Context-Restricted Indifferentiability: Generalizing UCE and Implications on the Soundness of Hash-Function Constructions
نویسندگان
چکیده
Understanding how hash functions can be used in a sound manner within cryptographic protocols, as well as how they can be constructed in a sound manner from compression functions, are two important problems in cryptography with a long history. Two approaches towards solving the first problem are the random oracle model (ROM) methodology and the UCE framework, and an approach to solving the second problem is the indifferentiability framework. This paper revisits the two problems and the above approaches and makes three contributions. First, indifferentiability, which comes with a composition theorem, is generalized to context-restricted indifferentiability (CRI) to capture settings that compose only in a restricted context. Second, we introduce a new composable notion based on CRI, called RO-CRI, to capture the security of hash functions. We then prove that a non-interactive version of RO-CRI is equivalent to the UCE framework, and therefore RO-CRI leads to natural interactive generalizations of existing UCE families. Two generalizations of split UCE-security, called strong-split CRI-security and repeated-split CRI-security, are introduced. Third, new, more fine-grained soundness properties for hash function constructions are proposed which go beyond collision-resistance and indifferentiability guarantees. As a concrete result, a new soundness property of the Merkle–Damgård construction is shown: If the compression function is strong-split CRI-secure, then the overall hash function is split secure. The proof makes use of a new lemma on min-entropy splitting which may be of independent interest.
منابع مشابه
A synthetic indifferentiability analysis of some block-cipher-based hash functions
Nowadays, investigating what construction is better to be a cryptographic hash function is red hot. In [13], Maurer et al. first introduced the notion of indifferentiability as a generalization of the concept of the indistinguishability of two cryptosystems. At ASIACRYPT’06, Chang et al. [6] analyzed the indifferentiability security of some popular block-cipher-based hash functions, such as PGV...
متن کاملRevisiting the Indifferentiability of PGV Hash Functions
In this paper, first we point out some flaws in the existing indifferentiability simulations of the pf-MD and the NMAC constructions, and provide new differentiable attacks on the hash functions based these schemes. Afterthat, the indifferentiability of the 20 collision resistant PGV hash functions, which are padded under the pf-MD, the NMAC/HMAC and the chop-MD constructions, are reconsidered....
متن کاملOn the Indifferentiability of the Integrated-Key Hash Functions
Most of today’s popular hash functions are keyless such that they accept variable-length messages and return fixed-length fingerprints. However, recent separation results reported on several serious inherent weaknesses in these functions, motivating the design of hash functions in the keyed setting. The challenge in this case, however, is that on one hand, it is economically undesirable to abun...
متن کاملCareful with Composition: Limitations of the Indifferentiability Framework
We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This contradicts the widely accepted belief that the indifferentiability composition theorem from [27] applies to any cryptosystem. We characterize the uncovered limitations of indifferentiability by showi...
متن کاملCareful with Composition: Limitations of Indifferentiability and Universal Composability
We exhibit a hash-based storage auditing scheme which is provably secure in the random-oracle model (ROM), but easily broken when one instead uses typical indifferentiable hash constructions. This contradicts the widely accepted belief that the indifferentiability composition theorem applies to any cryptosystem. We characterize the uncovered limitation of the indifferentiability framework by sh...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017