Cryptography Reference
In-Depth Information
16. Mihir Bellare and Phillip Rogaway, “The Exact Security of Digital Signatures:
How to Sign with RSA and Rabin,” in
Advances in Cryptology—EUROCRYPT '96
, ed.
Ueli Maurer (Berlin: Springer, 1996), 399-416.
17. Ibid., 401.
18. Interestingly, Bellare and Rogaway claim that their model stems from the for-
malization of cryptographic tacit knowledge: “The idea of such a paradigm . . .
incorporates viewpoints which, shared and verbally articulated by many members
of our community, should be regarded as folklore. In this light, we view our contri-
bution as follows . . . we raise the implicit philosophy behind the use of a random
oracle to an explicitly articulated paradigm which we maintain brings significant
benefits to practice.” Bellare and Rogaway, “Random Oracles Are Practical,” 63.
19. Ibid., 62.
20. Bellare, “Practice-Oriented Provable-Security,” 9.
21. Ran Canetti, Oded Goldreich, and Shai Halevi, “The Random Oracle Methodol-
ogy, Revisited,” in
30th Annual ACM Symposium on the Theory of Computing
(New
York: ACM Press, 1998), 211.
22. David Pointcheval and Jacques Stern, “Security Arguments for Digital Signatures
and Blind Signatures,”
Journal of Cryptology
13, no. 3 (2000): 351-396.
23. Rogaway, “On the Role of Definitions In and Beyond Cryptography,” 26.
24. Goldreich, “On Post-Modern Cryptography,” 11.
25. Shoup, “Practical Threshold Signatures,” 209; emphasis added.
26. Today, some researchers are content to invoke the model as simply one more
assumption on which to base cryptographic schemes: “Modern cryptography is
about defining security notions and then constructing schemes that provably
achieve these notions. In cryptography, security proofs are often relative: a scheme
is proven secure, assuming that some computational problem is hard to solve. For
a given functionality, the goal is therefore to obtain an efficient scheme that is secure
under a well-known computational assumption (for example, factoring is hard).
However for certain functionalities, or to get a more efficient scheme, it is sometimes
necessary to work in some idealized model of computation.” Jean-Sébastien Coron,
Jacques Patarin, and Yannick Seurin, “The Random Oracle Model and the Ideal
Cipher Model Are Equivalent,” in
Advances in Cryptology—CRYPTO 2008
, ed. David
Wagner (Berlin: Springer-Verlag, 2008), 1.
27. See Menezes, van Oorschot, and Vanstone,
Handbook of Applied Cryptography
,
chapter 3.
28. Bellare, “Practice-Oriented Provable Security,” 11.
