Sciweavers

Share
ASIACRYPT
2008
Springer

Limits of Constructive Security Proofs

8 years 5 months ago
Limits of Constructive Security Proofs
The collision-resistance of hash functions is an important foundation of many cryptographic protocols. Formally, collision-resistance can only be expected if the hash function in fact constitutes a parametrized family of functions, since for a single function, the adversary could simply know a single hard-coded collision. In practical applications, however, unkeyed hash functions are a common choice, creating a gap between the practical application and the formal proof, and, even more importantly, the concise mathematical definitions. A pragmatic way out of this dilemma was recently formalized by Rogaway: instead of requiring that no adversary exists that breaks the protocol (existential security), one requires that given an adversary that breaks the protocol, we can efficiently construct a collision of the hash function using an explicitly given reduction (constructive security). In this paper, we show the limits of this approach: We give a protocol that is existentially secure, but t...
Michael Backes, Dominique Unruh
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where ASIACRYPT
Authors Michael Backes, Dominique Unruh
Comments (0)
books