Modeling Random Oracles Under Unpredictable Queries

  title={Modeling Random Oracles Under Unpredictable Queries},
  author={Pooya Farshim and Arno Mittelbach},
In recent work, Bellare, Hoang, and Keelveedhi CRYPTO 2013 introduced a new abstraction called Universal Computational Extractors UCEs, and showed how they can replace random oracles ROs across a wide range of cryptosystems. We formulate a new framework, called Interactive Computational Extractors ICEs, that extends UCEs by viewing them as models of ROs under unpredictable aka. high-entropy queries. We overcome a number of limitations of UCEs in the new framework, and in particular prove the… 

Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO

This paper provides the first implementation of a protocol from the LEGO family that has a constant number of rounds and is optimized for the offline/online setting with function-independent preprocessing and is significantly more efficient than previous protocols when considering a high latency network.

Context-Restricted Indifferentiability: Generalizing UCE and Implications on the Soundness of Hash-Function Constructions

It is proved that a non-interactive version of RO-CRI is equivalent to the UCE framework, and therefore RO- CRI leads to natural interactive generalizations of existing UCE families, and new, more fine-grained soundness properties for hash function constructions are proposed which go beyond collision-resistance and indifferentiability guarantees.

Short Digital Signatures and ID-KEMs via Truncation Collision Resistance

This work describes how standard- model constructions of public-key cryptosystems that previously seemed to require a programmable random oracle can be leveraged to obtain standard-model construction of identity-based key encapsulation mechanisms and digital signatures with full adaptive security.

On Generalizations of Composable Security

  • D. Jost
  • Computer Science, Mathematics
  • 2020
The paradigm of provable security can be traced back to Shannon’s seminal work on the one-time pad encryption, but this work does not handily generalize to other types of schemes and flavors of security.

Public-Seed Pseudorandom Permutations

This paper introduces and study the notion of a public-seed pseudorandom permutation (psPRP), which is inspired by the UCE notion by Bellare, Hoang, and Keelveedhi (CRYPTO ’13).

Security Definitions for Hash Functions: Combining UCE and Indifferentiability

This paper states that no hash function realizes a random oracle and no real compression function realizes an ideal one, so hash function constructions are commonly proven to be secure by showing them to be indifferentiable from arandom oracle when using an ideal compression function.



Chosen Ciphertext Security via UCE

This paper studies the construction of chosen ciphertext secure CCA secure public key encryption PKE, one of the most important primitives in the area of cryptography to which inapplicability of UCEs was not covered by the work of Bellare et al.

Universal Computational Extractors and the Superfluous Padding Assumption for Indistinguishability Obfuscation

A surprising equivalence is shown for the notions of strong unpredictability and (plain) unpredictability thereby lifting the construction from Brzuska and Mittelbach to achieve q-query UCEs for statistically unpredictable sources and validating the Superfluous Padding Assumption for indistinguishability obfuscation.

Indistinguishability Obfuscation and UCEs: The Case of Computationally Unpredictable Sources

Recently, Bellare, Hoang, and Keelveedhi introduced a new abstraction called Universal Computational Extractors (UCEs), and showed that they suffice to securely replace random oracles in a number of prominent applications, including all those mentioned above, without suffering from the aforementioned uninstantiability result.

Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information

The random oracle model is a very convenient setting for designing cryptographic protocols, but there is not a general mechanism for transforming protocols that are secure in the random oracles model into protocols that is secure in real life.

Correlated-Input Secure Hash Functions

A general study of hash functions secure under correlated inputs, meaning that security should be maintained when the adversary sees hash values of many related high-entropy inputs, and shows relations between correlated-input secure hash functions and cryptographic primitives secure under related-key attacks.

Salvaging Indifferentiability in a Multi-stage Setting

The indifferentiability framework by Maurer, Renner and Holenstein formalizes a sufficient condition to safely replace a random oracle by a construction based on a (hopefully) weaker assumption such as an ideal cipher, but as recent works by Demay and Baecher brought to light, reset indifferentiability is not achievable thereby re-opening the quest for a notion that is sufficient for multi-stage games and achievable at the same time.

Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits

This work gives constructions for indistinguishability obfuscation and functional encryption that supports all polynomial-size circuits and shows how to use them together with Fully Homomorphic Encryption to achieve functional encryption for all circuits.

Contention in Cryptoland: Obfuscation, Leakage and UCE

It is shown that VGBO (Virtual Grey Box Obfuscation) for all circuits, which has been conjectured to be achieved by candidate constructions, cannot co-exist with Canaletto’s 1997 AI-DHI assumption.

Careful with Composition: Limitations of the Indifferentiability Framework

We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This

Merkle-Damgård Revisited: How to Construct a Hash Function

It is shown that the current design principle behind hash functions such as SHA-1 and MD5 — the (strengthened) Merkle-Damgard transformation — does not satisfy a new security notion for hash-functions, stronger than collision-resistance.