Limits of Constructive Security Proofs

8 years 5 months ago
Limits of Constructive Security Proofs
The collision-resistance of hash functions is an important foundation of many cryptographic protocols. Formally, collision-resistance can only be expected if the hash function in fact constitutes a parametrized family of functions, since for a single function, the adversary could simply know a single hard-coded collision. In practical applications, however, unkeyed hash functions are a common choice, creating a gap between the practical application and the formal proof, and, even more importantly, the concise mathematical definitions. A pragmatic way out of this dilemma was recently formalized by Rogaway: instead of requiring that no adversary exists that breaks the protocol (existential security), one requires that given an adversary that breaks the protocol, we can efficiently construct a collision of the hash function using an explicitly given reduction (constructive security). In this paper, we show the limits of this approach: We give a protocol that is existentially secure, but t...
Michael Backes, Dominique Unruh
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Authors Michael Backes, Dominique Unruh
Comments (0)