Security of Encryption Schemes in Weakened Random Oracle Models

(Extended Abstract)
  • Akinori Kawachi
  • Akira Numayama
  • Keisuke Tanaka
  • Keita Xagawa
Conference paper

DOI: 10.1007/978-3-642-13013-7_24

Volume 6056 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Kawachi A., Numayama A., Tanaka K., Xagawa K. (2010) Security of Encryption Schemes in Weakened Random Oracle Models. In: Nguyen P.Q., Pointcheval D. (eds) Public Key Cryptography – PKC 2010. PKC 2010. Lecture Notes in Computer Science, vol 6056. Springer, Berlin, Heidelberg

Abstract

Liskov proposed several weakened versions of the random oracle model, called weakened random oracle models (WROMs), to capture the vulnerability of ideal compression functions, which are expected to have the standard security of hash functions, i.e., collision resistance, second-preimage resistance, and one-wayness properties. The WROMs offer additional oracles to break such properties of the random oracle. In this paper, we investigate whether public-key encryption schemes in the random oracle model essentially require the standard security of hash functions by the WROMs. In particular, we deal with four WROMs associated with the standard security of hash functions; the standard, collision tractable, second-preimage tractable, first-preimage tractable ones (ROM, CT-ROM, SPT-ROM, and FPT-ROM, respectively), done by Numayama et al. for digital signature schemes in the WROMs. We obtain the following results: (1) The OAEP is secure in all the four models. (2) The encryption schemes obtained by the Fujisaki-Okamoto conversion (FO) are secure in the SPT-ROM. However, some encryption schemes with FO are insecure in the FPT-ROM. (3) We consider two artificial variants wFO and dFO of FO for separation of the WROMs in the context of encryption schemes. The encryption schemes with wFO (dFO, respectively) are secure in the CT-ROM (ROM, respectively). However, some encryption schemes obtained by wFO (dFO, respectively) are insecure in the SPT-ROM (CT-ROM, respectively). These results imply that standard encryption schemes such as the OAEP and FO-based one do not always require the standard security of hash functions. Moreover, in order to make our security proofs complete, we construct an efficient sampling algorithm for the binomial distribution with exponentially large parameters, which was left open in Numayama et al.’s paper.

Keywords

public-key encryption schemes weakened random oracle models OAEP Fujisaki-Okamoto conversion 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Akinori Kawachi
    • 1
  • Akira Numayama
    • 1
  • Keisuke Tanaka
    • 1
  • Keita Xagawa
    • 1
  1. 1.Department of Mathematical and Computing SciencesTokyo Institute of TechnologyTokyoJapan