How to Construct Cryptosystems and Hash Functions in Weakened Random Oracle Models

摘要

Weakened Random Oracleモデルでの，暗号アルゴリズムの構成法とハッシュ関数の構成法について議論する．%In this paper, we discuss how to construct secure cryptosystems and secure hash functions in weakened random oracle models. The weakened random oracle model (WROM), which was introduced by Numayama et al. at PKC 2008, re­flects recent attacks on hash functions. Though the security of cryptosystems in the random oracle model, ROM, has been discussed sufficiently, the same is not true for WROM. A few cryptosystems have been proven secure in WROM. In this paper, we will propose a new conversion that can convert any cryptosystem secure in ROM to a new cryptosystem that is secure in the first preimage tractable random oracle model FPT-ROM without re-proof. FPT-ROM is ROM without preimage resistance and so is the weakest of the WROM models. Since there are many secure cryptosystems in ROM, our conversion can yield many cryptosystems secure in FPT-ROM. The fixed input length weakened random oracle model, FIL-WROM, introduced by Liskov at SAC 2006, reflects the known weakness of compression functions. We will propose new hash functions that are indifferentiable from RO when the underlying compression function is modeled by a two-way partially-specified preimage-tractable fixed input length random oracle model (TFILROM). TFILROM is FIL-ROM without two types of preimage resistance and is the weakest of the FIL-WROM models. The proposed hash functions are more efficient than the existing hash functions which are indifferentiable from RO when the underlying compression function is modeled by TFILROM.