 since the challenge ciphertext in the final game is independent of M_{b}. The complete proof of Theorem 1 is given in Appendix.
In addition, if the underlying pair encoding scheme P is perfectly masterkey hiding, we get the following theorem.
Theorem 2
Suppose that a pair encoding scheme P for predicate R is perfectly masterkey hiding, the Subgroup Decision Assumptions are intractable in \(\mathcal {G}\) and \(\mathcal {H}\)is a family of tampering resilient functions. Also suppose that P is domaintransferable. The framework above is fully secure and nonadaptively tampering resilient with algebraic tampering functions. For any PPT adversary \(\mathcal {A}\), there exist adversaries \(\mathcal {B}_{1}, \dots, \mathcal {B}_{4}\) with almost the same running time as \(\mathcal {A}\)such that for any security parameter λ:
Instantiations of tampering resilient functions
Tampering Resilient Function (TRF) is an important building block for our tampering resilient PE framework. In this section, we present several instantiations of TRF. A function H is a tapering resilient function if the output is random even when the adversary sees outputs of related inputs. A simple construction of TRF is the random oracle. But the existing PE frameworks based on the dual system encryption technique are designed to construct fully secure PE schemes without the random oracle, we’d better instantiate TRF in the standard model. A comparison of TRF based on different cryptographic primitives is given in Table 2.
TRF based on (c)NMKDF. Faust et al. (2014) introduced a notion called NonMalleable Key Derivation Function (NMKDF) for tampering function family \(\mathcal {F}\), which uses randomness x to derive y=f(x) in such a way that, even x is tampered to a different value x^{′}=ϕ(x), y^{′}=f(x^{′}) does not reveal any information about y. The definition is almost the same as ours of TRF. Since we want to give our tampering resilient PE framework in a unified way, we define a new primitive TRF to cover current similar notions. Faust et al. (2014) proposed a simple construction of NMKDF based on a twise independent hash function but the construction is secure against onetime tampering attacks. Soon after, Qin et al. (2015) extended the notion to continuous NMKDF (cNMKDF) in which unbounded polynomially tampering queries are allowed. They also present constructions of cNMKDF for any polynomials of bounded degree under the standard assumptions, e.g., DDH and DCR. Applying these constructions to our PE framework, we obtain tampering resilient PE framework for the same class of tampering functions.
TRF based on TRPRF. Tampering Resilient Pseudorandom Function (TRPRF) was first formalized by Bellare and Kohno (2003), in which the adversary can observe the inputoutput of the PRF not just under the target key k, but under others keys \({\phi _{1}(k), \dots, \phi _{q}(k)}\) derived from k in adversaryspecified ways. Later, Bellare and Cash (2010) gave the first construction of TRPRF (based on the NaorReingold PRF) whose security is proven under the DDH assumption for groupinduced functions^{Footnote 5}. They also provided a construction (based on LewkoWaters PRF) under the DLIN assumption for similar tampering functions. Combining TRPRF with our PE framework, we obtain secure PE schemes against tampering attacks, in which the key of TRPRF is the master key and the input is a public randomness. Because of the restricted range of TRPRF, we can only obtain tampering resilient PE schemes for linear or groupinduced functions^{Footnote 6}.
TRF based on CISH Functions. Another way of constructing TRF is based on Correlated Input Secure Hash (CISH) functions introduced by Goyal et al. (2011), which can be interpreted as a dual version of TRPRF. Specifically, a CISH function f with the key k ensures that the output f_{k}(x) is random even given the hash values of multiple correlated inputs (f_{k}(ϕ_{1}(x)),...,f_{k}(ϕ_{q}(x))), where functions ϕ_{i} are chosen by the adversary. Compare with TRF, the CISH function has an extra key k. In our PE framework with TRF based on the CISH function, the key k is part of the public parameters and the input is the master key. Goyal et al. (2011) give a concrete construction of the CISH function for a large class of polynomial functions of bounded degree under the variant of qDiffie Hellman Inversion (qDHI) assumption. However, the construction is only nonadaptively secure, that is, the adversary must submit functions ϕ_{i} at the begin of the game. This makes our PE framework nonadaptively tampering resilient as well.
Performance Evaluation. We give a concrete analysis of the performance of TRF, which is the only additional primitive in our tampering resilient PE compared with the original PE schemes. Table 3 presents the public parameters (PP) size and evaluation efficiency of TRF theoretically. Since module exponentiation offers the main cost, we ignore other computations, such as addition and multiplication. In addition, it should be pointed out the construction of cNMKDF employs three primitives: onetime lossy filter (OTLF), pairwise independent hash function (i.e. t = 2) and onetime signature (OTSig) and here we only present costs of OTLF based on DDH and pairwise independent hash function, but even so, the performance of TRF based on cNMKDF is the worst. As shown in Table 3, almost all of TRF need additional public parameters except TRF based on NMKDF in Faust et al. (2014), which only allows onetime tampering query, however. In general, storage overhead and computation overhead introduced by TRF are negligible compared to PE schemes. Hence, the efficiency of our TRPE schemes is comparable to that of original PE schemes.
To evaluate the practical performance of TRF, we implement TRF with DDHbased TRPRF in Bellare and Cash (2010) and TRF with qDHI based CISH in Goyal et al. (2011). The output of both TRF is \(\mathbb {H}\), a primeorder group over \(\mathbb {Z}_{N}\). Since TRF can apply to PE in both compositeorder (N=p_{1}p_{2}p_{3}) and primeorder (N is a prime larger than p) groups, we set N composite or prime accordingly and both cases are tested here.
Our experiments are conducted on an Intel Core(TM) i74790 CPU @3.6GHz and 12 GB RAM. The prime order p influences computational cost. We set the length of p increasing from 64 to 256, and repeat each instance 5 times for group generation and 5000 times for function evaluation, then take the average. As depicted in Figs. 2a (Figs. 3a) and 2b (3b), we show the time of generating PP and evaluation when N is prime (N is composite) and the time is given in milliseconds. The mostconsuming operation is generating group, specifically generating the primeorder generator, which takes about 100 ms in case of p=256 when N is prime, while the evaluation operation only takes less than 1 ms. Even when N is composite, the runtime of TRF is on the order of milliseconds. Overall, TRF is practical that has little impact on the efficiency of PE.
Further directions
In this work we explore the security of PE frameworks against tampering attacks on the master key. In our tampering resilient model, the tampering functions are restricted to algebraic functions and the number of tampering queries is unbounded. In practice, algebraic tampering functions may not describe specific attacks and constructing tampering resilient PE schemes with broader classes of tampering functions is an important direction. Besides, in PE there are two type of keys: the master key and secret keys. Compared to the master key, secret keys are more vulnerable to tampering attacks because we may store the master key in tamperproof hardware which is expensive for secret keys. How to design secure PE schemes in this case is another direction of our further work.
Appendix
Proof of Theorem 1
Lemma 1
For any adversary \(\mathcal {A}\) can distinguish Game_{real} from Game_{res}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(\left Adv_{\mathcal {A}}^{real}  Adv_{\mathcal {A}}^{res}\right  \le Adv_{\mathcal {B}}^{\mathbf {SD1}} + Adv_{\mathcal {B}}^{\mathbf {SD2}}\).
Proof The proof is the same as that in Attrapadung (2014) which reduced to the soundness of domaintransferability. If the adversary \(\mathcal {A}\) can distinguish Game_{res} from Game_{0}, then we can find a factor of N to break the assumption SD1 or SD2.
Lemma 2
For any adversary \(\mathcal {A}\) can distinguish Game_{res} from Game_{0}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{res}  Adv_{\mathcal {A}}^{0} \le Adv_{\mathcal {B}}^{\mathbf {SD1}}\).
Proof We will build a PPT adversary \(\mathcal {B}\) against Assumption SD1 with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given \(D = \left (\mathbf {param}_{\mathbb {G}}, g_{1}, g_{3}, T_{\beta }\right)\) and will simulate either Game_{res} or Game_{0} with D.
Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = \left (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)}\right)\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\). Let g_{2} be an unknown random generator of \(G_{p_{2}}\). \(\mathcal {B}\) implicitly sets \(\hat {\mathbf {h}} \mod p_{2} = \mathbf {h} \mod p_{2}\). \(\hat {\mathbf {h}}\) is properly distributed and is independent from h mod p_{1} due to the Chinese Remainder Theorem.
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) with the master key and sending (tampered) normal secret keys to \(\mathcal {A}\).
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s}^{\prime } = \left (s^{\prime }, s^{\prime }_{1}, \dots, s^{\prime }_{w_{2}}\right) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\).
Phase 2.\(\mathcal {B}\) answers key generations from \(\mathcal {A}\) as same as in Phase 1.

If β=0,
$$\mathbf{C}_{0} = g_{1}^{u\mathbf{c}(\mathbf{s}^{\prime}, \mathbf{h})} = g_{1}^{\mathbf{c}(u\mathbf{s}^{\prime}, \mathbf{h})}, C_{1} = e(g_{1}, g_{1})^{\mathrm{H}(\alpha)us^{\prime}}M_{b}.$$\(\text {CT}^{*}_{Y^{*}}\) is a properly distributed and normal ciphertext where \(\mathbf {s} = u\mathbf {s}^{\prime } \mod p_{1}\) is uniform. In this case, \(\mathcal {B}\) has properly simulated Game_{res}.

If β=1,
$$\mathbf{C}_{0} = g_{1}^{u\mathbf{c}(\mathbf{s}, \hat{\mathbf{h}})}g_{2}^{v\mathbf{c}(\mathbf{s}, \hat{\mathbf{h}})} = g_{1}^{\mathbf{c}(u\mathbf{s}^{\prime}, \hat{\mathbf{h}})}g_{2}^{\mathbf{c}(v\mathbf{s}^{\prime}, \hat{\mathbf{h}})},$$$$C_{1} = e\left(g_{1}^{u}g_{2}^{v}, g_{1}\right)^{\mathrm{H}(\alpha)s^{\prime}}M_{b} = e(g_{1}, g_{1})^{\mathrm{H}(\alpha)us^{\prime}}M_{b}.$$\(\text {CT}^{*}_{Y^{*}}\) is a properly distributed and semifunctional ciphertext where \(\hat {\mathbf {h}} = \mathbf {h} \mod p_{2}\) and \(\hat {\mathbf {s}} = v\mathbf {s}^{\prime }\mod p_{2}\) are uniform and independent from h,s due to the Chinese Remainder Theorem. In this case, \(\mathcal {B}\) has properly simulated Game_{0}. Hence, \(\mathcal {A}\) can distinguish Game_{res} from Game_{0} with negligible probability, otherwise \(\mathcal {B}\) can break Assumption SD1.
Lemma 3
For any adversary \(\mathcal {A}\) can distinguish Game_{k−1,3} from Game_{k,1}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{k1, 3}  Adv_{\mathcal {A}}^{k, 1} \le Adv_{\mathcal {B}}^{\mathbf {SD2}}\).
Proof We will build a PPT adversary \(\mathcal {B}\) against Assumption SD2 with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given \(D = \left (\mathbf {param}_{\mathbb {G}}, g_{1}, g_{3}, g_{1}^{u}g_{2}^{z}, g_{2}^{v}g_{3}^{\rho }, T_{\beta }\right)\) and will simulate either Game_{k−1,3} or Game_{k,1} with D.
Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = \left (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)}\right)\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\). Let g_{2} be an unknown random generator of \(G_{p_{2}}\). \(\mathcal {B}\) implicitly sets \(\hat {\mathbf {h}} \mod p_{2} = \mathbf {h} \mod p_{2}\). \(\hat {\mathbf {h}}\) is properly distributed and is independent from h mod p_{1} due to the Chinese Remainder Theorem.
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) in the following way:

j<k: In this case, \(\mathcal {B}\) generates type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot \left(g_{2}^{v}g_{3}^{\rho}\right)^{\mathbf{k}(\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\alpha } = v\hat {\alpha }^{\prime }\) is uniform.

j=k: Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}^{\prime }, \hat {\mathbf {r}}^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})} \cdot (T_{\beta})^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3}. $$ 
j>k: In this phase, \(\mathcal {B}\) generates normal secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot \mathbf{R}_{3}. $$
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s}^{\prime } = \left (s^{\prime }, s^{\prime }_{1}, \dots, s^{\prime }_{w_{2}}\right) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext where \(\hat {\mathbf {s}} = z\mathbf {s}^{\prime }\mod p_{2}\) is uniform and independent from \(\mathbf {s} = u\mathbf {s}^{\prime }\mod p_{1}\) due to the Chinese Remainder Theorem.
Phase 2. In this phase, \(\mathcal {B}\) answers all key generation queries from \(\mathcal {A}\) with the falsified master key and sending normal secret keys to \(\mathcal {A}\).

If β=0,
$$ \begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})} \cdot \left(g_{1}^{w}g_{3}^{\delta}\right)^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3} \\ &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}^{\prime}_{3}.\vspace*{2pt} \end{aligned} $$SK_{X} is a properly distributed and normal secret key under the falsified master key ϕ_{i}(α) where \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\) is uniform. In this case, \(\mathcal {B}\) has properly simulated Game_{k−1,3}.

If β=1,
$$ \begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})} \cdot \left(g_{1}^{w}g_{2}^{\kappa}g_{3}^{\delta}\right)^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3} \\ &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(0, {\kappa}\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}^{\prime}_{3}. \end{aligned} $$SK_{X} is a properly distributed and type1 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\mathbf {r}} = {\kappa }\hat {\mathbf {r}}^{\prime } \mod p_{2}\) is uniform and independent from \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\). In this case, \(\mathcal {B}\) has properly simulated Game_{k,1}. Hence, \(\mathcal {A}\) can distinguish Game_{k−1,3} from Game_{k,1} with negligible probability, otherwise \(\mathcal {B}\) can break Assumption SD2.
Lemma 4
For any adversary \(\mathcal {A}\) can distinguish Game_{k,1} from Game_{k,2}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{k, 1}  Adv_{\mathcal {A}}^{k, 2} \le Adv_{\mathcal {B}}^{\mathbf {CMH}} + Adv_{\mathcal {B}}^{\mathbf {TRF}}\).
If the adversary \(\mathcal {A}\) can distinguish Game_{k,1} from Game_{k,2}, we can build a PPT adversary \(\mathcal {B}\) against the CMH security of the pair encoding scheme P or the TRF family \(\mathcal {H}\). Denote K^{∗} by the challenge secret key. Define F as the event that K^{∗} is generated under the original master key and ¬F as the event that K^{∗} is generated under the falsified master key. In order to complete the proof of Lemma 4, it suffices to prove Claims 1 and 2.
Claim 1
For any adversary \(\mathcal {A}\) can distinguish Game_{k,1} from Game_{k,2}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(\left Adv_{\mathcal {A}}^{k, 1}  Adv_{\mathcal {A}}^{k, 2}\right  \le Adv_{\mathcal {B}}^{\mathbf {CMH}}\), conditioned on F occurs.
Proof We will build a PPT adversary \(\mathcal {B}\) against the CMH security of the pair encoding scheme P with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given (g_{1},g_{2},g_{3}) and will simulate either Game_{k,1} or Game_{k,2}.
Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = \left (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)}\right)\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\).
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) in the following way:

j<k: In this case, \(\mathcal {B}\) generates type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\alpha } \xleftarrow {\$} \mathbb {Z}_{N}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(\hat{\alpha}, \mathbf{0}, \mathbf{0})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α).

j=k: Upon receiving X_{k}, \(\mathcal {B}\) makes a key query to its challenger and receives back \(T_{\beta } = g_{2}^{\mathbf {k}(\beta, \hat {\mathbf {r}}, \hat {\mathbf {h}})}\). Then \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X_{k})\) and picks \(\mathbf {r}\xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). It computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\alpha), \mathbf{r}, \mathbf{h})} \cdot T_{\beta} \cdot \mathbf{R}_{3}. $$ 
j>k: In this phase, \(\mathcal {B}\) generates normal secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot \mathbf{R}_{3}. $$
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗} such that for all \(X \in \mathcal {L}, R(X, Y^{*}) = 0\). This query can be made since R(X_{k},Y^{∗})=0 when the event F occurs. \(\mathcal {B}\) makes a ciphertext query to its challenger and receives back \(D = g_{2}^{\mathbf {c}(\hat {\mathbf {s}}, \hat {\mathbf {h}})}\). Then \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s} = (s, s_{1}, \dots, s_{w_{2}})\xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext.
Phase 2. In this phase, \(\mathcal {B}\) answers all key generation queries from \(\mathcal {A}\) with the falsified master key and sending normal secret keys to \(\mathcal {A}\).

If β=0,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\alpha), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(0, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type1 semifunctional secret key under the original master key α. In this case, \(\mathcal {B}\) has properly simulated Game_{k,1}.

If β=1,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\alpha), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(\hat{\alpha}, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type2 semifunctional secret key under the original master key α. In this case, \(\mathcal {B}\) has properly simulated Game_{k,2}. Hence, \(\mathcal {A}\) can distinguish Game_{k,1} from Game_{k,2} with negligible probability, otherwise \(\mathcal {B}\) can break the CMH security of P.
Claim 2
For any adversary \(\mathcal {A}\) can distinguish Game_{k,1} from Game_{k,2}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{k, 1}  Adv_{\mathcal {A}}^{k, 2} \le Adv_{\mathcal {B}}^{\mathbf {TRF}}\), conditioned on ¬F occurs.
Proof We will build a PPT adversary \(\mathcal {B}\) against the family of tampering resilient functions \(\mathcal {H}\) with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given (g_{1},g_{2},g_{3}) and will simulate either Game_{k,1} or Game_{k,2}.
Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = \left (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)}\right)\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\).
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) in the following way:

j<k: In this case, \(\mathcal {B}\) generates type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\alpha } \xleftarrow {\$} \mathbb {Z}_{N}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(\hat{\alpha}, \mathbf{0}, \mathbf{0})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α).

j=k: Upon receiving X_{k} and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X_{k})\) and picks \(\mathbf {r}, \hat {\mathbf {r}}\xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\mathbf {h}} \xleftarrow {\$} \mathbb {Z}_{N}^{n}\). It computes \(T_{\beta } \leftarrow \left \{\begin {array}{ll} g_{1}^{\mathbf {k}(\mathrm {H}(\phi _{i}(\alpha)), \mathbf {r}, \mathbf {h})} \cdot g_{2}^{\mathbf {k}(0, \hat {\mathbf {r}}, \hat {\mathbf {h}})} & \text {if }\beta = 0 \\ g_{1}^{\mathbf {k}(\mathrm {H}(\phi _{i}(\alpha)), \mathbf {r}, \mathbf {h})} \cdot g_{2}^{\mathbf {k}(\alpha, \hat {\mathbf {r}}, \hat {\mathbf {h}})} & \text {if }\beta = 1 \\ \end {array}\right.\)
and the secret key:
$$\text{SK}_{X} = T_{\beta} \cdot \mathbf{R}_{3}. $$ 
j>k: In this phase, \(\mathcal {B}\) generates normal secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot \mathbf{R}_{3}. $$
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s} = (s, s_{1}, \dots, s_{w_{2}}), \hat {\mathbf {s}} \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes \(D \leftarrow g_{2}^{\mathbf {c}(\hat {\mathbf {s}}, \hat {\mathbf {h}})}\) and the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext. Phase 2. In this phase, \(\mathcal {B}\) answers all key generation queries from \(\mathcal {A}\) with the falsified master key and sending normal secret keys to \(\mathcal {A}\).

If β=0,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(0, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type1 semifunctional secret key under the falsified master key ϕ_{i}(α). In this case, \(\mathcal {B}\) has properly simulated Game_{k,1}.

If β=1,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(\hat{\alpha}, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type2 semifunctional secret key under the falsified master key ϕ_{i}(α). In this case, \(\mathcal {B}\) has properly simulated Game_{k,2}.
In this case, R(X_{k},Y^{∗})=1 (Here ϕ_{i}(α)≠α), SK_{X} can be used to decrypt the challenge ciphertext and the adversary will get \(\phantom {\dot {i}\!}e(g_{1}, g_{1})^{\mathrm {H}(\phi _{i}(\alpha)) s}\) or \(e(g_{1}, g_{1})^{\mathrm {H}(\phi _{i}(\alpha)) s}\allowbreak e(g_{2}, g_{2})^{\hat {\alpha }\hat {s}}\). Due to the property of \(\mathcal {H}\), \(e(g_{1}, g_{1})^{\mathrm {H}(\phi _{i}(\alpha))s}\phantom {\dot {i}\!}\) is still a random element in \(\mathbb {G}_{T}\) given e(g_{1},g_{1})^{H(α)s}M_{b}, meaning that both secret keys cannot decrypt correctly. Hence, \(\mathcal {A}\) can distinguish Game_{k,1} from Game_{k,2} with negligible probability, otherwise \(\mathcal {B}\) can break the TRF family \(\mathcal {H}\).
Lemma 5
For any adversary \(\mathcal {A}\) can distinguish Game_{k,2} from Game_{k,3}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{k, 2}  Adv_{\mathcal {A}}^{k, 3} \le Adv_{\mathcal {B}}^{\mathbf {SD2}}\).
Proof We will build a PPT adversary \(\mathcal {B}\) against Assumption SD2 with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given \(D = \left (\mathbf {param}_{\mathbb {G}}, g_{1}, g_{3}, g_{1}^{u}g_{2}^{z}, g_{2}^{v}g_{3}^{\rho }, T_{\beta }\right)\) and will simulate either Game_{k,2} or Game_{k,3} with D. Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)})\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\). Let g_{2} be an unknown random generator of \(G_{p_{2}}\). \(\mathcal {B}\) implicitly sets \(\hat {\mathbf {h}} \mod p_{2} = \mathbf {h} \mod p_{2}\). \(\hat {\mathbf {h}}\) is properly distributed and is independent from h mod p_{1} due to the Chinese Remainder Theorem.
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) in the following way:

j<k: In this case, \(\mathcal {B}\) generates type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot (g_{2}^{v}g_{3}^{\rho})^{\mathbf{k}(\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\alpha } = v\hat {\alpha }^{\prime }\) is uniform.

j=k: Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}^{\prime }, \hat {\mathbf {r}}^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})}\cdot (g_{2}^{v}g_{3}^{\rho})^{\mathbf{k}(\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot (T_{\beta})^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3}. $$ 
j>k: In this phase, \(\mathcal {B}\) generates normal secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot \mathbf{R}_{3}. $$
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s}^{\prime } = (s^{\prime }, s^{\prime }_{1}, \dots, s^{\prime }_{w_{2}}) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext where \(\hat {\mathbf {s}} = z\mathbf {s}^{\prime }\mod p_{2}\) is uniform and independent from \(\mathbf {s} = u\mathbf {s}^{\prime }\mod p_{1}\) due to the Chinese Remainder Theorem.
Phase 2. In this phase, \(\mathcal {B}\) answers all key generation queries from \(\mathcal {A}\) with the falsified master key and sending normal secret keys to \(\mathcal {A}\).

If β=0,
$$\begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})}\cdot (g_{2}^{v}g_{3}^{\rho})^{\mathbf{k}(\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot (g_{1}^{w}g_{3}^{\delta})^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3} \\ &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})}\cdot g_{2}^{\mathbf{k}(v\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot \mathbf{R}^{\prime}_{3}. \end{aligned} $$SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\) and \(\hat {\alpha } = v\hat {\alpha }^{\prime }\) are uniform. In this case, \(\mathcal {B}\) has properly simulated Game_{k,3}.

If β=1,
$$\begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})}\cdot \left(g_{2}^{v}g_{3}^{\rho}\right)^{\mathbf{k}(\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot \left(g_{1}^{w}g_{2}^{\kappa}g_{3}^{\delta}\right)^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3} \\ &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(v\hat{\alpha}^{\prime}, {\kappa}\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}^{\prime}_{3}. \end{aligned} $$SK_{X} is a properly distributed and type2 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\mathbf {r}} = {\kappa }\hat {\mathbf {r}}^{\prime } \mod p_{2}\) and \(\hat {\mathbf {h}} = \mathbf {h} \mod p_{2}\) are uniform and independent from \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\) and h. In this case, \(\mathcal {B}\) has properly simulated Game_{k,2}. Hence, \(\mathcal {A}\) can distinguish Game_{k,2} from Game_{k,3} with negligible probability, otherwise \(\mathcal {B}\) can break Assumption SD2.
Lemma 6
For any adversary \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}, 3}\) from \(\mathbf {Game}_{q_{1}+1}\), there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{q_{1}, 3}  Adv_{\mathcal {A}}^{q_{1}+1} \le Adv_{\mathcal {B}}^{\mathbf {SD2}}\).
Proof We will build a PPT adversary \(\mathcal {B}\) against Assumption SD2 with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given \(D = \left (\mathbf {param}_{\mathbb {G}}, g_{1}, g_{3}, g_{1}^{u}g_{2}^{z}, g_{2}^{v}g_{3}^{\rho }, T_{\beta }\right)\) and will simulate either \(\mathbf {Game}_{q_{1}, 3}\) or \(\mathbf {Game}_{q_{1}+1}\) with D. Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)})\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\). Let g_{2} be an unknown random generator of \(G_{p_{2}}\). \(\mathcal {B}\) implicitly sets \(\hat {\mathbf {h}} \mod p_{2} = \mathbf {h} \mod p_{2}\). \(\hat {\mathbf {h}}\) is properly distributed and is independent from h mod p_{1} due to the Chinese Remainder Theorem.
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) by generating type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}\). Then it computes the secret key:
SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\alpha } = v\hat {\alpha }^{\prime }\) is uniform.
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s}^{\prime } = (s^{\prime }, s^{\prime }_{1}, \dots, s^{\prime }_{w_{2}}) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext where \(\hat {\mathbf {s}} = z\mathbf {s}^{\prime }\mod p_{2}\) is uniform and independent from \(\mathbf {s} = u\mathbf {s}^{\prime }\mod p_{1}\) due to the Chinese Remainder Theorem.
Phase 2. In this phase, \(\mathcal {B}\) answers all key generation queries from \(\mathcal {A}\) with the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}^{\prime }, \hat {\mathbf {r}}^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \allowbreak \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:

If β=0,
$$ \begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})} \cdot (g_{1}^{w}g_{3}^{\delta})^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3} \\ &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}^{\prime}_{3}. \end{aligned} $$SK_{X} is a properly distributed and normal secret key under the falsified master key ϕ_{i}(α) where \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\) is uniform. In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {Game}_{q_{1}, 3}\).

If β=1,
$$ \begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})} \cdot (g_{1}^{w}g_{2}^{\kappa}g_{3}^{\delta})^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3} \\ &= g_{1}^{\mathbf{k}(\mathrm{H}\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(0, {\kappa}\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}^{\prime}_{3}. \end{aligned} $$SK_{X} is a properly distributed and type1 semifunctional secret key the falsified master key ϕ_{i}(α) where \(\hat {\mathbf {r}} = {\kappa }\hat {\mathbf {r}}^{\prime } \mod p_{2}\) is uniform and independent from \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\). In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {Game}_{q_{1}+1}\). Hence, \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}, 3}\) from \(\mathbf {Game}_{q_{1}+1}\) with negligible probability, otherwise \(\mathcal {B}\) can break Assumption SD2.
Lemma 7
For any adversary \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}+1}\) from \(\mathbf {Game}_{q_{1}+2}\), there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(\left Adv_{\mathcal {A}}^{q_{1}+1}  Adv_{\mathcal {A}}^{q_{1}+2}\right  \le Adv_{\mathcal {B}}^{\mathbf {SMH}} + Adv_{\mathcal {B}}^{\mathbf {TRF}}\).
If the adversary \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}+1}\) from \(\mathbf {Game}_{q_{1}+2}\), we can build a PPT adversary \(\mathcal {B}\) against the SMH security of the pair encoding scheme P or the TRF family \(\mathcal {H}\). Denote K^{∗} by the challenge secret key. Define F as the event that K^{∗} is generated under the original master key and ¬F be the event that K^{∗} is generated under the falsified master key. In order to complete the proof of Lemma 7, it suffices to prove Claim 3, and 4.
Claim 3
For any adversary \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}+1}\) from \(\mathbf {Game}_{q_{1}+2}\), there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(\left Adv_{\mathcal {A}}^{q_{1}+1}  Adv_{\mathcal {A}}^{q_{1}+2}\right  \le Adv_{\mathcal {B}}^{\mathbf {SMH}}\), conditioned on F occurs.
Proof We will build a PPT adversary \(\mathcal {B}\) against the SMH security of the pair encoding scheme P with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given (g_{1},g_{2},g_{3}) and will simulate either \(\mathbf {Game}_{q_{1}+1}\) or \(\mathbf {Game}_{q_{1}+2}\).
Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = \left (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)}\right)\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\).
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) by generating type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α).
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) makes a ciphertext query to its challenger and receives back \(D = g_{2}^{\mathbf {c}(\hat {\mathbf {s}}, \hat {\mathbf {h}})}\). Then \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s} = (s, s_{1}, \dots, s_{w_{2}}) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext.
Phase 2. In this phase, upon receiving X_{j} and a tampering function ϕ_{i}, \(\mathcal {B}\) makes a key query to its challenger and receives back \(T_{\beta } = g_{2}^{\mathbf {k}(\beta, \hat {\mathbf {r}}, \hat {\mathbf {h}})}\). This query can be made since R(X_{j},Y^{∗})=0. \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X_{k})\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). It computes the secret key:

If β=0,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\alpha), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(0, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type1 semifunctional secret key under the original master key α. In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {G}_{q_{1}+1}\).

If β=1,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\alpha), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(\hat{\alpha}, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type2 semifunctional secret key under the original master key α. In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {G}_{q_{1}+2}\). Hence, \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}+1}\) from \(\mathbf {Game}_{q_{1}+2}\) with negligible probability, otherwise \(\mathcal {B}\) can break the SMH security of P.
Claim 4
For any adversary \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}+1}\) from \(\mathbf {Game}_{q_{1}+2}\), there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{q_{1}+1}  Adv_{\mathcal {A}}^{q_{1}+2} \le Adv_{\mathcal {B}}^{\mathbf {TRF}}\), conditioned on ¬F occurs.
Proof We will build a PPT adversary \(\mathcal {B}\) against the family of tampering resilient functions \(\mathcal {H}\) with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given (g_{1},g_{2},g_{3}) and will simulate either \(\mathbf {Game}_{q_{1}+1}\) or \(\mathbf {Game}_{q_{1}+2}\).
Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)})\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\).
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) by generating type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α).
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s} = (s, s_{1}, \dots, s_{w_{2}}) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}, \hat {\mathbf {h}} \xleftarrow {\$} \mathbb {Z}_{N}^{n}\) and computes \(D \leftarrow g_{2}^{\mathbf {c}(\hat {\mathbf {s}}, \hat {\mathbf {h}})}\) and the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext.
Phase 2. In this phase, upon receiving X_{j} and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X_{k})\) and picks \(\mathbf {r}, \hat {\mathbf {r}}\xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). It computes \(T_{\beta } \leftarrow \left \{\begin {array}{ll} g_{1}^{\mathbf {k}(\mathrm {H}(\phi _{i}(\alpha)), \mathbf {r}, \mathbf {h})} \cdot g_{2}^{\mathbf {k}(0, \hat {\mathbf {r}}, \hat {\mathbf {h}})} & \text {if }\beta = 0 \\ g_{1}^{\mathbf {k}(\mathrm {H}(\phi _{i}(\alpha)), \mathbf {r}, \mathbf {h})} \cdot g_{2}^{\mathbf {k}(\alpha, \hat {\mathbf {r}}, \hat {\mathbf {h}})} & \text {if }\beta = 1 \\ \end {array}\right.\) and the secret key:

If β=0,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(0, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type1 semifunctional secret key under the falsified master key ϕ_{i}(α). In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {G}_{q_{1}+1}\).

If β=1,
$$\text{SK}_{X} = g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(\hat{\alpha}, \hat{\mathbf{r}}, \hat{\mathbf{h}})} \cdot \mathbf{R}_{3}. $$SK_{X} is a properly distributed and type2 semifunctional secret key under the falsified master key ϕ_{i}(α). In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {Game}_{q_{1}+2}\).
In this case, R(X_{k},Y^{∗})=1 (Here ϕ_{i}(α)≠α), SK_{X} can be used to decrypt the challenge ciphertext and the adversary will get \(\phantom {\dot {i}\!}e(g_{1}, g_{1})^{\mathrm {H}(\phi _{i}(\alpha)) s}\) or \(e(g_{1}, g_{1})^{\mathrm {H}(\phi _{i}(\alpha)) s}\allowbreak e(g_{2}, g_{2})^{\hat {\alpha }\hat {s}}\). Because of property of \(\mathcal {H}\), \(e(g_{1}, g_{1})^{\mathrm {H}(\phi _{i}(\alpha))s}\phantom {\dot {i}\!}\) is still a random element in \(\mathbb {G}_{T}\) given e(g_{1},g_{1})^{H(α)s}M_{b}, meaning that both secret keys cannot decrypt correctly. Hence, \(\mathcal {A}\) can distinguish \(\mathbf {Game}_{q_{1}+1}\) from \(\mathbf {Game}_{q_{1}+2}\) with negligible probability, otherwise \(\mathcal {B}\) can break the TRF family \(\mathcal {H}\).
Lemma 8
For any adversary \(\mathcal {A}\) can distinguish \(\mathbf {G}_{q_{1}+2}\) from \(\mathbf {G}_{q_{1}+3}\), there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(Adv_{\mathcal {A}}^{q_{1}+2}  Adv_{\mathcal {A}}^{q_{1}+3} \le Adv_{\mathcal {B}}^{\mathbf {SD2}}\).
Proof We will build a PPT adversary \(\mathcal {B}\) against Assumption SD2 with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given \(D = \left (\mathbf {param}_{\mathbb {G}}, g_{1}, g_{3}, g_{1}^{u}g_{2}^{z}, g_{2}^{v}g_{3}^{\rho }, T_{\beta }\right)\) and will simulate either \(\mathbf {G}_{q_{1}+2}\) or G_{q+1+3} with D. Setup.\(\mathcal {B}\) chooses \(\mathbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \alpha \xleftarrow {\$} \mathbb {Z}_{N}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, e(g_{1}, g_{1})^{\mathrm {H}(\alpha)})\) and the master key MSK=α. Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\). Let g_{2} be an unknown random generator of \(G_{p_{2}}\). \(\mathcal {B}\) implicitly sets \(\hat {\mathbf {h}} \mod p_{2} = \mathbf {h} \mod p_{2}\). \(\hat {\mathbf {h}}\) is properly distributed and is independent from h mod p_{1} due to the Chinese Remainder Theorem. Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) by generating type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}\). Then it computes the secret key:
SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\alpha } = v\hat {\alpha }^{\prime }\) is uniform.
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s}^{\prime } = (s^{\prime }, s^{\prime }_{1}, \dots, s^{\prime }_{w_{2}}) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\), which is a properly distributed and semifunctional ciphertext where \(\hat {\mathbf {s}} = z\mathbf {s}^{\prime }\mod p_{2}\) is uniform and independent from \(\mathbf {s} = u\mathbf {s}^{\prime }\mod p_{1}\) due to the Chinese Remainder Theorem.
Phase 2. In this phase, \(\mathcal {B}\) answers all key generation queries from \(\mathcal {A}\) with the falsified master key. At the beginning, \(\mathcal {B}\) picks \(\hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}\). Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}^{\prime }, \hat {\mathbf {r}}^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:

If β=0,
$$\begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)) \mathbf{r}^{\prime}, \mathbf{h})}\cdot (g_{2}^{v}g_{3}^{\rho})^{\mathbf{k}(\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot (g_{1}^{w}g_{3}^{\delta})^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3}\\ &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})}\cdot g_{2}^{\mathbf{k}(v\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot \mathbf{R}^{\prime}_{3}. \end{aligned} $$SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\) and \(\hat {\alpha } = v\hat {\alpha }^{\prime }\) are uniform. In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {G}_{q_{1}+3}\)

If β=1,
$$\begin{aligned} \text{SK}_{X} &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}, \mathbf{h})}\cdot (g_{2}^{v}g_{3}^{\rho})^{\mathbf{k}(\hat{\alpha}^{\prime}, \mathbf{0}, \mathbf{0})} \cdot (g_{1}^{w}g_{2}^{\kappa}g_{3}^{\delta})^{\mathbf{k}(0, \hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}_{3} \\ &= g_{1}^{\mathbf{k}(\mathrm{H}(\phi_{i}(\alpha)), \mathbf{r}^{\prime}+w\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot g_{2}^{\mathbf{k}(v\hat{\alpha}^{\prime}, {\kappa}\hat{\mathbf{r}}^{\prime}, \mathbf{h})} \cdot \mathbf{R}^{\prime}_{3}. \end{aligned} $$SK_{X} is a properly distributed and type2 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\mathbf {r}} = {\kappa }\hat {\mathbf {r}}^{\prime } \mod p_{2}\) and \(\hat {\mathbf {h}} = \mathbf {h} \mod p_{2}\) are uniform and independent from \(\mathbf {r} = \mathbf {r}^{\prime }+w\hat {\mathbf {r}}^{\prime } \mod p_{1}\) and h. In this case, \(\mathcal {B}\) has properly simulated G_{q+2}. Hence, \(\mathcal {A}\) can distinguish G_{q+2} from \(\mathbf {G}_{q_{1}+3}\) with negligible probability, otherwise \(\mathcal {B}\) can break Assumption SD2.
Lemma 9
For any adversary \(\mathcal {A}\) can distinguish \(\mathbf {G}_{q_{1}+3}\) from G_{final}, there exists an adversary \(\mathcal {B}\), such that for any security parameter λ, \(\left Adv_{\mathcal {A}}^{q_{1}+3}  Adv_{\mathcal {A}}^{final}\right  \le Adv_{\mathcal {B}}^{\mathbf {TRFSD3}}\).
Proof We will build a PPT adversary \(\mathcal {B}\) against the Assumption TRFSD3 with the help of an adversary \(\mathcal {A}\). \(\mathcal {B}\) is given \(D = \left (\mathbf {param}_{\mathbb {G}}, g_{1}, g_{2}, g_{3}, g_{1}^{H(\alpha)}g_{2}^{u},\right. \left. g_{1}^{H(\phi _{i}(\alpha))}g_{2}^{u}, g_{1}^{s}g_{2}^{v}, T_{\beta }\right)\) and will simulate either \(\mathbf {G}_{q_{1}+3}\) or G_{final} with D.
Setup.\(\mathcal {B}\) chooses \(\textbf {h} \xleftarrow {\$} \mathbb {Z}_{N}^{n}, \mathrm {H} \xleftarrow {\$} \mathcal {H}\) and computes the public key \(\text {PP} = (g_{1}, g_{3}, g_{1}^{\mathbf {h}}, \allowbreak e(g_{1}, g_{1}^{H(\alpha)}g_{2}^{u}) = e(g_{1}, g_{1})^{\mathrm {H}(\alpha)})\). Then \(\mathcal {B}\) gives PP to \(\mathcal {A}\).
Phase 1. In this phase, \(\mathcal {B}\) answers all key generation queries and tampering queries from \(\mathcal {A}\) by generating type3 semifunctional secret keys under the falsified master key. Upon receiving X and a tampering function ϕ_{i}, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r} \xleftarrow {\$} \mathbb {Z}_{N}^{m_{2}}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}, \hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}\). Then it computes the secret key ^{Footnote 7}:
SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\alpha } = u + \hat {\alpha }^{\prime }\) is uniform.
Challenge. In this phase, \(\mathcal {A}\) submits two messages M_{0},M_{1} and the challenge parameter Y^{∗}. \(\mathcal {B}\) flips an unbiased coin \(b \xleftarrow {\$} \{0, 1\}\) and runs \((\mathbf {c}; w_{2})\leftarrow \mathbf {Enc2}(Y^{*})\). Then it picks \(\mathbf {s}^{\prime } = (s^{\prime }, s^{\prime }_{1}, \dots, s^{\prime }_{w_{2}}) \xleftarrow {\$} \mathbb {Z}_{N}^{w_{2}+1}\) and computes the challenge ciphertext \(\text {CT}^{*}_{Y^{*}} = (\mathbf {C}_{0}, C_{1})\) as follows:
\(\mathcal {B}\) sends \(\mathcal {A}\) the challenge ciphertext \(\text {CT}^{*}_{Y^{*}}\).
Phase 2. In this phase, \(\mathcal {B}\) answers all key generation queries from \(\mathcal {A}\) with the falsified master key. At the beginning, \(\mathcal {B}\) picks \(\hat {\alpha }^{\prime } \xleftarrow {\$} \mathbb {Z}_{N}\). Upon receiving X, \(\mathcal {B}\) runs \((\mathbf {k}; m_{2})\leftarrow \mathbf {Enc1}(X)\) and picks \(\mathbf {r}, \mathbf {R}_{3} \xleftarrow {\$} \mathbb {Z}_{p_{3}}^{m_{1}}\). Then it computes the secret key:
SK_{X} is a properly distributed and type3 semifunctional secret key under the falsified master key ϕ_{i}(α) where \(\hat {\alpha } = u + \hat {\alpha }^{\prime }\) is uniform.

If β=0,
$$\mathbf{C}_{0} = g_{1}^{\mathbf{c}(s\mathbf{s}^{\prime}, \mathbf{h})}g_{2}^{\mathbf{c}(v\mathbf{s}^{\prime}, \mathbf{h})}, C_{1} = e(g_{1}, g_{1})^{\mathrm{H}(\alpha)s}M_{b} $$\(\text {CT}^{*}_{Y^{*}}\) is a properly distributed and semifunctional ciphertext where \(\hat {\mathbf {s}} = v\mathbf {s}^{\prime }\mod p_{2}\) is uniform and independent from \(\mathbf {s} = s\mathbf {s}^{\prime }\mod p_{1}\) due to the Chinese Remainder Theorem. In this case, \(\mathcal {B}\) has properly simulated \(\mathbf {G}_{q_{1}+3}\).

If β=1,
$$\mathbf{C}_{0} = g_{1}^{\mathbf{c}(s\mathbf{s}^{\prime}, \mathbf{h})}g_{2}^{\mathbf{c}(v\mathbf{s}^{\prime}, \mathbf{h})}, C_{1} = T_{1}M_{b} $$\(\text {CT}^{*}_{Y^{*}}\) is a properly distributed, semifunctional and random ciphertext. In this case, \(\mathcal {B}\) has properly simulated G_{final}.
Although \(\mathcal {A}\) is allowed to make key generation queries for X where R(X,Y^{∗})=1, he receives secret keys under the falsified master key ϕ_{i}(α) and ϕ_{i} cannot be the identity function. If \(\mathcal {A}\) attempts to decrypt, he can only get \(e(g_{1}, g_{1})^{\mathrm {H}(\phi _{i}(\alpha))s}\phantom {\dot {i}\!}\). Due to property of the tampering resilient function, H(α) is independent from H(ϕ_{i}(α)) when ϕ_{i}(α)≠α. That is, these secret keys are useless for \(\mathcal {A}\). Hence, \(\mathcal {A}\) can distinguish G_{q+3} from G_{final} with negligible probability, otherwise \(\mathcal {B}\) can break the Assumption TRFSD3.
Availability of data and materials
Not applicable.
Notes
 1.
Tampering resilience is equivalent to relatedkey attacks (RKA) security defined in earlier work (Bellare and Kohno 2003).
 2.
A tampering function is also called a relatedkey derivation (RKD) function (Bellare and Kohno 2003).
 3.
The TRPRF is exactly the RKAPRF (Bellare and Kohno 2003).
 4.
The property is required for predicates whose domains are compositeorder, such as the predicates in Attrapadung’s framework (Attrapadung 2014).
 5.
A function ϕ=a∗d is a groupinduced function if the operation ∗ corresponds to the componentwise multiplication on \(\mathbb {Z}_{p}^{*}\).
 6.
Recent work (Matsuda and Schuldt 2018) provided a TRPRF construction for arbitrary tampering functions satisfying collisionresistance and outputunpredictability for a bounded number of falsified keys. Since the construction is incompatible with our security model, we omit it here.
 7.
Since the tampering functions ϕ_{i} are given before the security game, the challenger can generate properly distributed secret keys under the falsified master key with \(g_{1}^{H(\phi _{i}(\alpha))}g_{2}^{u}\) received from the Assumption TRFSD3.
References
Agrawal, D, Archambeault B, Rao JR, Rohatgi P (2003) The EM Side—Channel(s). In: Kaliski BS, Koċ ċK, Paar C (eds)Lecture Notes in Computer Science, 29–45.. CHES, Springer Berlin Heidelberg, Berlin.
Agrawal, S, Chase M (2016) A Study of Pair Encodings: Predicate Encryption in Prime Order Groups. In: Kushilevitz E Malkin T (eds)Lecture Notes in Computer Science, 259–288.. TCC, Springer Berlin Heidelberg, Berlin.
Attrapadung, N (2014) Dual System Encryption via Doubly Selective Security: Framework, Fully Secure Functional Encryption for Regular Languages, and More(Nguyen PQ, Oswald E, eds.). EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Attrapadung, N (2016) Dual System Encryption Framework in PrimeOrder Groups via Computational Pair Encodings(Cheon JH, Takagi T, eds.). ASIACRYPT, Springer Berlin Heidelberg, Berlin.
Bellare, M, Cash D (2010) Pseudorandom Functions and Permutations Provably Secure against RelatedKey Attacks. In: Rabin T (ed)Lecture Notes in Computer Science, 666–684.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Bellare, M, Cash D, Miller R (2011) Cryptography Secure against RelatedKey Attacks and Tampering(Lee DH, Wang X, eds.). ASIACRYPT, Springer Berlin Heidelberg, Berlin.
Bellare, M, Kohno T (2003) A Theoretical Treatment of RelatedKey Attacks: RKAPRPs, RKAPRFs, and Applications(Biham E, ed.). EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Bellare, M, Meiklejohn S, Thomson S (2014) KeyVersatile Signatures and Applications: RKA, KDM and Joint Enc/Sig(Nguyen PQ, Oswald E, eds.). EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Bellare, M, Paterson KG, Thomson S (2012) RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures(Wang X, Sako K, eds.). ASIACRYPT, Springer Berlin Heidelberg, Berlin.
Biham, E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Kaliski BS (ed)Lecture Notes in Computer Science, 513–525.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Boneh, D, DeMillo RA, Lipton RJ (1997) On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy W (ed)Lecture Notes in Computer Science, 37–51.. EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Boneh, D, Franklin M (2001) IdentityBased Encryption from the Weil Pairing. In: Kilian J (ed)Lecture Notes in Computer Science, 213–229.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Chen, J, Gay R, Wee H (2015) Improved Dual System ABE in PrimeOrder Groups via Predicate Encodings(Oswald E, Fischlin M, eds.). EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Damgård, I, Faust S, Mukherjee P, Venturi D (2013) Bounded Tamper Resilience: How to Go beyond the Algebraic Barrier(Sako K, Sarkar P, eds.). ASIACRYPT, Springer Berlin Heidelberg, Berlin.
Damgård, I, Faust S, Mukherjee P, Venturi D (2015) The Chaining Lemma and Its Application(Lehmann A, Wolf S, eds.). ICITS, Springer International Publishing, Berlin.
Faonio, A, Venturi D (2016) Efficient PublicKey Cryptography with Bounded Leakage and Tamper Resilience. In: Cheon JH Takagi T (eds)Lecture Notes in Computer Science, 877–907.. PKC, Springer Berlin Heidelberg, Berlin.
Faust, S, Mukherjee P, Venturi D, Wichs D (2014) Efficient Nonmalleable Codes and KeyDerivation for Polysize Tampering Circuits. In: Nguyen PQ Oswald E (eds)Lecture Notes in Computer Science, 111–128.. EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Fujisaki, E, Xagawa K (2015) Efficient RKASecure KEM and IBE Schemes Against Invertible Functions(Lauter K, RodríguezHenríquez F, eds.). LATINCRYPT, Springer International Publishing, Berlin.
Fujisaki, E, Xagawa K (2016) PublicKey Cryptosystems Resilient to Continuous Tampering and Leakage of Arbitrary Functions(Cheon JH, Takagi T, eds.). ASIACRYPT, Springer Berlin Heidelberg, Berlin.
Gennaro, R, Lysyanskaya A, Malkin T, Micali S, Rabin T (2004) Algorithmic TamperProof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering. In: Naor M (ed)Lecture Notes in Computer Science, 258–277.. TCC, Springer Berlin Heidelberg, Berlin.
Goyal, V, O’Neill A, Rao V (2011) CorrelatedInput Secure Hash Functions. In: Ishai Y (ed)Lecture Notes in Computer Science, 182–200.. TCC, Springer Berlin Heidelberg, Berlin.
Kalai, YT, Kanukurthi B, Sahai A (2011) Cryptography with Tamperable and Leaky Memory. In: Rogaway P (ed)Lecture Notes in Computer Science, 373–390.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Katz, J, Sahai A, Waters B (2008) Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products. In: Smart N (ed)Lecture Notes in Computer Science, 146–162.. EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Kocher, P (1996) Timing Attacks on Implementations of DiffieHellman, RSA, DSS, and Other Systems. In: Koblitz N (ed)Lecture Notes in Computer Science, 104–113.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Kocher, P, Jaffe J, Jun B (1999) Differential Power Analysis. In: Wiener M (ed)Lecture Notes in Computer Science, 388–397.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Lewko, A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully Secure Functional Encryption: AttributeBased Encryption and (Hierarchical) Inner Product Encryption. In: Gilbert H (ed)Lecture Notes in Computer Science, 62–91.. EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Lewko, A, Waters B (2010) New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts. In: Micciancio D (ed)Lecture Notes in Computer Science, 455–479.. TCC, Springer Berlin Heidelberg, Berlin.
Liu, FH, Lysyanskaya A (2012) Tamper and Leakage Resilience in the SplitState Model. In: SafaviNaini R Canetti R (eds)Lecture Notes in Computer Science, 517–532.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Matsuda, T, Schuldt JCN (2018) Related Randomness Security for Public Key Encryption, Revisited. In: Abdalla M Dahab R (eds)Lecture Notes in Computer Science, 280–311.. PKC, Springer Berlin Heidelberg, Berlin.
Okamoto, T, Takashima K (2009) Hierarchical Predicate Encryption for InnerProducts(Matsui M, ed.). ASIACRYPT, Springer Berlin Heidelberg, Berlin.
Okamoto, T, Takashima K (2010) Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption. In: Rabin T (ed)Lecture Notes in Computer Science, 191–208.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Okamoto, T, Takashima K (2012) Adaptively AttributeHiding (Hierarchical) Inner Product Encryption. In: Pointcheval D Johansson T (eds)Lecture Notes in Computer Science, 591–608.. EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Qin, B, Liu S, Yuen TH, Deng RH, Chen K (2015) Continuous Nonmalleable Key Derivation and Its Application to RelatedKey Security. In: Katz J (ed)Lecture Notes in Computer Science, 557–578.. PKC, Springer Berlin Heidelberg, Berlin.
Waters, B (2005) Efficient IdentityBased Encryption Without Random Oracles(Cramer R, ed.). EUROCRYPT, Springer Berlin Heidelberg, Berlin.
Waters, B (2009) Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions. In: Halevi S (ed)Lecture Notes in Computer Science, 619–636.. CRYPTO, Springer Berlin Heidelberg, Berlin.
Wee, H (2012) Public Key Encryption against Related Key Attacks. In: Fischlin M, Buchmann J, Manulis M (eds)Lecture Notes in Computer Science, 262–279.. PKC, Springer Berlin Heidelberg, Berlin.
Wee, H (2014) Dual System Encryption via Predicate Encodings. In: Lindell Y (ed)Lecture Notes in Computer Science, 616–637.. TCC, Springer Berlin Heidelberg, Berlin.
Acknowledgements
Not applicable.
Funding
This work was supported in part by National Natural Science Foundation of China (No. 61632020, 61472416, 61772520), National key research and development program of China (No. 2017YFB0802705), Key Research Project of Zhejiang Province (No. 2017C01062), Fundamental Theory and Cuttingedge Technology Research Program of Institute of Information Engineering, CAS (No. Y7Z0321102).
Author information
Affiliations
Contributions
YL proposed the tampering attacks on PE, showed how to design secure PE against such attacks and drafted the manuscript. RZ and YZ participated in problem discussions and improvements of the manuscript. All authors read and approved the final manuscript.
Corresponding author
Correspondence to Yongbin Zhou.
Ethics declarations
Competing interests
The authors declare that they have no competing interests.
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License(http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
About this article
Cite this article
Liu, Y., Zhang, R. & Zhou, Y. Predicate encryption against masterkey tampering attacks. Cybersecur 2, 22 (2019) doi:10.1186/s4240001900396
Received
Accepted
Published
DOI
Keywords
 Tampering resilience
 Predicate encryption
 Pair encoding
 Dual system encryption