How to Construct Cryptosystems and Hash Functions in Weakened Random Oracle Models

In this paper, we discuss how to construct secure cryptosystems and secure hash functions in weakened random oracle models. The weakened random oracle model (WROM), which was introduced by Numayama et al. at PKC 2008, is a random oracle with several weaknesses. Though the security of cryptosystems in the random oracle model, ROM, has been discussed sufficiently, the same is not true for WROM. A few cryptosystems have been proven secure in WROM. In this paper, we will propose a new conversion that can convert any cryptosystem secure in ROM to a new cryptosystem that is secure in the first preimage tractable random oracle model FPT-ROM without re-proof. FPT-ROM is ROM without preimage resistance and so is the weakest of the WROM models. Since there are many secure cryptosystems in ROM, our conversion can yield many cryptosystems secure in FPT-ROM. The fixed input length weakened random oracle model, FIL-WROM, introduced by Liskov at SAC 2006, reflects the known weakness of compression functions. We will propose new hash functions that are indifferentiable from RO when the underlying compression function is modeled by a twoway partially-specified preimage-tractable fixed input length random oracle model (TFILROM). TFILROM is FIL-ROM without two types of preimage resistance and is the weakest of the FIL-WROM models. The proposed hash functions are more efficient than the existing hash functions which are indifferentiable from RO when the underlying compression function is modeled by TFILROM.