Reset Indifferentiability from Weakened Random Oracle Salvages One-Pass Hash Functions

  • Yusuke Naito
  • Kazuki Yoneyama
  • Kazuo Ohta
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8479)


Ristenpart et al. (EUROCRYPT 2011) showed that the indifferentiability theorem of Maurer et al. (TCC 2004) does not cover all multi-stage security notions; it only covers single-stage security notions. They defined reset indifferentiability, and proved the reset indifferentiability theorem, which covers all security notions; if a hash function is reset indifferentiable from a random oracle denoted by RO, for any security, any cryptosystem is at least as secure under the hash function as in the RO model. Unfortunately, they also proved the impossibility of one-pass hash functions such as ChopMD and Sponge; there exists a multi-security notion such that some cryptosystem is secure in the RO model but insecure when RO is replaced with a one-pass hash function.

In order to ensure other multi-stage security notions,we propose a new methodology, called the \(\mathcal{WRO}\) methodology, instead of the \(\mathcal{RO}\) methodology. We consider “Reset Indifferentiability from Weakened Random Oracle” which salvages ChopMD and Sponge. The concrete procedure of the \(\mathcal{WRO}\) methodology is as follows:

  1. 1

    Define a new concept of \(\mathcal{WRO}\) instead of \(\mathcal{RO}\),

  2. 2

    Prove that a hash function H is reset indifferentiable from \(\mathcal{WRO}\), (here the examples are ChopMD and Sponge), and

  3. 3

    For multi-stage security G, prove that a cryptosystem \(\mathcal{C}\) is G-secure in the \(\mathcal{WRO}\) model.


As a result, \(\mathcal{C}\) with H is \(\mathcal{G}\)-secure by combining the results of Steps 2, 3, and the theorem of Ristenpart et al. Moreover, for a public-key encryption scheme (as \(\mathcal{C}\)) and the chosen-distribution attack game (as the game of \(\mathcal{G}\)) we prove that \(\mathcal{C(WRO)}\) is \(\mathcal{G}\)-secure, which implies the appropriateness of the new concept of the \(\mathcal{WRO}\) methodology.


Indifferentiable hash function reset indifferentiability multi-stage game Sponge ChopMD 


  1. 1.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and Efficiently Searchable Encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: How to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232–249. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 360–378. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the Sponge Construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. Submission to NIST, Round 3 (2011)Google Scholar
  6. 6.
    Boldyreva, A., Fehr, S., O’Neill, A.: On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Demay, G., Gaži, P., Hirt, M., Maurer, U.: Resource-restricted indifferentiability. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 664–683. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Ristenpart, T., Shrimpton, T.: Salvaging Merkle-Damgård for Practical Applications. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 371–388. Springer, Heidelberg (2009); Full Version in ePrint 2009/177Google Scholar
  10. 10.
    Fuller, B., O’Neill, A., Reyzin, L.: A Unified Approach to Deterministic Encryption: New Constructions and a Connection to Computational Entropy. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 582–599. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Luykx, A., Andreeva, E., Mennink, B., Preneel, B.: Impossibility results for indifferentiability with resets. ePrint 2012/644 (2012)Google Scholar
  12. 12.
    Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Mironov, I., Pandey, O., Reingold, O., Segev, G.: Incremental Deterministic Public-Key Encryption. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 628–644. Springer, Heidelberg (2012); Full Version in ePrint 2012/047Google Scholar
  14. 14.
    Mittelbach, A.: Salvaging indifferentiability in a multi-stage setting. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 603–621. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  15. 15.
    Naito, Y., Yoneyama, K., Ohta, K.: Reset Indifferentiability from Weakened Random Oracle Salvages One-pass Hash Functions. In: ePrint 2012/014 (2012); Full Version of this PaperGoogle Scholar
  16. 16.
    National Institute of Standards and Technology. Cryptographic Hash Algorithm Competition.
  17. 17.
    National Institute of Standards and Technoloty. FIPS PUB 180-4 Secure Hash Standard. In: FIPS PUB (2012)Google Scholar
  18. 18.
    Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with Composition: Limitations of the Indifferentiability Framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 487–506. Springer, Heidelberg (2011); Full Version: ePrint 2011/339Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yusuke Naito
    • 1
    • 3
  • Kazuki Yoneyama
    • 2
  • Kazuo Ohta
    • 3
  1. 1.Mitsubishi Electric CorporationJapan
  2. 2.NTT Secure Platform LaboratoriesJapan
  3. 3.The University of Electro-CommunicationsJapan

Personalised recommendations