Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Randomized algorithms
REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
GEM: A Generic Chosen-Ciphertext Secure Encryption Method
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Secure Integration of Asymmetric and Symmetric Encryption Schemes
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
The random oracle methodology, revisited
Journal of the ACM (JACM)
RSA-OAEP Is Secure under the RSA Assumption
Journal of Cryptology
Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series)
Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series)
On the Strength of the Concatenated Hash Combiner When All the Hash Functions Are Weak
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
How Risky Is the Random-Oracle Model?
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Preimage Attacks on One-Block MD4, 63-Step MD5 and More
Selected Areas in Cryptography
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Constructing an ideal hash function from weak ideal compression functions
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Hash-and-sign with weak hashing made secure
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Random oracles and auxiliary input
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Security-amplifying combiners for collision-resistant hash functions
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Security of digital signature schemes in weakened random oracle models
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Security of encryption schemes in weakened random oracle models
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Security of encryption schemes in weakened random oracle models
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Generalized first pre-image tractable random oracle model and signature schemes
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Hi-index | 0.00 |
Liskov proposed several weakened versions of the random oracle model, called weakened random oracle models (WROMs), to capture the vulnerability of ideal compression functions, which are expected to have the standard security of hash functions, i.e., collision resistance, second-preimage resistance, and one-wayness properties. The WROMs offer additional oracles to break such properties of the random oracle. In this paper, we investigate whether public-key encryption schemes in the random oracle model essentially require the standard security of hash functions by the WROMs. In particular, we deal with four WROMs associated with the standard security of hash functions; the standard, collision tractable, second-preimage tractable, first-preimage tractable ones (ROM, CT-ROM, SPT-ROM, and FPT-ROM, respectively), done by Numayama et al. for digital signature schemes in the WROMs. We obtain the following results: (1) The OAEP is secure in all the four models. (2) The encryption schemes obtained by the Fujisaki-Okamoto conversion (FO) are secure in the SPT-ROM. However, some encryption schemes with FO are insecure in the FPT-ROM. (3) We consider two artificial variants wFO and dFO of FO for separation of the WROMs in the context of encryption schemes. The encryption schemes with wFO (dFO, respectively) are secure in the CT-ROM (ROM, respectively). However, some encryption schemes obtained by wFO (dFO, respectively) are insecure in the SPT-ROM (CT-ROM, respectively). These results imply that standard encryption schemes such as the OAEP and FO-based one do not always require the standard security of hash functions. Moreover, in order to make our security proofs complete, we construct an efficient sampling algorithm for the binomial distribution with exponentially large parameters, which was left open in Numayama et al.’s paper.