Cryptography Reference
In-Depth Information
Consequently, a security proof in the random oracle model makes sure that
the protocol is secure against hash-generic attacks. It is of course possible that an
adversary can break the protocol for some particular cryptographic hash functions
(or even for the entire family of cryptographic hash functions) by somehow taking
advantage of how the hash function(s) is (are) computed. Nevertheless, a proof in the
random oracle model can still be regarded as evidence of security when the random
oracle is replaced by a particular cryptographic hash function (this was the original
claim of Bellare and Rogaway). It should be stressed at this point that no practical
protocol proven secure in the random oracle model has been broken when used with
a cryptographic hash function, such as SHA-1. The protocol used in [6] was not a
natural protocol for a “reasonable” cryptographic application (i.e., it was designed
explicitly for the purposes of the proof).
13.4
FINAL REMARKS
In this chapter, we elaborated on PRFs and their close relationship to PRBGs. In
particular, we showed that it is possible to construct a PRBG if one has a PRF family
and that it is possible to contruct a PRF family if one has a PRBG. The constructions
we gave are conceptually simple and straightforward. To be used in practice, one
would certainly go for constructions that are more efficient.
Having introduced the notion of a PRF family, we then introduced, over-
viewed, and put into perspective the random oracle methodology that is frequently
used in modern cryptography to design cryptographic systems and to analyze their
security properties in the so-called random oracle model. Mainly due to a negative
result [6], people have started to think controversially about the random oracle
model and to look for alternative approaches to analyze the security properties of
cryptographic systems. In fact, security proofs avoiding the random oracle model
are popular and have appeared in many recent cryptographic publications.
References
[1]
Goldreich, O., S. Goldwasser, and S. Micali, “How to Construct Random Functions,”
Journal of
the ACM
, Vol. 33, No. 4, October 1986, pp. 792-807.
[2]
Bellare, M., and P. Rogaway, “Random Oracles Are Practical: A Paradigm for Designing Efficient
Protocols,”
Proceedings of First Annual Conference on Computer and Communications Security
,
ACM Press, New York, 1993, pp. 62-73.
[3]
Fiat, A., and A. Shamir, “How To Prove Yourself: Practical Solutions to Identification and
Signature Problems,”
Proceedings of CRYPTO '86
, Springer-Verlag, LNCS 263, 1987, pp. 186-
194.
