How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
On the Round Security of Symmetric-Key Cryptographic Primitives
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Pseudorandom permutations based on the DES scheme
EUROCODE '90 Proceedings of the International Symposium on Coding Theory and Applications
A Construction of a Cioher From a Single Pseudorandom Permutation
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Feistel Networks Made Public, and Applications
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Indifferentiable security analysis of popular hash functions with prefix-free padding
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
The ideal-cipher model, revisited: an uninstantiable blockcipher-based hash function
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the relation between the ideal cipher and the random oracle models
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Chosen Ciphertext Security with Optimal Ciphertext Overhead
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Adaptive Zero-Knowledge Proofs and Adaptively Secure Oblivious Transfer
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
A Double-Piped Mode of Operation for MACs, PRFs and PROs: Security beyond the Birthday Barrier
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Security Analysis of the PACE Key-Agreement Protocol
ISC '09 Proceedings of the 12th International Conference on Information Security
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Provably Secure Code-Based Threshold Ring Signatures
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Security analysis of the mode of JH hash function
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Leakage-resilient pseudorandom functions and side-channel attacks on Feistel networks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
SPAKE: a single-party public-key authenticated key exchange protocol for contact-less applications
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Pseudorandomness analysis of the (extended) Lai-Massey scheme
Information Processing Letters
On the cryptanalysis of the hash function Fugue: Partitioning and inside-out distinguishers
Information Processing Letters
The equivalence of the random oracle model and the ideal cipher model, revisited
Proceedings of the forty-third annual ACM symposium on Theory of computing
Provably secure three-party password-based authenticated key exchange protocol
Information Sciences: an International Journal
A domain extender for the ideal cipher
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
A CDH-Based ring signature scheme with short signatures and public keys
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Efficient encryption and storage of close distance messages with applications to cloud storage
Cryptography and Security
On the public indifferentiability and correlation intractability of the 6-round feistel construction
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Indifferentiability of domain extension modes for hash functions
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
(Strong) multi-designated verifiers signatures secure against rogue key attack
NSS'12 Proceedings of the 6th international conference on Network and System Security
Second order collision for the 42-step reduced DHA-256 hash function
Information Processing Letters
Hi-index | 0.00 |
The Random Oracle Model and the Ideal Cipher Model are two well known idealised models of computation for proving the security of cryptosystems. At Crypto 2005, Coron et al.showed that security in the random oracle model implies security in the ideal cipher model; namely they showed that a random oracle can be replaced by a block cipher-based construction, and the resulting scheme remains secure in the ideal cipher model. The other direction was left as an open problem, i.e.constructing an ideal cipher from a random oracle. In this paper we solve this open problem and show that the Feistel construction with 6 rounds is enough to obtain an ideal cipher; we also show that 5 rounds are insufficient by providing a simple attack. This contrasts with the classical Luby-Rackoff result that 4 rounds are necessary and sufficient to obtain a (strong) pseudo-random permutation from a pseudo-random function.