### Abstract

The Random Oracle Model and the Ideal Cipher Model are two of the most popular idealized models in cryptography. It is a fundamentally important practical and theoretical problem to compare the relative strengths of these models and to see how they relate to each other. Recently, Coron et al. [8] proved that one can securely instantiate a random oracle in the ideal cipher model. In this paper, we investigate if it is possible to instantiate an ideal block cipher in the' random oracle model, which is a considerably more challenging question. We conjecture that the Luby-Rackoff construction [19] with a sufficient number of rounds should suffice to show this implication. This does not follow from the famous Luby-Rackoff result [19] showing that 4 rounds are enough to turn a pseudorandom function into a pseudorandom permutation, since the results of the intermediate rounds are known to everybody. As a partial step toward resolving this conjecture, we show that random oracles imply ideal ciphers in the honest-but-curious model, where all the participants are assumed to follow the protocol, but keep all their intermediate results. Namely, we show that the Luby-Rackoff construction with a superlogarithmic number of rounds can be used to instantiate the ideal block cipher in any honest-but-curious cryptosystem, and result in a similar honest-but-curious cryptosystem in the random oracle model. We also show that securely instantiating the ideal cipher using the Luby Rackoff construction with upto a logarithmic number of rounds is equivalent in the honest-but-curious and malicious models.

Original language | English (US) |
---|---|

Title of host publication | Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings |

Pages | 184-206 |

Number of pages | 23 |

Volume | 3876 LNCS |

DOIs | |

State | Published - 2006 |

Event | 3rd Theory of Cryptography Conference, TCC 2006 - New York, NY, United States Duration: Mar 4 2006 → Mar 7 2006 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 3876 LNCS |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 3rd Theory of Cryptography Conference, TCC 2006 |
---|---|

Country | United States |

City | New York, NY |

Period | 3/4/06 → 3/7/06 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Biochemistry, Genetics and Molecular Biology(all)
- Theoretical Computer Science

### Cite this

*Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings*(Vol. 3876 LNCS, pp. 184-206). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS). https://doi.org/10.1007/11681878_10

**On the relation between the Ideal Cipher and the Random Oracle Models.** / Dodis, Yevgeniy; Puniya, Prashant.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings.*vol. 3876 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3876 LNCS, pp. 184-206, 3rd Theory of Cryptography Conference, TCC 2006, New York, NY, United States, 3/4/06. https://doi.org/10.1007/11681878_10

}

TY - GEN

T1 - On the relation between the Ideal Cipher and the Random Oracle Models

AU - Dodis, Yevgeniy

AU - Puniya, Prashant

PY - 2006

Y1 - 2006

N2 - The Random Oracle Model and the Ideal Cipher Model are two of the most popular idealized models in cryptography. It is a fundamentally important practical and theoretical problem to compare the relative strengths of these models and to see how they relate to each other. Recently, Coron et al. [8] proved that one can securely instantiate a random oracle in the ideal cipher model. In this paper, we investigate if it is possible to instantiate an ideal block cipher in the' random oracle model, which is a considerably more challenging question. We conjecture that the Luby-Rackoff construction [19] with a sufficient number of rounds should suffice to show this implication. This does not follow from the famous Luby-Rackoff result [19] showing that 4 rounds are enough to turn a pseudorandom function into a pseudorandom permutation, since the results of the intermediate rounds are known to everybody. As a partial step toward resolving this conjecture, we show that random oracles imply ideal ciphers in the honest-but-curious model, where all the participants are assumed to follow the protocol, but keep all their intermediate results. Namely, we show that the Luby-Rackoff construction with a superlogarithmic number of rounds can be used to instantiate the ideal block cipher in any honest-but-curious cryptosystem, and result in a similar honest-but-curious cryptosystem in the random oracle model. We also show that securely instantiating the ideal cipher using the Luby Rackoff construction with upto a logarithmic number of rounds is equivalent in the honest-but-curious and malicious models.

AB - The Random Oracle Model and the Ideal Cipher Model are two of the most popular idealized models in cryptography. It is a fundamentally important practical and theoretical problem to compare the relative strengths of these models and to see how they relate to each other. Recently, Coron et al. [8] proved that one can securely instantiate a random oracle in the ideal cipher model. In this paper, we investigate if it is possible to instantiate an ideal block cipher in the' random oracle model, which is a considerably more challenging question. We conjecture that the Luby-Rackoff construction [19] with a sufficient number of rounds should suffice to show this implication. This does not follow from the famous Luby-Rackoff result [19] showing that 4 rounds are enough to turn a pseudorandom function into a pseudorandom permutation, since the results of the intermediate rounds are known to everybody. As a partial step toward resolving this conjecture, we show that random oracles imply ideal ciphers in the honest-but-curious model, where all the participants are assumed to follow the protocol, but keep all their intermediate results. Namely, we show that the Luby-Rackoff construction with a superlogarithmic number of rounds can be used to instantiate the ideal block cipher in any honest-but-curious cryptosystem, and result in a similar honest-but-curious cryptosystem in the random oracle model. We also show that securely instantiating the ideal cipher using the Luby Rackoff construction with upto a logarithmic number of rounds is equivalent in the honest-but-curious and malicious models.

UR - http://www.scopus.com/inward/record.url?scp=33745521293&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745521293&partnerID=8YFLogxK

U2 - 10.1007/11681878_10

DO - 10.1007/11681878_10

M3 - Conference contribution

AN - SCOPUS:33745521293

SN - 3540327312

SN - 9783540327318

VL - 3876 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 184

EP - 206

BT - Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings

ER -