Abstract
The secure instantiation of the random oracle is one of the major open problems in modern cryptography. We investigate this problem using concepts and methods of algorithmic randomness. In modern cryptography, the random oracle model is widely used as an imaginary framework in which the security of a cryptographic scheme is discussed. In the random oracle model, the cryptographic hash function used in a cryptographic scheme is formulated as a random variable uniformly distributed over all possibility of the function, called the random oracle. The main result of this paper is to show that, for any secure signature scheme in the random oracle model, there exists a specific computable function which can instantiate the random oracle while keeping the security originally proved in the random oracle model. In modern cryptography the generic group model is used also for a similar purpose to the random oracle model. We show that the same results hold for the generic group model. In the process of proving the results, we introduce the notion of effective security, demonstrating the importance of this notion in modern cryptography.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Normally, Martin-Löf random is defined with fixing the total recursive function \(f\colon \mathbb {N}^{+}\to \mathbb {Q}\cap (0,\infty )\) to the form f(n)=2 −n . However, the relaxation of the function f as in Definition 1 does not alter the class of Martin-Löf random infinite binary sequences.
Normally, a probabilistic (uniform) polynomial-time Turing machine is called a probabilistic polynomial-time adversary when it is used as an adversary against a cryptographic scheme.
In fact, \(\mathsf {ML\text {-}TEST}_{\mathrm {\Pi }}^{\mathsf {EUF\text {-}ACMA}}\) contains only Schnorr tests, where a Schnorr test is defined as a Martin-Löf test \(\mathcal {C}\subset \mathbb {N}^{+}\times \{0,1\}^{*}\) such that \(\mathcal {L}\left ({[{\mathcal {C}_{n}}]^{\prec }}\right )\) is computable uniformly in n. For the detail of Schnorr tests, see e.g. Section 3.5 of Nies [23].
Lemma 3 can be used to prove the non-existence of universal Schnorr test for the notion of Schnorr randomness for an infinite binary sequence. See Fact 3.5.9 of [23] for the detail.
See [15, Chapter 4] for the detail of collision resistant hash function.
As such S ′, the set T∪{s∈S∣t is a prefix of s} suffices, where T={t} if there is a prefix s∈S of t and T=∅ otherwise.
In order to prove Theorem 13, it is suffice to use the inequality 2n≥n d which holds for all n≥((d+1)/ ln2)d+1 and not for all n≥d 2 as in Lemma 4. The former follows immediately from the inequality e x≥x which holds for all \(x\in \mathbb {R}\). However, we prefer a more “insightful” polynomial lower bound n≥d 2 than the super-exponential lower bound n≥((d+1)/ ln2)d+1. See Section 11 for further remarks.
References
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of 1st ACM Conference Computing, Communications and Security, ACM, pp. 62–73 (1993)
Bellare, M., Boldyreva, A., Palacio, A.: An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In: Proceedings of EUROCRYPT 2004, Lecture Notes in Computer Science, vol. 3027, pp. 171–188. Springer (2004)
Bienvenu, L., Merkle, W., Nies, A.: Solovay functions and K-triviality. In: Proceedings of the 28th Symposium on Theoretical Aspects of Computer Science (STACS2011), pp. 452–463 (2011)
Brattka, V., Miller, J., Nies, A.: Randomness and differentiability (2012). preprint
Canetti, R., Goldreich, O., Halevi, S: The random oracle methodology, revisited. J. ACM 51, 557–594 (2004)
Chaitin, G. J.: On the length of programs for computing finite binary sequences. J. Assoc. Comput. Mach. 13, 547–569 (1966)
Chaitin, G. J.: A theory of program size formally identical to information theory. J. Assoc. Comput. Mach. 22, 329–340 (1975)
Chaitin, G. J.: Algorithmic Information Theory. Cambridge University Press, Cambridge (1987)
Dent, A. W.: Adapting the weaknesses of the random oracle model to the generic group model. In: Proceedings of ASIACRYPT 2002, Lecture Notes in Computer Science, vol. 2501, pp. 100–109. Springer (2002)
Downey, R. G., Hirschfeldt, D. R.: Algorithmic Randomness and Complexity. Springer-Verlag, New York (2010)
Fischlin, M., Lehmann, A, Ristenpart, T., Shrimpton, T., Stam, M., Tessaro, S.: Random oracles with(out) programmability. Proceedings of ASIACRYPT 2010, Lecture Notes in Computer Science, Springer-Verlag, vol. 6477, pp. 303–320. (2010)
Goldreich, O.: Foundations of Cryptography: Volume 1 – Basic Tools. Cambridge University Press, New York (2001)
Goldreich, O.: Foundations of Cryptography: Volume 2 – Basic Applications. Cambridge University Press, New York (2004)
Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of CRYPTO’88, Lecture Notes in Computer Science, Springer-Verlag, vol. 403, pp. 8–26. (1990)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall/CRC Press (2007)
Kolmogorov, A. N.: Three approaches to the quantitative definition of information. Probl. Inform. Transm. 1(1), 1–7 (1965)
Leurent, G., Nguyen, P. Q.: How risky is the random-oracle model? Proceedings of CRYPTO 2009, Lecture Notes in Computer Science, Springer-Verlag, vol. 5677, pp. 445–464. (2009)
Martin-Löf, P.: The definition of random sequences. Inf. Control. 9, 602–619 (1966)
Maurer, U., Wolf, S.: Lower bounds on generic algorithms in groups. In: Proceedings of EUROCRYPT’98, Lecture Notes in Computer Science, Springer-Verlag, vol. 1403, pp. 72–84. (1998)
Maurer, U.: Abstract models of computation in cryptography. Proceedings of Cryptography and Coding 2005, Lecture Notes in Computer Science, Springer-Verlag, vol. 3796, pp. 1–12. (2005)
Miller, J., Yu, L.: On initial segment complexity and degrees of randomness. Trans. Amer. Math. Soc. 360, 3193–3210 (2008)
Moriyama, D., Nishimaki, R., Okamoto, T.: Theory of Public-Key Cryptography Industrial and Applied Mathematics Series vol. 2. JSIAM, Kyoritsu Shuppan Co., Ltd., Tokyo, 2011. In Japanese
Nies, A.: Computability and Randomness. Oxford University Press, New York (2009)
Pour-El, M. B., Richards, J. I.: Computability in Analysis and Physics. Perspectives in Mathematical Logic. Springer-Verlag, Berlin (1989)
Schnorr, C.-P.: A unified approach to the definition of a random sequence. Math. Syst. Theory 5, 246–258 (1971)
Schnorr, C.-P.: Process complexity and effective random tests. J. Comput. Syst. Sci. 7, 376–388 (1973)
Shoup, V.: Lower bounds for discrete logarithms and related problems. Proceedings of EUROCRYPT’97, Lecture Notes in Computer Science, Springer-Verlag, vol. 1233, pp. 256–266. (1997)
Solomonoff, R. J.: A formal theory of inductive inference. Part I and Part II. Inform. Control vol. 7, pp. 1–22, 1964; vol. 7, pp. 224–254 (1964)
Solovay, R. M.: Draft of a paper (or series of papers) on Chaitin’s work... done for the most part during the period of Sept.–Dec. 1974,” unpublished manuscript, IBM Thomas J. Watson Research Center, Yorktown Heights, New York, May 1975, pp. 215
Weihrauch, K.: Computable Analysis. Springer-Verlag, Berlin (2000)
Acknowledgments
This work was supported by JSPS KAKENHI Grant Number 23340020 and by the Ministry of Economy, Trade and Industry of Japan.
Author information
Authors and Affiliations
Corresponding author
Additional information
A part of this work was presented at the Seventh International Conference on Computability, Complexity and Randomness (CCR 2012), July 2-6, 2012, Cambridge, Great Britain.
Rights and permissions
About this article
Cite this article
Tadaki, K., Doi, N. Cryptography and Algorithmic Randomness. Theory Comput Syst 56, 544–580 (2015). https://doi.org/10.1007/s00224-014-9545-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00224-014-9545-9