Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Non-interactive and non-malleable commitment
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
SIAM Journal on Computing
Constant-Round Coin-Tossing with a Man in the Middle or Realizing the Shared Random String Model
FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Efficient Non-malleable Commitment Schemes
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Robust Non-interactive Zero Knowledge
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Non-interactive and reusable non-malleable commitment schemes
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
New and improved constructions of non-malleable cryptographic protocols
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Concurrent Non-Malleable Commitments
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Extractable Perfectly One-Way Functions
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Constant-Round Concurrent Non-malleable Zero Knowledge in the Bare Public-Key Model
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Adaptive One-Way Functions and Applications
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Non-malleability amplification
Proceedings of the forty-first annual ACM symposium on Theory of computing
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Foundations of Non-malleable Hash and One-Way Functions
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Security of NMAC and HMAC based on non-malleability
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Concurrent non-malleable commitments from any one-way function
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Concurrent non-malleable zero knowledge proofs
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Pseudorandom functions and permutations provably secure against related-key attacks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Efficiency preserving transformations for concurrent non-malleable zero knowledge
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Mitigating dictionary attacks on password-protected local storage
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Hi-index | 0.00 |
Non-malleability of a cryptographic primitive is a fundamental security property which ensures some sort of independence of cryptographic values. The notion has been extensively studied for commitments, encryption and zero-knowledge proofs, but it was not until recently that the notion--and its peculiarities--have been considered for hash functions by Boldyreva et al. (Asiacrypt 2009). They give a simulation-based definition, basically saying that for any adversary mauling hash values into related ones there is a simulator which is as successful in producing such hash values, even when not seeing the original hash values. Their notion, although following previous approaches to nonmalleability, is nonetheless quite unwieldy; it is hard to achieve and, due to the existential quantification over the simulator, hard to falsify. We also note that finding an equivalent indistinguishability-based notion is still open. Here we take a different, more handy approach to non-malleability of hash functions. Our definition avoids simulators completely and rather asks the adversary to maul the hash value and to also specify a transformation Φ of the pre-image, taken from a fixed class Φ of admissible transformations. These transformations are usually determined by group operations and include such cases such as exclusive-ors (i.e., bit flips) and modular additions. We then simply demand that the probability of succeeding is negligible, as long as the original pre-image carries enough entropy. We continue to show that our notion is useful by proving that, for example, the strengthened Merkle-Damgård transformation meets our notion for the case of bit flips, assuming an ideal compression function. We also improve over the security result by Boldyreva et al., showing that our notion of non-malleability suffices for the security of the Bellare-Rogaway encryption scheme.