Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
نویسنده
چکیده
We show that there exists a natural protocol problem which has a simple solution in the random-oracle (RO) model and which has no solution in the complexity-theoretic (CT) model, namely the problem of constructing a non-interactive communication protocol secure against adaptive adversaries a.k.a. non-interactive non-committing encryption. This separation between the models is due to the so-called programability of the random oracle. We show this by providing a formulation of the RO model in which the oracle is not programmable, and showing that in this model, there does not exist non-interactive non-committing encryption.
منابع مشابه
Threshold and Revocation Cryptosystems via Extractable Hash Proofs
We present a new unifying framework for constructing non-interactive threshold encryption and signature schemes, as well as broadcast encryption schemes, and in particular, derive several new cryptosystems based on hardness of factoring, including: – a threshold signature scheme (in the random oracle model) that supports ad-hoc groups (i.e., exponential number of identities and the set-up is in...
متن کاملProgrammability in the Generic Ring and Group Models
The programmability has long been used as a tool to prove security of schemes in the random oracle model (ROM) even in the cases where schemes do not seem to have a security proof in the standard model [3, 8, 10]. On the other hand, it seems that a similar property has never been studied in the generic models, i.e., the generic ring and group models, respectively the GRM and the GGM. This work ...
متن کاملAutomated Proofs for Asymmetric Encryption: First results in the random oracle model
Chosen-ciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, however, a lack of automated verification procedures that analyse such cryptosystems and provide security p...
متن کاملAdaptive Proofs of Knowledge in the Random Oracle Model
We formalise the notion of adaptive proofs of knowledge in the random oracle model, where the extractor has to recover witnesses for multiple, possibly adaptively chosen statements and proofs. We also discuss extensions to simulation soundness, as typically required for the “encrypt-then-prove” construction of strongly secure encryption from IND-CPA schemes. Utilizing our model we show three re...
متن کاملNon-Committing Encryption is Too Easy in the Random Oracle Model
The non-committing encryption problem arises in the setting of adaptively secure cryptographic protocols, as the task of implementing secure channels. We prove that in the random oracle model, where the parties have oracle access to a uniformly random function, non-committing encryption can be implemented efficiently using any trapdoor permutation. We also prove that no matter how the oracle is...
متن کامل