slides - Stanford Crypto Group

More documents

Recommendations

Info

UCE hash functions from ``standard’’ assumptions? Natural target: Independent inputs; block sources. Potentially useful: • Lossy TDFs [PW08] as used in [BoFeON08,BrSe11] • Augmented Crooked LHL [KOS10] Goldreich-Levin hardcore bits fail for correlated inputs. We expect achieving (full) UCE-security under standard assumptions to be challenging since it implies several things not yet known to be achievable under standard assumptions. 1/9/13 Bellare, <strong>Stanford</strong> RWC Workshop 47
UCE hash functions from ``standard’’ assumptions? [RSS11] draws attention to how the number of stages of an adversary can affect achievability of notions of security. A UCE adversary is multi-stage. [Wi13] implies that proving UCE based on an assumption that is a challenger-adversary game may be hard. This • Rules out achieving UCE based on assumptions with single-stage adversaries • But does not rule out achieving it from assumptions that involve multi-stage adversaries. 1/9/13 Bellare, <strong>Stanford</strong> RWC Workshop 48
Page 1 and 2: Instantiating Random Oracles Mihir
Page 3 and 4: Contributions in brief UCE (Univers
Page 5 and 6: RSA-OAEP [BR94] Theorem: In the ROM
Page 7 and 8: ROM Critiques Step 1: Prove securit
Page 9 and 10: The debate continues … The RO par
Page 11 and 12: The core problem: Lack of a definit
Page 13 and 14: Want: Instantiable RO Paradigm Step
Page 15 and 16: Contributions in brief UCE (Univers
Page 17 and 18: UCE x1 x x 2 n S H K H K Y 1 Y 0 :
Page 19 and 20: UCE x1 x x 2 n S H K H K Y 1 Y 0 :
Page 21 and 22: UCE: Formally is UCE-secure if is n
Page 23 and 24: UCE generalizes existing definition
Page 25 and 26: UCE generalizes existing definition
Page 27 and 28: UCE: Features and Limitations Allow
Page 29 and 30: Instantiating EwH ROM EwH D-PKE sch
Page 31 and 32: Why it works Claim 1: S is unpredic
Page 33 and 34: More instantiations in the same vei
Page 35 and 36: Multi-key UCE We also give a defini
Page 37 and 38: KDM-secure encryption [CL01,BRS02]
Page 39 and 40: Strength of UCE Is UCE too ``close
Page 41: A vision of ROM-based cryptography

slides - Stanford Crypto Group

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?