On the hash function of ODH assumption
نویسندگان
چکیده
M. Abdalla, M. Bellare and P. Rogaway proposed a variation of Diffie-Hellman assumption named as oracle Diffie-Hellman(ODH) assumption. They recommend to use a one-way cryptographic hash function for the ODH assumption. We notice that if the hash function is just one-way then there will be an attack. We show that if the the hash function is non-malleable then the computational version of ODH assumption can be reduced to the computational Diffie-Hellman(CDH) assumption. But we can not reduce the ODH assumption to the decisional Diffie-Hellman(DDH) even if the hash function is non-malleable. It seems that we need a random oracle hash function to reduce the ODH assumption to the DDH assumption.
منابع مشابه
An Improved Hash Function Based on the Tillich-Zémor Hash Function
Using the idea behind the Tillich-Zémor hash function, we propose a new hash function. Our hash function is parallelizable and its collision resistance is implied by a hardness assumption on a mathematical problem. Also, it is secure against the known attacks. It is the most secure variant of the Tillich-Zémor hash function until now.
متن کاملEfficient chosen ciphertext secure PKE scheme with short ciphertext
Kurosawa and Matsuo[1] showed that MAC can be removed from DHIES while the underlying symmetric-key encryption(SKE) scheme is secure against adaptive chosen ciphertext attacks(INDCCA). We construct a variant of DHIES which eliminate the MAC while the SKE scheme is secure against passive attacks(IND-PA). Since IND-PA is the basic requirement of SKE schemes, the new scheme is more flexible than [...
متن کاملPRF-ODH: Relations, Instantiations, and Impossibility Results
The pseudorandom-function oracle-Diffie–Hellman (PRF-ODH) assumption has been introduced recently to analyze a variety of DH-based key exchange protocols, including TLS 1.2 and the TLS 1.3 candidates, as well as the extended access control (EAC) protocol. Remarkably, the assumption comes in different flavors in these settings and none of them has been scrutinized comprehensively yet. In this pa...
متن کاملA NEW SECRET SHARING SCHEME ADVERSARY FUZZY STRUCTURE BASED ON AUTOMATA
In this paper,we introduce a new verifiable multi-use multi-secretsharing scheme based on automata and one-way hash function. The scheme has theadversary fuzzy structure and satisfy the following properties:1) The dealer can change the participants and the adversary fuzzy structure without refreshing any participants' real-shadow. 2) The scheme is based on the inversion of weakly invertible fin...
متن کاملInvestigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants
In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respec...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2007 شماره
صفحات -
تاریخ انتشار 2007