Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes that result from implementing the random oracle by so called \cryptographic hash functions". The main result of this paper is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible denitions for the notion of a good implementation" of a random oracle, pointing out limitations and challenges. | The Random Oracle Methodology Revisited Ran Canettiy Oded Goldreichz Shai Halevi x August 6 2002 Abstract We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model and the security of the schemes that result from implementing the random oracle by so called cryptographic hash functions . The main result of this paper is a negative one There exist signature and encryption schemes that are secure in the Random Oracle Model but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes we consider possible definitions for the notion of a good implementation of a random oracle pointing out limitations and challenges. Keywords Correlation Intractability Cryptography Encryption and Signature Schemes The Random Oracle model Complexity Theory diagonalization application of CS-Proofs . Extended abstract has appeared in the Proc. of the 30th ACM Symp. on Theory of Computing STOC pages 209-218 1998. yIBM Watson P.O. Box 704 Yorktown Height NY 10598 USA. E-mail canetti@watson.ibm.com Department of Computer Science Weizmann Institute of Science Rehovot Israel. E-mail oded@wisdom.weizmann.ac.il. Work done while visiting LCS MIT. Partially supported by DARPA grant DABT63- 96-C-0018. xIBM Watson P.O. Box 704 Yorktown Height NY 10598 USA. E-mail shaih@watson.ibm.com 1 Contents 1 Introduction 2 1.1 The Setting. 2 1.1.1 The Random Oracle Model. 3 1.1.2 Implementing an ideal system. 3 1.2 Our Results. 5 1.2.1 Correlation intractability . 5 1.2.2 Failures of the Random Oracle Methodology . 6 1.3 Techniques . 7 1.4 Related Work. 7 1.4.1 Previous Work. 7 1.4.2 Subsequent Work. 7 1.5 Organization . 9 2 Preliminaries 9 2.1 Function Ensembles . 9 2.2 CS Proofs. 10 3 Correlation Intractability 12 3.1 Actual Definitions . 12 3.2 Correlation-intractable ensembles do not exist. 13 4 Failures of the Random Oracle Methodology 14 4.1 First Step . 15 4.2 Second Step . 17 4.3 .
