6 results sorted by ID
Redeeming Reset Indifferentiability and Post-Quantum Groups
Mark Zhandry
Secret-key cryptography
Indifferentiability is used to analyze the security of constructions of idealized objects, such as random oracles or ideal ciphers. Reset indifferentiability is a strengthening of plain indifferentiability which is applicable in far more scenarios, but is often considered too strong due to significant impossibility results. Our main results are:
- Under weak reset indifferentiability, ideal ciphers imply (fixed size) random oracles and random oracle domain shrinkage is possible. We thus...
Reset Indifferentiability and its Consequences
Paul Baecher, Chris Brzuska, Arno Mittelbach
Foundations
The equivalence of the random-oracle model and the ideal-cipher model has been studied in a long series of results. Holenstein, Künzler, and Tessaro (STOC, 2011) have recently completed the picture positively, assuming that, roughly speaking, equivalence is indifferentiability from each other. However, under the stronger notion of reset indifferentiability this picture changes significantly, as Demay et al. (EUROCRYPT, 2013) and Luykx et al. (ePrint, 2012) demonstrate.
We complement these...
Salvaging Indifferentiability in a Multi-stage Setting
Arno Mittelbach
Foundations
The indifferentiability framework by Maurer, Renner and Holenstein (MRH; TCC 2004) formalizes
a sufficient condition to safely replace a random oracle by a construction based on a
(hopefully) weaker assumption such as an ideal cipher. Indeed, many indifferentiable hash functions
have been constructed and could since be used in place of random oracles. Unfortunately,
Ristenpart, Shacham,
and Shrimpton (RSS; Eurocrypt 2011) discovered that for a large class of
security notions,
the MRH...
Impossibility Results for Indifferentiability with Resets
Atul Luykx, Elena Andreeva, Bart Mennink, Bart Preneel
Foundations
The indifferentiability framework of Maurer, Renner, and Holenstein (MRH) has gained immense popularity in recent years and has proved to be a powerful way to argue security of cryptosystems that enjoy proofs in the random oracle model. Recently, however, Ristenpart, Shacham, and Shrimpton (RSS) showed that the composition theorem of MRH has a more limited scope than originally thought, and that extending its scope required the introduction of reset-indifferentiability, a notion which no...
Reset Indifferentiability from Weakened Random Oracle Salvages One-pass Hash Functions
Yusuke Naito, Kazuki Yoneyama, Kazuo Ohta
Ristenpart et al. showed that the limitation of the indifferentiability
theorem of Maurer et al. which does not cover all multi stage security notions
but covers only single stage security notions, defined a new concept (reset
indifferentiability), and proved the reset indifferentiability theorem, which
is an analogy of the indifferentiability theorem covers all security
notions S: if H^U is reset indifferentiable from RO, for any security notion,
a cryptosystem C is at least as secure in...
Careful with Composition: Limitations of Indifferentiability and Universal Composability
Thomas Ristenpart, Hovav Shacham, Thomas Shrimpton
We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This contradicts the widely accepted belief that the indifferentiability composition theorem applies to any cryptosystem. We characterize the uncovered limitation of the indifferentiability framework by show- ing that the formalizations used thus far implicitly exclude security notions captured by...
Indifferentiability is used to analyze the security of constructions of idealized objects, such as random oracles or ideal ciphers. Reset indifferentiability is a strengthening of plain indifferentiability which is applicable in far more scenarios, but is often considered too strong due to significant impossibility results. Our main results are: - Under weak reset indifferentiability, ideal ciphers imply (fixed size) random oracles and random oracle domain shrinkage is possible. We thus...
The equivalence of the random-oracle model and the ideal-cipher model has been studied in a long series of results. Holenstein, Künzler, and Tessaro (STOC, 2011) have recently completed the picture positively, assuming that, roughly speaking, equivalence is indifferentiability from each other. However, under the stronger notion of reset indifferentiability this picture changes significantly, as Demay et al. (EUROCRYPT, 2013) and Luykx et al. (ePrint, 2012) demonstrate. We complement these...
The indifferentiability framework by Maurer, Renner and Holenstein (MRH; TCC 2004) formalizes a sufficient condition to safely replace a random oracle by a construction based on a (hopefully) weaker assumption such as an ideal cipher. Indeed, many indifferentiable hash functions have been constructed and could since be used in place of random oracles. Unfortunately, Ristenpart, Shacham, and Shrimpton (RSS; Eurocrypt 2011) discovered that for a large class of security notions, the MRH...
The indifferentiability framework of Maurer, Renner, and Holenstein (MRH) has gained immense popularity in recent years and has proved to be a powerful way to argue security of cryptosystems that enjoy proofs in the random oracle model. Recently, however, Ristenpart, Shacham, and Shrimpton (RSS) showed that the composition theorem of MRH has a more limited scope than originally thought, and that extending its scope required the introduction of reset-indifferentiability, a notion which no...
Ristenpart et al. showed that the limitation of the indifferentiability theorem of Maurer et al. which does not cover all multi stage security notions but covers only single stage security notions, defined a new concept (reset indifferentiability), and proved the reset indifferentiability theorem, which is an analogy of the indifferentiability theorem covers all security notions S: if H^U is reset indifferentiable from RO, for any security notion, a cryptosystem C is at least as secure in...
We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This contradicts the widely accepted belief that the indifferentiability composition theorem applies to any cryptosystem. We characterize the uncovered limitation of the indifferentiability framework by show- ing that the formalizations used thus far implicitly exclude security notions captured by...