24 Hits in 3.8 sec

Security Definitions for Hash Functions: Combining UCE and Indifferentiability [chapter]

Daniel Jost, Ueli Maurer
2018 Lecture Notes in Computer Science  
To prove the security of a protocol using a hash function, nowadays often the random oracle model (ROM) is used due to its simplicity and its strong security guarantees.  ...  This result further validates the Merkle-Damgård construction and shows that UCE-like assumptions can serve both as a valid reference point for modular protocol analyses, as well as for the design of hash  ...  Figure 1 : 1 The UCE game for a hash function H, a source S, and a distinguisher D. Figure 2 : 2 The real (left) and the ideal (right) setting considered in indifferentiability.  ... 
doi:10.1007/978-3-319-98113-0_5 fatcat:rr7ayxvne5a3jj3smumueoem3i

Cryptography from Compression Functions: The UCE Bridge to the ROM [chapter]

Mihir Bellare, Viet Tung Hoang, Sriram Keelveedhi
2014 Lecture Notes in Computer Science  
Given an indifferentiable domain extender M, we show (Theorem 4.2) that the hash family H defined for key hk and input x by H hk (x) = M ro(hk ·) (x), is UCE secure.  ...  Prior work has already given us the first step for many constructions: UCE-secure hash functions are shown in [6] to be able to securely instantiate VIL random oracles for diverse multi-stage applications  ...  The first is that indifferentiable-from-random functions do not suffice to securely replace a VIL random oracle for primitives whose security definition is underlain by multi-stage games [25] .  ... 
doi:10.1007/978-3-662-44371-2_10 fatcat:alsyh5vaaff6zpplv7mb256wje

Modeling Random Oracles Under Unpredictable Queries [chapter]

Pooya Farshim, Arno Mittelbach
2016 Lecture Notes in Computer Science  
and 2) a modified version of Liskov's Zipper Hash is ICE secure with respect to an underlying fixed-input-length RO, for appropriately restricted classes of adversaries.  ...  Our security proofs employ techniques from indifferentiability in multi-stage settings.  ...  Acknowledgments The authors would like to thank Christina Brzuska for taking part in the early stages of this work. Pooya Farshim was supported in part by grant ANR-14-CE28-0003 (Project EnBid).  ... 
doi:10.1007/978-3-662-52993-5_23 fatcat:wwoqkjlj3zgrhesxmnqnuidodq

On the Correlation Intractability of Obfuscated Pseudorandom Functions [chapter]

Ran Canetti, Yilei Chen, Leonid Reyzin
2015 Lecture Notes in Computer Science  
This would render the function random-oracle-like. Strong security definitions of obfuscation are formalized in the work of Hada [Had00] and Barak et al. [BGI + 12], e.g.  ...  We assume the existence of sub-exponentially secure indistinguishability obfuscators, puncturable pseudorandom functions, and input-hiding obfuscators for evasive circuits.  ...  Acknowledgments We are grateful to Nir Bitansky, Cheng Chen, Omer Paneth, and Oxana Poburinnaya for their enlightening discussions in the early stage of this work.  ... 
doi:10.1007/978-3-662-49096-9_17 fatcat:abjanoqpvbevdmufe3ccqwhcja

Post-Quantum Cryptography: Computational-Hardness Assumptions and Beyond [article]

Thomas Attema, Nicole Gervasoni, Michiel Marcus, Gabriele Spini
2021 IACR Cryptology ePrint Archive  
based on them), and by presenting the security proofs that are affected by quantum-attackers, detailing what is the current status of research on the topic and what the expected effects on security are  ...  and compute discrete logarithms in polynomial time, thereby breaking systems based on these problems.  ...  They first examine the indifferentiability framework and provide a scheme that is secure in the ROM, but insecure when instantiated with a concrete hash function, even though this hash function is indifferentiable  ... 
dblp:journals/iacr/AttemaGMS21 fatcat:emo4s6mhcfaq3g3pk255dyp5fq

Public-Seed Pseudorandom Permutations [chapter]

Pratik Soni, Stefano Tessaro
2017 Lecture Notes in Computer Science  
an almost universal hash function, as e.g. one based on polynomial evaluation.  ...  We also show a converse of this statement, namely that the five-round Feistel construction yields a psPRP for reset-secure sources when the round function is built from UCEs for reset-secure sources, hence  ...  This research was partially supported by NSF grants CNS-1423566, CNS-1528178, CNS-1553758 (CAREER), and IIS-152804, and by a Hellman Fellowship.  ... 
doi:10.1007/978-3-319-56614-6_14 fatcat:2d7xhdjlnfedzcsdq22pcqyt24

Authenticated Encryption Mode IAPM using SHA-3's Public Random Permutation [article]

Charanjit S. Jutla
2018 IACR Cryptology ePrint Archive  
We stress that this does not follow directly from the usual indifferentiability of key-derivation function constructions from Random Oracles.  ...  IAPM and the related mode OCB are single-pass highly parallelizable authenticated-encryption modes, and while they were originally proven secure in the private random permutation model, Kurosawa has shown  ...  Definition 1. (ǫ-XOR-Universal Hash Function) [18] For any finite set H, an H-keyed (m, n)-hash function H has signature H : H × {0, 1} m → {0, 1} n .  ... 
dblp:journals/iacr/Jutla18 fatcat:hgopm25tafdqvin64v7ss3w4gq

Indifferentiable Authenticated Encryption [chapter]

Manuel Barbosa, Pooya Farshim
2018 Lecture Notes in Computer Science  
Indifferentiability has been used to study the security of hash functions [CDMP05, BDPV08] and blockciphers [CPS08, HKT11, ABD + 13, DSSL16], where constructions have been shown to behave like random oracles  ...  We investigate this question for authenticated encryption and ask if, and how efficiently, can indifferentiable AEAD schemes be built. Our contributions are as follows.  ...  Acknowledgments The authors would like to thank Phillip Rogaway, Martijn Stam, and Stefano Tessaro for their comments.  ... 
doi:10.1007/978-3-319-96884-1_7 fatcat:r7x75bhhkbfzvdbwexayieynq4

From Indifferentiability to Constructive Cryptography (and Back) [chapter]

Ueli Maurer, Renato Renner
2016 Lecture Notes in Computer Science  
of random oracles by hash functions due to Canetti, Goldreich, and Halevi (STOC 1998).  ...  (Crypto 2005) argued that the soundness of the construction C(f ) of a hash function from a compression function f can be demonstrated by proving that C(R) is indifferentiable from a random oracle if R  ...  Acknowledgments We would like to thank the TCC Test-of-Time award committee for selecting our paper for the award of this instantiation of TCC.  ... 
doi:10.1007/978-3-662-53641-4_1 fatcat:33sz6kn4yne7joqus4ehqj3cjq

Naor-Reingold Goes Public: The Complexity of Known-Key Security [chapter]

Pratik Soni, Stefano Tessaro
2018 Lecture Notes in Computer Science  
Our psPRP result instantiates the round functions in the Naor-Reingold (NR) construction with a secure UCE hash function.  ...  In particular, we consider two security notions with useful implications, namely public-seed pseudorandom permutations (or psPRPs, for short) (Soni and Tessaro, EUROCRYPT '17) and correlation-intractable  ...  For example, a psPRP for all reset-secure sources can be used to instantiate the permutation within permutationbased hash functions admitting indifferentiability-based security proofs, such as the sponge  ... 
doi:10.1007/978-3-319-78372-7_21 fatcat:7ynancgdffdsrgeiwjr4nohfue

Design and analysis of a distributed ECDSA signing service [article]

Jens Groth, Victor Shoup
2022 IACR Cryptology ePrint Archive  
This service is being implemented and integrated into the architecture of the Internet Computer, enabling smart contracts running on the Internet Computer to securely hold and spend Bitcoin and other cryptocurrencies  ...  We present and analyze a new protocol that provides a distributed ECDSA signing service, with the following properties: • it works in an asynchronous communication model; • it works with n parties with  ...  Acknowledgements We would like to thank Andrea Cerulli and Jack Lloyd for the optimization in Section A.3.3 and, along with Manu Drijvers, their comments and suggestions.  ... 
dblp:journals/iacr/GrothS22 fatcat:hra4d3zgyvfhjbidpvaa4jzzoq

How to Build a Hash Function from Any Collision-Resistant Function [chapter]

Thomas Ristenpart, Thomas Shrimpton
Advances in Cryptology – ASIACRYPT 2007  
Recent collision-finding attacks against hash functions such as MD5 and SHA-1 motivate the use of provably collision-resistant (CR) functions in their place.  ...  Unfortunately, existing provably CR functions make poor replacements for hash functions as they fail to deliver behaviors demanded by practical use.  ...  Acknowledgments The authors thank Yevgeniy Dodis for illuminating discussions regarding composability and deniability and the anonymous reviewers for their valuable comments.  ... 
doi:10.1007/978-3-540-76900-2_9 dblp:conf/asiacrypt/RistenpartS07 fatcat:y3fp4ktbuba65fbrxujewrhqcq

Security analysis of SPAKE2+ [article]

Victor Shoup
2020 IACR Cryptology ePrint Archive  
The analysis is done in the UC framework (i.e., a simulation-based security model), under the computational Diffie-Hellman (CDH) assumption, and modeling certain hash functions as random oracles.  ...  ; • repair several problems in earlier UC formulations of secure symmetric and asymmetric PAKE.  ...  We shall refer to this and similar simulation-based security definitions as the UC framework for PAKE security.  ... 
dblp:journals/iacr/Shoup20 fatcat:bhzcvvvtajgq5cqfbinjiqz5y4

Deterring Certificate Subversion: Efficient Double-Authentication-Preventing Signatures [chapter]

Mihir Bellare, Bertram Poettering, Douglas Stebila
2017 Lecture Notes in Computer Science  
We give two general methods for obtaining DAPS. Both start from trapdoor identification schemes.  ...  In a DAPS, signing two messages with the same first part and differing second parts reveals the signing key.  ...  To get concrete numbers for security level k = 128 we plug in some combinations of parameters (n, l).  ... 
doi:10.1007/978-3-662-54388-7_5 fatcat:bmm2dh45brevrkmo27xo2fen7e

TEDT, a Leakage-Resilient AEAD mode for High (Physical) Security Applications [article]

Francesco Berti, Chun Guo, Olivier Pereira, Thomas Peters, François-Xavier Standaert
2019 IACR Cryptology ePrint Archive  
the other only requires weak and energy efficient protections and performs the bulk of the computation.  ...  (iii) It offers KDM security in the multi-user setting, that is, its security is maintained even if key-dependent messages are encrypted.  ...  Thomas Peters and Franc ¸ois-Xavier Standaert are respectively postdoctoral researcher and senior associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.).  ... 
dblp:journals/iacr/BertiGPPS19 fatcat:ua3js7itxbh2rnekv3erffkhti
« Previous Showing results 1 — 15 out of 24 results