A Unified Approach to Idealized Model Separations via Indistinguishability Obfuscation

It is well known that the random-oracle RO model is not sound in the sense that there are schemes that are secure in the RO model but are insecure when instantiated by any family of hash functions. However, existing separation results do not hold for all cryptographic schemes in the RO model e.g., bit encryption, leaving open the possibility that such schemes can be soundly instantiated. In this work we refute this possibility, assuming the existence of indistinguishability obfuscation. First, we present a separation for bit encryption; namely, we show that there exists a bit-encryption protocol secure in the RO model but is insecure when the random oracle is instantiated by any concrete function. Second, we show how to adapt this separation to work for most natural simulation-based and game-based definitions. Our techniques can easily be adapted to other idealized models, and thus we present a unified approach to showing separations for many protocols of interest in various idealized models.

[1]  Eike Kiltz,et al.  On the Security of Padding-Based Encryption Schemes - or - Why We Cannot Prove OAEP Secure in the Standard Model , 2009, EUROCRYPT.

[2]  Pooya Farshim,et al.  Indistinguishability Obfuscation and UCEs: The Case of Computationally Unpredictable Sources , 2014, IACR Cryptol. ePrint Arch..

[3]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[4]  Yevgeniy Dodis,et al.  On the Generic Insecurity of the Full Domain Hash , 2005, CRYPTO.

[5]  Brent Waters,et al.  Adaptively Secure Constrained Pseudorandom Functions , 2014, IACR Cryptol. ePrint Arch..

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[8]  Nir Bitansky,et al.  Indistinguishability Obfuscation vs. Auxiliary-Input Extractable Functions: One Must Fall , 2013, IACR Cryptol. ePrint Arch..

[9]  Jörn Müller-Quade,et al.  Universally Composable Commitments Using Random Oracles , 2004, TCC.

[10]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2012, JACM.

[11]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[12]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[13]  Nir Bitansky,et al.  More on the Impossibility of Virtual-Black-Box Obfuscation with Auxiliary Input , 2013, IACR Cryptol. ePrint Arch..

[14]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[15]  Brent Waters,et al.  How to Generate and Use Universal Samplers , 2016, ASIACRYPT.

[16]  Ran Canetti,et al.  On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes , 2004, TCC.

[17]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[18]  Jean-Sébastien Coron,et al.  Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers , 2012, EUROCRYPT.

[19]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[20]  Mihir Bellare,et al.  Instantiating Random Oracles via UCEs , 2013, IACR Cryptol. ePrint Arch..

[21]  Yael Tauman Kalai,et al.  The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator , 2014, CRYPTO.

[22]  Mihir Bellare,et al.  An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem , 2004, EUROCRYPT.

[23]  Alexander W. Dent Fundamental problems in provable security and cryptography , 2006, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[24]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[25]  Pooya Farshim,et al.  Random-Oracle Uninstantiability from Indistinguishability Obfuscation , 2015, TCC.

[26]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[27]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[28]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[29]  Brent Waters,et al.  How to Generate and use Universal Parameters , 2014, IACR Cryptology ePrint Archive.

[30]  Kai-Min Chung,et al.  On Extractability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[31]  Mark Zhandry,et al.  Differing-Inputs Obfuscation and Applications , 2013, IACR Cryptol. ePrint Arch..

[32]  Omer Paneth,et al.  On the Achievability of Simulation-Based Security for Functional Encryption , 2013, CRYPTO.

[33]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[34]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[35]  Gaëtan Leurent,et al.  How Risky Is the Random-Oracle Model? , 2009, CRYPTO.

[36]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[37]  Alexander W. Dent Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model , 2002, ASIACRYPT.