1 research outputs found
How to Prove the Security of Practical Cryptosystems with Merkle-Damgård Hashing by Adopting Indifferentiability
In this paper, we show that major cryptosystems such as FDH, OAEP, and RSA-KEM are secure
under a hash function with Merkle-Damgård (MD) construction that uses a random oracle compression function .
First, we propose two new ideal primitives called Traceable Random
Oracle () and Extension Attack Simulatable Random Oracle () which are weaker than a random oracle ().
Second, we show that is indifferentiable from , and ,
where is Leaky Random Oracle proposed by Yoneyama et al.
This result means that if a cryptosystem is secure in these models,
then the cryptosystem is secure under following the indifferentiability theory proposed by Maurer et al.
Finally, we prove that OAEP is secure in the model and RSA-KEM is secure in the model.
Since it is also known that FDH is secure in the model, as a result, major cryptosystems, FDH, OAEP and RSA-KEM, are secure under , though is not indifferentiable from