On the Role Definitions in and Beyond Cryptography

  • Phillip Rogaway
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3321)


More than new algorithms, proofs, or technologies, it is the emergence of definitions that has changed the landscape of cryptography. We describe how definitions work in modern cryptography, giving a number of examples, and we provide observations, opinions, and suggestions about the art and science of crafting them.


Random Oracle Message Authentication Code Random String Provable Security Oracle Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BBS]
    Blum, L., Blum, M., Shub, M.: A simple secure unpredictable unpredictable pseudo-random number generator. SIAM J. on Computing 15, 364–383 (1986)zbMATHCrossRefMathSciNetGoogle Scholar
  2. [BCC]
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. JCSS 37(2), 156–189 (1988)zbMATHGoogle Scholar
  3. [BCK]
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  4. [BDJR]
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption: analysis of the DES modes of operation. In: FOCS 1997 (1997)Google Scholar
  5. [BDPR]
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 26. Springer, Heidelberg (1998)Google Scholar
  6. [Bea]
    Beaver, D.: Secure multiparty protocols and zero-knowledge proof systems tolerating faulty minority. J. of Cryptology 4(2), 75–122 (1991)zbMATHCrossRefGoogle Scholar
  7. [Bel]
    Bellare, M.: Practice-oriented provable-security. In: Damgård, I.B. (ed.) EEF School 1998. LNCS, vol. 1561, p. 1. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. [BGW]
    Ben-or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC 1988, pp. 1–10. ACM Press, New York (1988)CrossRefGoogle Scholar
  9. [BKR]
    Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. JCSS 61(3), 262–399 (2000)MathSciNetGoogle Scholar
  10. [Bl]
    Blum, M.: Coin flipping by phone. IEEE Spring COMPCOM, 133–137 (1982)Google Scholar
  11. [BM]
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. on Computing 13(4), 850–864 (1984); Earlier version in FOCS 1982zbMATHCrossRefMathSciNetGoogle Scholar
  12. [BN]
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 531. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. [BPR]
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 139. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. [BPW1]
    Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. In: Cryptology ePrint report 2004/082 (2004); Earlier version by Pfitzmann and Waidner in IEEE Symposium on Security and Privacy (2001)Google Scholar
  15. [BPW2]
    Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. In: Cryptology ePrint report 2003/015 (2003)Google Scholar
  16. [BR1]
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. [BR2]
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  18. [BR3]
    Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: STOC 1995, pp. 57–66 (1995)Google Scholar
  19. [BR4]
    Bellare, M., Rogaway, P.: Random oracle are practical: a paradigm for designing efficient protocols. In: Conference on Computer and Communications Security, CCS 1993, pp. 62–73 (1993)Google Scholar
  20. [BT]
    Benaloh, J., Tuinstra, D.: Receipt-free secret ballot elections. In: STOC 1994, pp. 544–553 (1994)Google Scholar
  21. [Ca]
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Cryptology ePrint report 2000/67 (2001); Earlier version in FOCS 2001Google Scholar
  22. [CBHM]
    Choo, K., Boyd, C., Hitchcock, Y., Maitland, G.: On session identifiers in provably secure protocols, the Bellare-Rogaway three-party key distribution protocol revisited. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 351–366. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. [CGK]
    Canetti, R., Goldreich, O., Krawczyk, H.: The random oracle methodology, revisited. In: STOC 1998, pp. 209–218 (1998)Google Scholar
  24. [CK]
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. [Co]
    Cook, S.: The complexity of theorem-proving procedures. In: STOC 1971, pp. 151–158. ACM Press, New York (1971)CrossRefGoogle Scholar
  26. [DGW]
    Donescu, P., Gligor, V., Wagner, D.: A note on NSA’s Dual Counter Mode of encryption. Manuscript (2001), Available from Wagner’s webpageGoogle Scholar
  27. [DH]
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. on Inf. Th. 22, 644–654 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  28. [DY]
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. on Information Theory 29(12), 198–208 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  29. [FS]
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  30. [GGM]
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. JACM 33(4), 210–217 (1986)CrossRefMathSciNetGoogle Scholar
  31. [GM]
    Goldwasser, S., Micali, S.: Probabilistic encryption. JCSS 28, 270–299 (1984)zbMATHMathSciNetGoogle Scholar
  32. [GMRa]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. on Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  33. [GMRi]
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. on Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  34. [GMW]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: STOC 1987, pp. 218–229 (1997)Google Scholar
  35. [Go1]
    Goldreich, O.: The foundations of modern cryptography. Manuscript (2000); Available from Goldreich’s webpage. Earlier version in Crypto 1997Google Scholar
  36. [Go2]
    Goldreich, O.: The Foundations of Cryptography, vol. 1, 2 (2001) Cambridge University Press, Cambridge (2004)CrossRefGoogle Scholar
  37. [Ju]
    Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529–544. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  38. [KY]
    Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  39. [LR]
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. on Computing 17(2) (April 1988)Google Scholar
  40. [MR]
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  41. [NY]
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC 1989, pp. 33–43 (1989)Google Scholar
  42. [RBB]
    Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Transactions on Information and System Security 6(3), 365–403 (2003)CrossRefGoogle Scholar
  43. [Sha]
    Shannon, C.: Communication theory of secrecy systems. Bell System Technical Journal 28, 656–715 (1949)zbMATHMathSciNetGoogle Scholar
  44. [Sho]
    Shoup, V.: On formal methods for secure key exchange. Cryptology ePrint report 1999/012 (1999)Google Scholar
  45. [SRA]
    Shamir, A., Rivest, R., Adleman, L.: Mental poker. MIT/LCS report TM-125 (1979)Google Scholar
  46. [Ya]
    Yao, A.: Theory and applications of trapdoor functions. In: FOCS 1982, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Phillip Rogaway
    • 1
    • 2
  1. 1.Dept. of Computer ScienceUniversity of CaliforniaDavisUSA
  2. 2.Dept. of Computer Science, Fac. of ScienceChiang Mai UniversityChiang MaiThailand

Personalised recommendations