Salvaging Indifferentiability in a Multi-stage Setting

The indifferentiability framework by Maurer, Renner and Holenstein (MRH; TCC 2004) formalizes a sufficient condition to safely replace a random oracle by a construction based on a (hopefully) weaker assumption such as an ideal cipher. Indeed, many indifferentiable hash functions have been constructed and could since be used in place of random oracles. Unfortunately, Ristenpart, Shacham, and Shrimpton (RSS; Eurocrypt 2011) discovered that for a large class of security notions, the MRH composition theorem actually does not apply. To bridge the gap they suggested a stronger notion called reset indifferentiability and established a generalized version of the MRH composition theorem. However, as recent works by Demay et al. (Eurocrypt 2013) and Baecher et al. (Asiacrypt 2013) brought to light, reset indifferentiability is not achievable thereby re-opening the quest for a notion that is sufficient for multi-stage games and achievable at the same time.

[1]  Hovav Shacham,et al.  Careful with Composition: Limitations of the Indifferentiability Framework , 2011, EUROCRYPT.

[2]  Hovav Shacham,et al.  Careful with Composition: Limitations of Indifferentiability and Universal Composability , 2011, IACR Cryptol. ePrint Arch..

[3]  Moses D. Liskov Constructing an Ideal Hash Function from Weak Ideal Compression Functions , 2006, Selected Areas in Cryptography.

[4]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[5]  Yevgeniy Dodis,et al.  Salvaging Merkle-Damgard for Practical Applications , 2009, IACR Cryptol. ePrint Arch..

[6]  Bart Preneel,et al.  On the Indifferentiability of the Grøstl Hash Function , 2010, SCN.

[7]  Hongjun Wu,et al.  The Hash Function JH , 2009 .

[8]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[9]  Mihir Bellare,et al.  Instantiating Random Oracles via UCEs , 2013, IACR Cryptol. ePrint Arch..

[10]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[11]  Stefan Lucks,et al.  Design Principles for Iterated Hash Functions , 2004, IACR Cryptol. ePrint Arch..

[12]  Mridul Nandi,et al.  Indifferentiability Characterization of Hash Functions and Optimal Bounds of Popular Domain Extensions , 2009, INDOCRYPT.

[13]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Robert S. Winternitz Producing a One-Way Hash Function from DES , 1983, CRYPTO.

[16]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[17]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[18]  Bart Preneel,et al.  Impossibility Results for Indifferentiability with Resets , 2012, IACR Cryptol. ePrint Arch..

[19]  Willi Meier,et al.  SHA-3 proposal BLAKE , 2009 .

[20]  Andrey Bogdanov,et al.  On security arguments of the second round SHA-3 candidates , 2012, International Journal of Information Security.

[21]  Ueli Maurer,et al.  Resource-Restricted Indifferentiability , 2013, IACR Cryptol. ePrint Arch..

[22]  Hovav Shacham,et al.  Hedged Public-Key Encryption: How to Protect against Bad Randomness , 2009, ASIACRYPT.

[23]  Arno Mittelbach,et al.  Reset Indifferentiability and its Consequences , 2013, IACR Cryptol. ePrint Arch..

[24]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[25]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[26]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[27]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.

[28]  Moti Yung,et al.  Indifferentiability of the Hash Algorithm BLAKE , 2011, IACR Cryptol. ePrint Arch..

[29]  Mihir Bellare,et al.  Message-Locked Encryption and Secure Deduplication , 2013, EUROCRYPT.

[30]  John Gill,et al.  Relative to a Random Oracle A, PA != NPA != co-NPA with Probability 1 , 1981, SIAM J. Comput..

[31]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[32]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[33]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[34]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[35]  Marvin Theimer,et al.  Reclaiming space from duplicate files in a serverless distributed file system , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[36]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.