How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A note on efficient zero-knowledge proofs and arguments (extended abstract)
STOC '92 Proceedings of the twenty-fourth annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Perfectly one-way probabilistic hash functions (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
SIAM Journal on Computing
Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Lower bounds for non-black-box zero knowledge
Journal of Computer and System Sciences - Special issue on FOCS 2003
On the Compressibility of NP Instances and Cryptographic Applications
FOCS '06 Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science
SFCS '94 Proceedings of the 35th Annual Symposium on Foundations of Computer Science
Exposure-resilient functions and all-or-nothing transforms
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Intrusion-resilient key exchange in the bounded retrieval model
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Intrusion-Resilience via the bounded-storage model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Perfectly secure password protocols in the bounded retrieval model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
A Leakage-Resilient Mode of Operation
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On the Insecurity of the Fiat-Shamir Signatures with Iterative Hash Functions
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Practical leakage-resilient pseudorandom generators
Proceedings of the 17th ACM conference on Computer and communications security
Parallel repetition for leakage resilience amplification revisited
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Practical leakage-resilient symmetric cryptography
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.01 |
We investigate a new notion of security for "cryptographic functions" that we term seed incompressibility (SI). We argue that this notion captures some of the intuition for the alleged security of constructions in the random-oracle model, and indeed we show that seed incompressibility suffices for some applications of the random oracle methodology. Very roughly, a function family fs(ċ) with |s| = n is seed incompressible if given (say) n/2 bits of advice (that can depend on the seed s) and an oracle access to fs(ċ), an adversary cannot "break fs(ċ)" any better than given only oracle access to fs(ċ) and no advice. The strength of this notion depends on what we mean by "breaking fs(ċ)". We first show that for any family fs there exists an adversary that can distinguish fs(ċ) from a random function using n/2 bits of advice, so seed incompressible pseudo-random functions do not exist. Then we consider the weaker notion of seed-incompressible correlation intractability. We show that although the negative results can be partially extended also to this weaker notion, they cannot rule it out altogether. More importantly, the settings that we cannot rule out still suffice for many applications. In particular, we show that they suffice for constructing collision-resistant hash functions and for removing interaction from Σ-protocols (3-round honest verifier zero-knowledge protocols).