Abstract
The collision-resistance of hash functions is an important foundation of many cryptographic protocols. Formally, collision-resistance can only be expected if the hash function in fact constitutes a parametrized family of functions, since for a single function, the adversary could simply know a single hard-coded collision. In practical applications, however, unkeyed hash functions are a common choice, creating a gap between the practical application and the formal proof, and, even more importantly, the concise mathematical definitions.
A pragmatic way out of this dilemma was recently formalized by Rogaway: instead of requiring that no adversary exists that breaks the protocol (existential security), one requires that given an adversary that breaks the protocol, we can efficiently construct a collision of the hash function using an explicitly given reduction (constructive security).
In this paper, we show the limits of this approach: We give a protocol that is existentially secure, but that provably cannot be proven secure using a constructive security proof.
Consequently, constructive security—albeit constituting a useful improvement over the state of the art—is not comprehensive enough to encompass all protocols that can be dealt with using existential security proofs.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Backes, M., Unruh, D.: Limits of constructive security proofs (2008), http://www.infsec.cs.uni-sb.de/~unruh/publications/backes08limits.html
Baker, T., Gill, J., Solovay, R.: Relativizations of the \(\mathrm p\overset?=\mathrm{NP}\) question. SIAM Journal on Computing 4, 431–442 (1975)
Barak, B.: How to go beyond the black-box simulation barrier. In: 42th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2001, pp. 106–115. IEEE Computer Society, Los Alamitos (2001), http://www.wisdom.weizmann.ac.il/~boaz/Papers/nonbb.ps
Damgård, I.: Collision free hash functions and public key signature schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)
Dwork, C., Naor, M.: Zaps and their applications. ECCC TR02-001 (2002), http://eccc.hpi-web.de/eccc-reports/2002/TR02-001/index.html
Fortnow, L.: The role of relativization in complexity theory. Bulletin of the EATCS 52 (February 1994), http://people.cs.uchicago.edu/~fortnow/papers/relative.ps
Goldreich, O.: Foundations of Cryptography, vol. 1 (Basic Tools). Cambridge University Press, Cambridge (August 2001), http://www.wisdom.weizmann.ac.il/~oded/frag.html
Goldreich, O.: Foundations of Cryptography, vol. 2 (Basic Applications). Cambridge University Press, Cambridge (May 2004), http://www.wisdom.weizmann.ac.il/~oded/frag.html
Rogaway, P.: Formalizing human ignorance: Collision-resistant hashing without the keys. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 221–228. Springer, Heidelberg (2006), http://eprint.iacr.org/2006/281
Stinson, D.R.: Some observations on the theory of cryptographic hash functions. IACR ePrint Archive (March 2001), http://eprint.iacr.org/2001/020
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Backes, M., Unruh, D. (2008). Limits of Constructive Security Proofs. In: Pieprzyk, J. (eds) Advances in Cryptology - ASIACRYPT 2008. ASIACRYPT 2008. Lecture Notes in Computer Science, vol 5350. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89255-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-89255-7_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89254-0
Online ISBN: 978-3-540-89255-7
eBook Packages: Computer ScienceComputer Science (R0)