Weakened Random Oracle Models with Target Prefix
Weakened random oracle models (WROMs) are variants of the random oracle model (ROM). The WROMs have the random oracle and the additional oracle which breaks some property of a hash function. Analyzing the security of cryptographic schemes in WROMs, we can specify the property of a hash function on which the security of cryptographic schemes depends.
Liskov (SAC’06) proposed WROMs and later Numayama et al. (PKC’08) formalized them as CT-ROM, SPT-ROM, and FPT-ROM. In each model, there is the additional oracle to break collision resistance, second preimage resistance, preimage resistance respectively. Tan and Wong (ACISP’12) proposed the generalized FPT-ROM (GFPT-ROM) which intended to capture the chosen prefix collision attack suggested by Stevens et al. (EUROCRYPT’07).
In this paper, in order to analyze the security of cryptographic schemes more precisely, we formalize GFPT-ROM and propose additional three WROMs which capture the chosen prefix collision attack and its variants. In particular, we focus on signature schemes such as RSA-FDH, its variants, and DSA, in order to understand essential roles of WROMs in their security proofs.
KeywordsWeakened random oracle model WROM RSA-FDH DSA Chosen prefix collision attack
We are grateful to Kazuo Ohta (University of Electro-Communications) and Shiho Moriai (National Institute of Information and Communications Technology) for giving us the opportunity to do this research. We would also like to thank anonymous referees for their constructive comments.
- 1.Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS 1993, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, November 3–5, 1993, pp. 62–73 (1993)Google Scholar
- 6.Jager, T., Kakvi, S.A., May, A.: On the security of the PKCS#1 v1.5 signature scheme. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15–19, 2018, pp. 1195–1208 (2018)Google Scholar
- 7.Jonsson, J., Moriarty, K., Kaliski, B., Rusch, A.: PKCS# 1: RSA cryptography specifications version 2.2. RFC 8017, RFC Editor, United States (2016)Google Scholar
- 9.Kerry, C.F., Romine, C.: FIPS PUB 186–4 Digital Signature Standard (DSS) (2013)Google Scholar
- 13.Rivest, R.: The MD5 Message-Digest Algorithm. RFC 1321, RFC Editor, United States (1992)Google Scholar
- 19.U.S. Department of Commerce/National Institute of Standards and Technology. FIPS PUB 180–2, Secure Hash Standard (SHS) (2002)Google Scholar