View Full Document

6 views

Unformatted text preview:

The Ideal Cipher Model Revisited An Uninstantiable Blockcipher Based Hash Function John Black Dept of Computer Science University of Colorado Boulder CO 80309 USA jrblack cs colorado edu www cs colorado edu jrblack Abstract The Ideal Cipher Model of a blockcipher is a well known and widely used model dating back to Shannon 25 and has seen frequent use in proving the security of various cryptographic objects and protocols But very little discussion has transpired regarding the meaning of proofs conducted in this model or regarding the model s validity In this paper we briefly discuss the implications of proofs done in the ideal cipher model then show some limitations of the model analogous to recent work regarding the Random Oracle Model 2 In particular we extend work by Canetti Goldreich and Halevi 5 and a recent simplification by Maurer Renner and Holenstein 15 to exhibit a blockcipher based hash function that is provably secure in the ideal cipher model but trivially insecure when instantiated by any blockcipher Keywords Ideal Cipher Model Information Theoretic Cryptography Random Oracle Model Uninstantiability 1 Introduction The Standard Model Before we can prove the security of a cryptographic system or object we must specify what model we are using The most common model used in modern cryptography is the so called standard model Here we use no special mathematical objects such as infinite random strings or random oracles 2 and we abstract our communications system typically as a reliable but insecure channel We have not been able to achieve most common cryptographic goals in the standard model without making additional complexity theoretic hardness assumptions because we still have no proof that any of our standard cryptographic building blocks have computational lower bounds The common assumptions are typically that factoring the product of large primes is hard or that discrete log is intractible in certain sufficiently large groups or that AES is a good



Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view The Ideal-Cipher Model, Revisited and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view The Ideal-Cipher Model, Revisited and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?