2 research outputs found
Query-Complexity Amplification for Random Oracles
Increasing the computational complexity of evaluating a hash
function, both for the honest users as well as for an
adversary, is a useful technique employed for example in
password-based cryptographic schemes to impede brute-force
attacks, and also in so-called proofs of work (used in
protocols like Bitcoin) to show that a certain amount of
computation was performed by a legitimate user. A natural
approach to adjust the complexity of a hash function is to
iterate it ~times, for some parameter
, in the hope that any query to the scheme
requires evaluations of the underlying
hash function. However, results by Dodis et al. (Crypto
2012) imply that plain iteration falls short of achieving
this goal, and designing schemes which provably have such a
desirable property remained an open problem.
This paper formalizes explicitly what it means for a given
scheme to amplify the query complexity of a hash function.
In the random oracle model, the goal of a secure
query-complexity amplifier (QCA) scheme is captured as
transforming, in the sense of indifferentiability, a random
oracle allowing queries (for the adversary)
into one provably allowing only
queries. Turned around, this means that making
queries to the scheme requires at least
queries to the actual random oracle. Second,
a new scheme, called collision-free iteration, is proposed and
proven to achieve -fold QCA for both the
honest parties and the adversary, for any fixed
parameter~
Query-Complexity Amplification for Random Oracles *
Abstract Increasing the computational complexity of evaluating a hash function, both for the honest users as well as for an adversary, is a useful technique employed for example in password-based cryptographic schemes to impede brute-force attacks, and also in so-called proofs of work (used in protocols like Bitcoin) to show that a certain amount of computation was performed by a legitimate user. A natural approach to adjust the complexity of a hash function is to iterate it c times, for some parameter c, in the hope that any query to the scheme requires c evaluations of the underlying hash function. However, results by Dodis et al. (Crypto 2012) imply that plain iteration falls short of achieving this goal, and designing schemes which provably have such a desirable property remained an open problem. This paper formalizes explicitly what it means for a given scheme to amplify the query complexity of a hash function. In the random oracle model, the goal of a secure querycomplexity amplifier (QCA) scheme is captured as transforming, in the sense of indifferentiability, a random oracle allowing R queries (for the adversary) into one provably allowing only r < R queries. Turned around, this means that making r queries to the scheme requires at least R queries to the actual random oracle. Second, a new scheme, called collision-free iteration, is proposed and proven to achieve c-fold QCA for both the honest parties and the adversary, for any fixed parameter c