On the relation between the Ideal Cipher and the Random Oracle Models

Yevgeniy Dodis, Prashant Puniya

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Random Oracle Model and the Ideal Cipher Model are two of the most popular idealized models in cryptography. It is a fundamentally important practical and theoretical problem to compare the relative strengths of these models and to see how they relate to each other. Recently, Coron et al. [8] proved that one can securely instantiate a random oracle in the ideal cipher model. In this paper, we investigate if it is possible to instantiate an ideal block cipher in the' random oracle model, which is a considerably more challenging question. We conjecture that the Luby-Rackoff construction [19] with a sufficient number of rounds should suffice to show this implication. This does not follow from the famous Luby-Rackoff result [19] showing that 4 rounds are enough to turn a pseudorandom function into a pseudorandom permutation, since the results of the intermediate rounds are known to everybody. As a partial step toward resolving this conjecture, we show that random oracles imply ideal ciphers in the honest-but-curious model, where all the participants are assumed to follow the protocol, but keep all their intermediate results. Namely, we show that the Luby-Rackoff construction with a superlogarithmic number of rounds can be used to instantiate the ideal block cipher in any honest-but-curious cryptosystem, and result in a similar honest-but-curious cryptosystem in the random oracle model. We also show that securely instantiating the ideal cipher using the Luby Rackoff construction with upto a logarithmic number of rounds is equivalent in the honest-but-curious and malicious models.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings
Pages184-206
Number of pages23
Volume3876 LNCS
DOIs
StatePublished - 2006
Event3rd Theory of Cryptography Conference, TCC 2006 - New York, NY, United States
Duration: Mar 4 2006Mar 7 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3876 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other3rd Theory of Cryptography Conference, TCC 2006
CountryUnited States
CityNew York, NY
Period3/4/063/7/06

Fingerprint

Random Oracle Model
Random Oracle
Block Cipher
Cryptosystem
Cryptography
Model
Pseudorandom Function
Logarithmic
Permutation
Sufficient
Partial
Imply

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., & Puniya, P. (2006). On the relation between the Ideal Cipher and the Random Oracle Models. In Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings (Vol. 3876 LNCS, pp. 184-206). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS). https://doi.org/10.1007/11681878_10

On the relation between the Ideal Cipher and the Random Oracle Models. / Dodis, Yevgeniy; Puniya, Prashant.

Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS 2006. p. 184-206 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y & Puniya, P 2006, On the relation between the Ideal Cipher and the Random Oracle Models. in Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. vol. 3876 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3876 LNCS, pp. 184-206, 3rd Theory of Cryptography Conference, TCC 2006, New York, NY, United States, 3/4/06. https://doi.org/10.1007/11681878_10
Dodis Y, Puniya P. On the relation between the Ideal Cipher and the Random Oracle Models. In Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS. 2006. p. 184-206. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11681878_10
Dodis, Yevgeniy ; Puniya, Prashant. / On the relation between the Ideal Cipher and the Random Oracle Models. Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS 2006. pp. 184-206 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{4aec17ee3bbc495284033e7ce54e45dc,
title = "On the relation between the Ideal Cipher and the Random Oracle Models",
abstract = "The Random Oracle Model and the Ideal Cipher Model are two of the most popular idealized models in cryptography. It is a fundamentally important practical and theoretical problem to compare the relative strengths of these models and to see how they relate to each other. Recently, Coron et al. [8] proved that one can securely instantiate a random oracle in the ideal cipher model. In this paper, we investigate if it is possible to instantiate an ideal block cipher in the' random oracle model, which is a considerably more challenging question. We conjecture that the Luby-Rackoff construction [19] with a sufficient number of rounds should suffice to show this implication. This does not follow from the famous Luby-Rackoff result [19] showing that 4 rounds are enough to turn a pseudorandom function into a pseudorandom permutation, since the results of the intermediate rounds are known to everybody. As a partial step toward resolving this conjecture, we show that random oracles imply ideal ciphers in the honest-but-curious model, where all the participants are assumed to follow the protocol, but keep all their intermediate results. Namely, we show that the Luby-Rackoff construction with a superlogarithmic number of rounds can be used to instantiate the ideal block cipher in any honest-but-curious cryptosystem, and result in a similar honest-but-curious cryptosystem in the random oracle model. We also show that securely instantiating the ideal cipher using the Luby Rackoff construction with upto a logarithmic number of rounds is equivalent in the honest-but-curious and malicious models.",
author = "Yevgeniy Dodis and Prashant Puniya",
year = "2006",
doi = "10.1007/11681878_10",
language = "English (US)",
isbn = "3540327312",
volume = "3876 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "184--206",
booktitle = "Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings",

}

TY - GEN

T1 - On the relation between the Ideal Cipher and the Random Oracle Models

AU - Dodis, Yevgeniy

AU - Puniya, Prashant

PY - 2006

Y1 - 2006

N2 - The Random Oracle Model and the Ideal Cipher Model are two of the most popular idealized models in cryptography. It is a fundamentally important practical and theoretical problem to compare the relative strengths of these models and to see how they relate to each other. Recently, Coron et al. [8] proved that one can securely instantiate a random oracle in the ideal cipher model. In this paper, we investigate if it is possible to instantiate an ideal block cipher in the' random oracle model, which is a considerably more challenging question. We conjecture that the Luby-Rackoff construction [19] with a sufficient number of rounds should suffice to show this implication. This does not follow from the famous Luby-Rackoff result [19] showing that 4 rounds are enough to turn a pseudorandom function into a pseudorandom permutation, since the results of the intermediate rounds are known to everybody. As a partial step toward resolving this conjecture, we show that random oracles imply ideal ciphers in the honest-but-curious model, where all the participants are assumed to follow the protocol, but keep all their intermediate results. Namely, we show that the Luby-Rackoff construction with a superlogarithmic number of rounds can be used to instantiate the ideal block cipher in any honest-but-curious cryptosystem, and result in a similar honest-but-curious cryptosystem in the random oracle model. We also show that securely instantiating the ideal cipher using the Luby Rackoff construction with upto a logarithmic number of rounds is equivalent in the honest-but-curious and malicious models.

AB - The Random Oracle Model and the Ideal Cipher Model are two of the most popular idealized models in cryptography. It is a fundamentally important practical and theoretical problem to compare the relative strengths of these models and to see how they relate to each other. Recently, Coron et al. [8] proved that one can securely instantiate a random oracle in the ideal cipher model. In this paper, we investigate if it is possible to instantiate an ideal block cipher in the' random oracle model, which is a considerably more challenging question. We conjecture that the Luby-Rackoff construction [19] with a sufficient number of rounds should suffice to show this implication. This does not follow from the famous Luby-Rackoff result [19] showing that 4 rounds are enough to turn a pseudorandom function into a pseudorandom permutation, since the results of the intermediate rounds are known to everybody. As a partial step toward resolving this conjecture, we show that random oracles imply ideal ciphers in the honest-but-curious model, where all the participants are assumed to follow the protocol, but keep all their intermediate results. Namely, we show that the Luby-Rackoff construction with a superlogarithmic number of rounds can be used to instantiate the ideal block cipher in any honest-but-curious cryptosystem, and result in a similar honest-but-curious cryptosystem in the random oracle model. We also show that securely instantiating the ideal cipher using the Luby Rackoff construction with upto a logarithmic number of rounds is equivalent in the honest-but-curious and malicious models.

UR - http://www.scopus.com/inward/record.url?scp=33745521293&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745521293&partnerID=8YFLogxK

U2 - 10.1007/11681878_10

DO - 10.1007/11681878_10

M3 - Conference contribution

AN - SCOPUS:33745521293

SN - 3540327312

SN - 9783540327318

VL - 3876 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 184

EP - 206

BT - Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings

ER -