Analysis of Random Oracle Instantiation Scenarios for OAEP and Other Practical Schemes
dc.contributor.author
Boldyreva, Alexandra
dc.contributor.author
Fischlin, Marc
dc.contributor.editor
Shoup, Victor
dc.date.accessioned
2024-10-03T08:11:39Z
dc.date.available
2017-06-09T09:41:48Z
dc.date.available
2024-10-03T08:11:39Z
dc.date.issued
2005
dc.identifier.isbn
978-3-540-28114-6
en_US
dc.identifier.isbn
978-3-540-31870-5
en_US
dc.identifier.issn
0302-9743
dc.identifier.issn
1611-3349
dc.identifier.other
10.1007/11535218_25
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/30998
dc.description.abstract
We investigate several previously suggested scenarios of instantiating random oracles (ROs) with “realizable” primitives in cryptographic schemes. As candidates for such “instantiating” primitives we pick perfectly one-way hash functions (POWHFs) and verifiable pseudorandom functions (VPRFs). Our analysis focuses on the most practical encryption schemes such as OAEP and its variant PSS-E and the Fujisaki-Okamoto hybrid encryption scheme. We also consider the RSA Full Domain Hash (FDH) signature scheme. We first show that some previous beliefs about instantiations for some of these schemes are not true. Namely we show that, contrary to Canetti’s conjecture, in general one cannot instantiate either one of the two ROs in the OAEP encryption scheme by POWHFs without losing security. We also confirm through the FDH signature scheme that the straightforward instantiation of ROs with VPRFs may result in insecure schemes, in contrast to regular pseudorandom functions which can provably replace ROs (in a well-defined way). But unlike a growing number of papers on negative results about ROs, we bring some good news. We show that one can realize one of the two ROs in a variant of the PSS-E encryption scheme and either one of the two ROs in the Fujisaki-Okamoto hybrid encryption scheme through POWHFs, while preserving the IND-CCA security in both cases (still in the RO model). Although this partial instantiation in form of substituting only one RO does not help to break out of the random oracle model, it yet gives a better understanding of the necessary properties of the primitives and also constitutes a better security heuristic.
en_US
dc.language.iso
en
en_US
dc.publisher
Springer
en_US
dc.title
Analysis of Random Oracle Instantiation Scenarios for OAEP and Other Practical Schemes
en_US
dc.type
Conference Paper
ethz.book.title
Advances in Cryptology - CRYPTO 2005
en_US
ethz.journal.title
Lecture Notes in Computer Science
ethz.journal.volume
3621
en_US
ethz.journal.abbreviated
LNCS
ethz.pages.start
412
en_US
ethz.pages.end
429
en_US
ethz.event
25th Annual International Cryptology Conference (CRYPTO 2005)
en_US
ethz.event.location
Santa Barbara, CA, USA
en_US
ethz.event.date
August 14-18, 2005
en_US
ethz.identifier.wos
ethz.publication.place
Berlin
en_US
ethz.publication.status
published
en_US
ethz.date.deposited
2017-06-09T09:41:51Z
ethz.source
ECIT
ethz.identifier.importid
imp59364db605b5f86018
ethz.ecitpid
pub:51292
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2017-07-26T14:29:01Z
ethz.rosetta.lastUpdated
2024-02-01T16:54:45Z
ethz.rosetta.exportRequired
true
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Analysis%20of%20Random%20Oracle%20Instantiation%20Scenarios%20for%20OAEP%20and%20Other%20Practical%20Schemes&rft.jtitle=Lecture%20Notes%20in%20Computer%20Science&rft.date=2005&rft.volume=3621&rft.spage=412&rft.epage=429&rft.issn=0302-9743&1611-3349&rft.au=Boldyreva,%20Alexandra&Fischlin,%20Marc&rft.isbn=978-3-540-28114-6&978-3-540-31870-5&rft.genre=proceeding&rft_id=info:doi/10.1007/11535218_25&rft.btitle=Advances%20in%20Cryptology%20-%20CRYPTO%202005
Files in this item
Files | Size | Format | Open in viewer |
---|---|---|---|
There are no files associated with this item. |
Publication type
-
Conference Paper [35891]