Another look at tightness
Sanjit Chatterjee,Alfred Menezes,Palash Sarkar +2 more
- pp 293-319
Reads0
Chats0
TLDR
A natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting is examined, finding deficiencies in the security assurances provided by non- Tight Proofs including ones for network authentication and aggregate MACs.Abstract:
We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar deficiencies in the security assurances provided by non-tight proofs when we analyze some protocols in the literature including ones for network authentication and aggregate MACs. Our observations call into question the practical value of non-tight reductionist security proofs. We also exhibit attacks on authenticated encryption schemes, disk encryption schemes, and stream ciphers in the multi-user setting.read more
Citations
More filters
Book ChapterDOI
A Note on Quantum Security for Post-Quantum Cryptography
TL;DR: Shor's quantum factoring algorithm and a few other efficient quantum algorithms break many classical crypto-systems as discussed by the authors, and people proposed post-quantum cryptography based on computational problems that are believed hard even for quantum computers.
Journal ArticleDOI
The random oracle model: a twenty-year retrospective
Neal Koblitz,Alfred Menezes +1 more
TL;DR: In this article, the authors argue that there is no evidence that the need for the random oracle assumption in a proof indicates the presence of a real-world security weakness in the corresponding protocol.
Book ChapterDOI
Optimal security proofs for full domain hash, revisited
Saqib A. Kakvi,Eike Kiltz +1 more
TL;DR: A new tight security reduction from a stronger assumption is given, the Phi-Hiding assumption introduced by Cachin et al (EUROCRYPT 1999), which justifies the choice of smaller parameters in RSA-FDH, as it is commonly used in practice.
Book ChapterDOI
An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography
TL;DR: Primitives that rely on order-finding problems, such as factoring and computing Discrete Logarithms, can be broken by Shor’s algorithm.
Posted Content
The Random Oracle Model: A Twenty-Year Retrospective.
Neal Koblitz,Alfred Menezes +1 more
TL;DR: In this paper, the authors argue that there is no evidence that the need for the random oracle assumption in a proof indicates the presence of a real-world security weakness in the corresponding protocol.
References
More filters
Journal ArticleDOI
Identity-Based Encryption from the Weil Pairing
Dan Boneh,Matthew K. Franklin +1 more
TL;DR: This work proposes a fully functional identity-based encryption (IBE) scheme based on bilinear maps between groups and gives precise definitions for secure IBE schemes and gives several applications for such systems.
Journal ArticleDOI
Efficient signature generation by smart cards
TL;DR: An efficient algorithm that preprocesses the exponentiation of a random residue modulo p is presented, which improves the ElGamal signature scheme in the speed of the procedures for the generation and the verification of signatures and also in the bit length of signatures.
Journal ArticleDOI
Security Arguments for Digital Signatures and Blind Signatures
David Pointcheval,Jacques Stern +1 more
TL;DR: It is proved that a very slight variation of the well-known El Gamal signature scheme resists existential forgeries even against an adaptively chosen-message attack and an appropriate notion of security related to the setting of electronic cash is defined.
Book ChapterDOI
Entity authentication and key distribution
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: This work provides the first formal treatment of entity authentication and authenticated key distribution appropriate to the distributed environment and presents a definition, protocol, and proof that the protocol meets its goal, assuming only the existence of a pseudorandom function.
Book ChapterDOI
Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles
Dan Boneh,Xavier Boyen +1 more
TL;DR: The first secure IBE scheme without random oracles was presented in this article, where the adversary must commit ahead of time to the identity that it intends to attack, whereas in the standard model the adversary is allowed to choose this identity adaptively.