Advertisement

Weakened Random Oracle Models with Target Prefix

  • Masayuki TezukaEmail author
  • Yusuke Yoshida
  • Keisuke Tanaka
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)

Abstract

Weakened random oracle models (WROMs) are variants of the random oracle model (ROM). The WROMs have the random oracle and the additional oracle which breaks some property of a hash function. Analyzing the security of cryptographic schemes in WROMs, we can specify the property of a hash function on which the security of cryptographic schemes depends.

Liskov (SAC’06) proposed WROMs and later Numayama et al. (PKC’08) formalized them as CT-ROM, SPT-ROM, and FPT-ROM. In each model, there is the additional oracle to break collision resistance, second preimage resistance, preimage resistance respectively. Tan and Wong (ACISP’12) proposed the generalized FPT-ROM (GFPT-ROM) which intended to capture the chosen prefix collision attack suggested by Stevens et al. (EUROCRYPT’07).

In this paper, in order to analyze the security of cryptographic schemes more precisely, we formalize GFPT-ROM and propose additional three WROMs which capture the chosen prefix collision attack and its variants. In particular, we focus on signature schemes such as RSA-FDH, its variants, and DSA, in order to understand essential roles of WROMs in their security proofs.

Keywords

Weakened random oracle model WROM RSA-FDH DSA Chosen prefix collision attack 

Notes

Acknowledgement

We are grateful to Kazuo Ohta (University of Electro-Communications) and Shiho Moriai (National Institute of Information and Communications Technology) for giving us the opportunity to do this research. We would also like to thank anonymous referees for their constructive comments.

References

  1. 1.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS 1993, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, November 3–5, 1993, pp. 62–73 (1993)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995).  https://doi.org/10.1007/BFb0053428CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9_34CrossRefGoogle Scholar
  4. 4.
    Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_18CrossRefGoogle Scholar
  5. 5.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_34CrossRefGoogle Scholar
  6. 6.
    Jager, T., Kakvi, S.A., May, A.: On the security of the PKCS#1 v1.5 signature scheme. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15–19, 2018, pp. 1195–1208 (2018)Google Scholar
  7. 7.
    Jonsson, J., Moriarty, K., Kaliski, B., Rusch, A.: PKCS# 1: RSA cryptography specifications version 2.2. RFC 8017, RFC Editor, United States (2016)Google Scholar
  8. 8.
    Kawachi, A., Numayama, A., Tanaka, K., Xagawa, K.: Security of encryption schemes in weakened random oracle models. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 403–419. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13013-7_24CrossRefGoogle Scholar
  9. 9.
    Kerry, C.F., Romine, C.: FIPS PUB 186–4 Digital Signature Standard (DSS) (2013)Google Scholar
  10. 10.
    Liskov, M.: Constructing an ideal hash function from weak ideal compression functions. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 358–375. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74462-7_25CrossRefGoogle Scholar
  11. 11.
    Numayama, A., Isshiki, T., Tanaka, K.: Security of digital signature schemes in weakened random oracle models. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 268–287. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78440-1_16CrossRefGoogle Scholar
  12. 12.
    Pasini, S., Vaudenay, S.: Hash-and-sign with weak hashing made secure. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 338–354. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73458-1_25CrossRefzbMATHGoogle Scholar
  13. 13.
    Rivest, R.: The MD5 Message-Digest Algorithm. RFC 1321, RFC Editor, United States (1992)Google Scholar
  14. 14.
    Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_19CrossRefGoogle Scholar
  15. 15.
    Stevens, M., Lenstra, A., de Weger, B.: Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-72540-4_1CrossRefGoogle Scholar
  16. 16.
    Stevens, M., et al.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_4CrossRefGoogle Scholar
  17. 17.
    Tan, X., Wong, D.S.: Generalized first pre-image tractable random oracle model and signature schemes. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 247–260. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31448-3_19CrossRefGoogle Scholar
  18. 18.
    Unruh, D.: Random oracles and auxiliary input. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 205–223. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_12CrossRefGoogle Scholar
  19. 19.
    U.S. Department of Commerce/National Institute of Standards and Technology. FIPS PUB 180–2, Secure Hash Standard (SHS) (2002)Google Scholar
  20. 20.
    Vaudenay, S.: The security of DSA and ECDSA. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36288-6_23CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Masayuki Tezuka
    • 1
    Email author
  • Yusuke Yoshida
    • 1
  • Keisuke Tanaka
    • 1
  1. 1.Tokyo Institute of TechnologyTokyoJapan

Personalised recommendations