- Grégory DemayAffiliated withDepartment of Computer Science, ETH Zurich
- , Peter GažiAffiliated withDepartment of Computer Science, ETH Zurich
- , Martin HirtAffiliated withDepartment of Computer Science, ETH Zurich
- , Ueli MaurerAffiliated withDepartment of Computer Science, ETH Zurich
A major general paradigm in cryptography is the following argument: Whatever an adversary could do in the real world, it could just as well do in the ideal world. The standard interpretation of “just as well” is that the translation from the real to the ideal world, usually called a simulator, is achieved by a probabilistic polynomial-time algorithm. This means that a polynomial blow-up of the adversary’s time and memory requirements is considered acceptable.
In certain contexts this interpretation of “just as well” is inadequate, for example if the concrete amount of memory used by the adversary is relevant. The example of Ristenpart et al. (Eurocrypt 2011), for which the original indifferentiability notion introduced by Maurer et al. (Eurocrypt 2004) is shown to be insufficient, turns out to be exactly of this type. It requires a fine-grained statement about the adversary’s memory capacity, calling for a generalized treatment of indifferentiability where specific resource requirements can be taken into account by modeling them explicitly.
We provide such treatment and employ the new indifferentiability notion to prove lower bounds on the memory required by any simulator in a domain extension construction of a public random function. In particular, for simulators without memory, even domain extension by a single bit turns out to be impossible. Moreover, for the construction of a random oracle from an ideal compression function, memory roughly linear in the length of the longest query is required. This also implies the impossibility of such domain extension in any multi-party setting with potential individual misbehavior by parties (i.e., no central adversary).
- Resource-Restricted Indifferentiability
- Book Title
- Advances in Cryptology – EUROCRYPT 2013
- Book Subtitle
- 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings
- pp 664-683
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- International Association for Cryptologic Research
- Additional Links
- Industry Sectors
- eBook Packages
- Editor Affiliations
- 16. Dept. of Electrical and Information Technology, Lund University
- 17. Départment d’informatique, Ecole normale supérieure
- Author Affiliations
- 18. Department of Computer Science, ETH Zurich, Switzerland
To view the rest of this content please follow the download PDF link above.