# Reset Indifferentiability from Weakened Random Oracle Salvages One-Pass Hash Functions

• Yusuke Naito
• Kazuki Yoneyama
• Kazuo Ohta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8479)

## Abstract

Ristenpart et al. (EUROCRYPT 2011) showed that the indifferentiability theorem of Maurer et al. (TCC 2004) does not cover all multi-stage security notions; it only covers single-stage security notions. They defined reset indifferentiability, and proved the reset indifferentiability theorem, which covers all security notions; if a hash function is reset indifferentiable from a random oracle denoted by RO, for any security, any cryptosystem is at least as secure under the hash function as in the RO model. Unfortunately, they also proved the impossibility of one-pass hash functions such as ChopMD and Sponge; there exists a multi-security notion such that some cryptosystem is secure in the RO model but insecure when RO is replaced with a one-pass hash function.

In order to ensure other multi-stage security notions,we propose a new methodology, called the $$\mathcal{WRO}$$ methodology, instead of the $$\mathcal{RO}$$ methodology. We consider “Reset Indifferentiability from Weakened Random Oracle” which salvages ChopMD and Sponge. The concrete procedure of the $$\mathcal{WRO}$$ methodology is as follows:

1. 1

Define a new concept of $$\mathcal{WRO}$$ instead of $$\mathcal{RO}$$,

2. 2

Prove that a hash function H is reset indifferentiable from $$\mathcal{WRO}$$, (here the examples are ChopMD and Sponge), and

3. 3

For multi-stage security G, prove that a cryptosystem $$\mathcal{C}$$ is G-secure in the $$\mathcal{WRO}$$ model.

As a result, $$\mathcal{C}$$ with H is $$\mathcal{G}$$-secure by combining the results of Steps 2, 3, and the theorem of Ristenpart et al. Moreover, for a public-key encryption scheme (as $$\mathcal{C}$$) and the chosen-distribution attack game (as the game of $$\mathcal{G}$$) we prove that $$\mathcal{C(WRO)}$$ is $$\mathcal{G}$$-secure, which implies the appropriateness of the new concept of the $$\mathcal{WRO}$$ methodology.

## Keywords

Indifferentiable hash function reset indifferentiability multi-stage game Sponge ChopMD

## References

1. 1.
Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and Efficiently Searchable Encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)
2. 2.
Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: How to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232–249. Springer, Heidelberg (2009)
3. 3.
Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 360–378. Springer, Heidelberg (2008)
4. 4.
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the Sponge Construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008)
5. 5.
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. Submission to NIST, Round 3 (2011)Google Scholar
6. 6.
Boldyreva, A., Fehr, S., O’Neill, A.: On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)
7. 7.
Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)
8. 8.
Demay, G., Gaži, P., Hirt, M., Maurer, U.: Resource-restricted indifferentiability. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 664–683. Springer, Heidelberg (2013)
9. 9.
Dodis, Y., Ristenpart, T., Shrimpton, T.: Salvaging Merkle-Damgård for Practical Applications. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 371–388. Springer, Heidelberg (2009); Full Version in ePrint 2009/177Google Scholar
10. 10.
Fuller, B., O’Neill, A., Reyzin, L.: A Unified Approach to Deterministic Encryption: New Constructions and a Connection to Computational Entropy. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 582–599. Springer, Heidelberg (2012)
11. 11.
Luykx, A., Andreeva, E., Mennink, B., Preneel, B.: Impossibility results for indifferentiability with resets. ePrint 2012/644 (2012)Google Scholar
12. 12.
Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)
13. 13.
Mironov, I., Pandey, O., Reingold, O., Segev, G.: Incremental Deterministic Public-Key Encryption. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 628–644. Springer, Heidelberg (2012); Full Version in ePrint 2012/047Google Scholar
14. 14.
Mittelbach, A.: Salvaging indifferentiability in a multi-stage setting. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 603–621. Springer, Heidelberg (2014)
15. 15.
Naito, Y., Yoneyama, K., Ohta, K.: Reset Indifferentiability from Weakened Random Oracle Salvages One-pass Hash Functions. In: ePrint 2012/014 (2012); Full Version of this PaperGoogle Scholar
16. 16.
National Institute of Standards and Technology. Cryptographic Hash Algorithm Competition. http://csrc.nist.gov/groups/ST/hash/sha-3/winner_sha-3.html
17. 17.
National Institute of Standards and Technoloty. FIPS PUB 180-4 Secure Hash Standard. In: FIPS PUB (2012)Google Scholar
18. 18.
Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with Composition: Limitations of the Indifferentiability Framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 487–506. Springer, Heidelberg (2011); Full Version: ePrint 2011/339Google Scholar

© Springer International Publishing Switzerland 2014

## Authors and Affiliations

• Yusuke Naito
• 1
• 3
• Kazuki Yoneyama
• 2
• Kazuo Ohta
• 3
1. 1.Mitsubishi Electric CorporationJapan
2. 2.NTT Secure Platform LaboratoriesJapan
3. 3.The University of Electro-CommunicationsJapan