Article

Free access

Random oracles are practical: a paradigm for designing efficient protocols

Authors:

Mihir Bellare and

Phillip RogawayAuthors Info & Claims

CCS '93: Proceedings of the 1st ACM conference on Computer and communications security

December 1993

Pages 62 - 73

https://doi.org/10.1145/168588.168596

Published: 01 December 1993 Publication History

Abstract

We argue that the random oracle model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P^R for the random oracle model, and then replacing oracle accesses by the computation of an “appropriately chosen” function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including encryption, signatures, and zero-knowledge proofs.

References

[1]

D. BBAVBR, S. MICALI AND P. ROGAWAY, "The round complexity of secure protocols," STOC 90.]]

[2]

l~. BELLARE AND S. MICALI, "How to sign given any trapdoor permutation," JACM Vol. 39, No. I, 214-233, January 1992.]]

Digital Library

[3]

L. BLUM, M. BLUM AND M. SHUB, "A simple unpredictable pseudo-random number generator," SIAM Journa/on Computing Vol. 15, No. 2, 364-383, May 1986.]]

Digital Library

[4]

M. BLUM AND S. GOLDWASSBrt, "An efficient probabilistic public-key encryption scheme which hides all partial information," Crypto 84.]]

Digital Library

[5]

M. BLUM AND S. MIOALI, "How to generate cryptographically strong sequences of pseudo-random bits," SIAM Journal on Computing, Vol. 13, No. 4, 850-864, November 1984.]]

Digital Library

[6]

M. BLUM, P. FELDMAN AND S. MIOALI, "Noninteractive zero knowledge and its applications," STOC 88.]]

Digital Library

[7]

M. BLtrM, A. DB SA~TIS, S. MICALI AND G. PBR- SIANO, "Non-interactive zero-knowledge proof systems," SIAM Journal on Computing, 20(4), 1084-1118 (December 1991).]]

Digital Library

[8]

B. D~.N BOER AND A. BOSSELAERS, "Collisions for the compression function of MDS," Eurocrypt 93.]]

Digital Library

[9]

G. BRASSARD, D. CHAUM AND C. CB~PBAU, "Minimum disclosure proofs of knowledge," JCSS Vol. 37, No. 2, 156-189, October 1988.]]

Digital Library

[10]

i. DAMG~RD, "Towards practical public key cryptosystems secure against chosen ciphertext attacks," Crypto 91.]]

Digital Library

[11]

A. DE SANTIS AND G. PER$IANO, "Zero-knowledge proofs of knowledge without interaction" FOCS 92.]]

Digital Library

[12]

W. DIFFIE AND M. E. HELLMAN, "New directions in cryptography," IEEE Trans. in.fo. Theory IT-22, 644- 654 (November 1976).]]

[13]

D. DOLBV, C. DwoP~ AND M. NAOR, "Non-malleable cryptography," STOC 91.]]

Digital Library

[14]

A. FIAT AND A. SHAMIR, "How to prove yourself: practical solutions to identification and signature problems," Crypto 86.]]

Digital Library

[15]

U. FZIGB, A. FIAT AND A. SHAMIR, "Zero knowledge proofs of identity," Journal of Cryptology, Vol. 1, pp. 77-94 (1987).]]

Digital Library

[16]

U. FBmB, D. LAPmOT, AND A. SHAMm, "Multiple non-interactive zero-knowledge proofs based on a single random string," FOCS 90.]]

[17]

Z. GALIL, S. HABBR AND M. YUNG, "Symmetric pub. lic key cryptosystems," manuscript, July 1989.]]

[18]

0. GOLDREICH, "A uniform complexity treatment of encryption and zero-knowledge," Journal of Cryptology, Vol. 6, pp. 21-53 (1993).]]

Digital Library

[19]

O. GOLDI~ICH, "Foundations of cryptography," Class notes, Spring 1989, Technion University.]]

Digital Library

[20]

O. GOLDREICH, S. GOLDWASESR AND S. MICALI, "How to construct random functions," Journa/of She ACM, Vol. 33, No. 4, 210-217, (1986).]]

Digital Library

[21]

O. GOLDI~ICH, S. GOLDWASSBR AND S. MICALI, "On the cryptographic applications of random functions," Crypto 84.]]

Digital Library

[22]

O. GOLDRBICH AND H. KRAWOZYK, "On the composition of zero knowledge proof systems," ICALP 90.]]

Digital Library

[23]

O. GOLDREIOH AND L. LEVIN, "A hard predicate for all one-way functions," STOC 89.]]

Digital Library

[24]

S. GOLDWASSBR AND S. MICALI, "Probabilistic encryption," J. o/' Computer and System Sciences 28, 270-299, April 1984.]]

[25]

S. GOLDWA$SER, S. MICALI AND C. I~kCKOFF, "The knowledge complexity of interactive proof systems," SIAM J. of Comp., Vol. 18, No. i, pp. 186-208, February 1989.]]

Digital Library

[26]

S. GOLDWASSBR, S. MICALI AND R. RIVEST, "A digital signature scheme secure against adaptive chosenmessage attacks," SIAM Journa/ of Computing, 17(2):281-308, April 1988.]]

Digital Library

[27]

R. IMPAGLIAZZO AND S. RUDICH, "Limits on the provable consequences of one-way permutations," STOC 89.]]

Digital Library

[28]

T. LEIGHTON AND S. MICALI, "Provably fast and secure digital signature algorithms based on secure hash functions," Manuscript, March 1993.]]

[29]

T. LEIGHTON AND S. MICALI, "New approaches to secret key exchange," Crypto 93.]]

[30]

M. LuBY AND C. RACKOFF, "How to construct pseudorandom permutations from pseudorandom functions," SIAM J. Computation, Vol. 17, No. 2, April 1988.]]

Digital Library

[31]

M. LUBY AND C. RACKOFF, aA study of password security," manuscript.]]

[32]

S. MICALI, "CS proofs," Manuscript.]]

[33]

S. MICALI, C. I~ACKOFF AND B. SLOAN, "The notion of security for probabilistic cryptosystems," SIAM J. of Computing, April 1988.]]

Digital Library

[34]

M. NAOR AND M. YUNG, "Public-key cryptosystems provably secure against chosen ciphertext attacks," STOC 90.]]

Digital Library

[35]

M. RABIN, "Digitalized signatures and public-key functions as intractable as factorization," MIT Laboratory for Computer Science TR-212, January 1979.]]

Digital Library

[36]

C. RACKOFF AND D. SIMON, "Non-interactive zeroknowledge proof of knowledge and chosen ciphertext attack," Crypto 91.]]

Digital Library

[37]

R. RIVBST, "The MD5 message-digest algorithm," IETF Network Working Group, RFC 1321, April 1992.]]

Digital Library

[38]

R. RIVEST, A. SHAMIR, AND L. ADLEMAN, "A method for obtaining digital signatures and public key cryptosystems," CACM 21 (1978).]]

Digital Library

[39]

RSA DATA SECURITY, INC., "PKCS #i: RSA Encryption Standard," June 1991]]

[40]

P. ROGAWAY AND B. BLAKLBY, "An asymmetric authentication protocol," IBM Technical Disclosure Bulletin (1993).]]

[41]

G. TSUDIK, "Message authentication with one-way hash functions," IEEE INFOCOM '92.]]

Digital Library

[42]

H. WILLIA}~IS, "A modification of the RSA public key encryption procedure," IEEE ~ransacfions on Information Theory, Vol. IT-26, No. 6, November 1980.]]

[43]

A. YAO, "Theory and apphcations of trapdoor functions," FOCS 82.]]

[44]

Y. ZH~NG AND J. SBBBRP~Y, "Practical approaches to attaining security against adaptively chosen ciphertext attacks," Crypto 92.]]

Digital Library

Cited By

Wang JWang SWen KWeng BZhou XChen K(2024)An ECC-Based Authentication Protocol for Dynamic Charging System of Electric VehiclesElectronics10.3390/electronics1306110913:6(1109)Online publication date: 18-Mar-2024
https://doi.org/10.3390/electronics13061109
Yu WZhang RMa MWang C(2024)A Noval and Efficient Three-Party Identity Authentication and Key Negotiation Protocol Based on Elliptic Curve Cryptography in VANETsElectronics10.3390/electronics1302044913:2(449)Online publication date: 22-Jan-2024
https://doi.org/10.3390/electronics13020449
Yan ZLin XZhang XXu JQu H(2024)Identity-Based Matchmaking Encryption with Equality TestEntropy10.3390/e2601007426:1(74)Online publication date: 15-Jan-2024
https://doi.org/10.3390/e26010074
Show More Cited By

Index Terms

Random oracles are practical: a paradigm for designing efficient protocols
1. Mathematics of computing
  1. Probability and statistics
    1. Probabilistic reasoning algorithms
      1. Random number generation
2. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
  2. Systems security
    1. Operating systems security

Recommendations

Secure universal designated verifier signature without random oracles

In Asiacrypt 2003, the concept of universal designated verifier signature (UDVS) was introduced by Steinfeld, Bull, Wang and Pieprzyk. In the new paradigm, any signature holder (not necessarily the signer) can designate the publicly verifiable signature ...
Read More
Designated verifier proxy signature scheme without random oracles

In a designated verifier proxy signature scheme, one can delegate his or her signing capability to another user in such a way that the latter can sign messages on behalf of the former, but the validity of the resulting signatures can only be verified by ...
Read More
Secure public-key encryption scheme without random oracles

Since the first practical and secure public-key encryption scheme without random oracles proposed by Cramer and Shoup in 1998, Cramer-Shoup's scheme and its variants remained the only practical and secure public-key encryption scheme without random ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '93: Proceedings of the 1st ACM conference on Computer and communications security

December 1993

250 pages

ISBN:0897916298

DOI:10.1145/168588

Chairmen:
Dorothy Denning
Georgetown Univ., Washington, DC
,
Ray Pyle
Bell Atlantic
,
Ravi Ganesan
Bell Atlantic
,
Ravi Sandhu
George Mason Univ., Fairfax, VA
,
Victoria Ashby
MITRE Corp.

Copyright © 1993 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 1993

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

CCS93

Sponsor:

SIGSAC

CCS93: 1st ACM Conference on Communications and Computing Security

November 3 - 5, 1993

Virginia, Fairfax, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3,214
Total Citations
View Citations
6,523
Total Downloads

Downloads (Last 12 months)943
Downloads (Last 6 weeks)117

Other Metrics

View Author Metrics

Citations

Cited By

Wang JWang SWen KWeng BZhou XChen K(2024)An ECC-Based Authentication Protocol for Dynamic Charging System of Electric VehiclesElectronics10.3390/electronics1306110913:6(1109)Online publication date: 18-Mar-2024
https://doi.org/10.3390/electronics13061109
Yu WZhang RMa MWang C(2024)A Noval and Efficient Three-Party Identity Authentication and Key Negotiation Protocol Based on Elliptic Curve Cryptography in VANETsElectronics10.3390/electronics1302044913:2(449)Online publication date: 22-Jan-2024
https://doi.org/10.3390/electronics13020449
Yan ZLin XZhang XXu JQu H(2024)Identity-Based Matchmaking Encryption with Equality TestEntropy10.3390/e2601007426:1(74)Online publication date: 15-Jan-2024
https://doi.org/10.3390/e26010074
Hu SJiang SMiao QYang FZhou WDuan P(2024)Provably Secure ECC-Based Anonymous Authentication and Key Agreement for IoTApplied Sciences10.3390/app1408318714:8(3187)Online publication date: 10-Apr-2024
https://doi.org/10.3390/app14083187
Coladangelo AMajenz CPoremba A(2024)Quantum copy-protection of compute-and-compare programs in the quantum random oracle modelQuantum10.22331/q-2024-05-02-13308(1330)Online publication date: 2-May-2024
https://doi.org/10.22331/q-2024-05-02-1330
Zhang ZWang QYing M(2024)Parallel Quantum Algorithm for Hamiltonian SimulationQuantum10.22331/q-2024-01-15-12288(1228)Online publication date: 15-Jan-2024
https://doi.org/10.22331/q-2024-01-15-1228
Shafarenko A(2024)Winternitz stack protocols for embedded systems and IoTCybersecurity10.1186/s42400-024-00225-97:1Online publication date: 4-Apr-2024
https://doi.org/10.1186/s42400-024-00225-9
Liu FZheng ZGong ZTian KZhang YHu ZLi JXu Q(2024)A survey on lattice-based digital signatureCybersecurity10.1186/s42400-023-00198-17:1Online publication date: 1-Apr-2024
https://doi.org/10.1186/s42400-023-00198-1
Bazzi RTucci-Piergiovanni SKuznetsov PGelles ROlivetti D(2024)The Fractional Spending Problem: Executing Payment transactions in parallel with less than f+1 validationsProceedings of the 43rd ACM Symposium on Principles of Distributed Computing10.1145/3662158.3662817(295-305)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3662158.3662817
Yamakawa TZhandry M(2024)Verifiable Quantum Advantage without StructureJournal of the ACM10.1145/365866571:3(1-50)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3658665
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents