In this paper we study one-round key-agreement protocols analogous to Merkle’s puzzles in the random oracle model. The players Alice and Bob are allowed to query a random permutation oracle n times and upon their queries and communication, they both output the same key with high probability. We prove that Eve can always break such a protocol by querying the oracle O(n) times. The long-time unpr...

In this article, it is discussed how to construct a compression function with 2n-bit output using a component function with n-bit output. The component function is either a smaller compression function or a block cipher. Some constructions are presented which compose collision-resistant hash functions: Any collision-finding attack on them is at most as efficient as a birthday attack in the rand...

I. Reconstruction functions: Demonstration code: 1. xout=ADMM WT(S,b,param) Demo ADMM WT.m 2. xout=ADMM WT CT(S,b,param) Demo ADMM WT CT.m 3. xout=ADMM outer(S,b) Demo Multiscale ADMM WT CT.m. II. Sampling functions: Demonstration code: 1. S = Oracle Random Sampling( x0, sp ) Demo Oracle Random Sampling.m 2. S = Oracle Random Sampling with PCA( x0, sp, Spilot ) Demo Oracle Random Sampling with ...

Multiple-bank e-cash (electronic cash) model allows users and merchants to open their accounts at different banks which are monitored by the Center Bank. Some multiple-bank e-cash systems were proposed in recent years. However, prior implementations of multiple-bank e-cash all require the random oracle model idealization in their security analysis. We know some schemes are secure in the random ...

Strongly unforgeable signature schemes provide a more stringent security guarantee than the standard existential unforgeability. It requires that not only forging a signature on a new message is hard, it is infeasible as well to produce a new signature on a message for which the adversary has seen valid signatures before. Strongly unforgeable signatures are useful both in practice and as a buil...

In this work we study the feasibility of achieving simulation security in functional encryption (FE) in the random oracle model. Our main result is negative in that we give a functionality for which it is impossible to achieve simulation security even with the aid of random oracles. We begin by giving a formal definition of simulation security that explicitly incorporates the random oracles. Ne...

We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC’ 89). Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave an n query key exchange protocol i...

We analyze the concrete security of a hash-based signature scheme described in the most recent Internet Draft by McGrew, Fluhrer and Curcio. We perform this analysis in the random-oracle model, where the Merkle-Damgård hash compression function is models as the random oracle. We show that, even with a large number of different keys the attacker can choose from, and a huge computational budget, ...

In this short paper, we present a Fiat-Shamir type transform that takes any Sigma protocol for a relation R and outputs a non-interactive zero-knowledge proof (not of knowledge) for the associated language LR, in the common reference string model. As in the Fiat-Shamir transform, we use a hash function H. However, zero-knowledge is achieved under standard assumptions in the common reference str...

We submitted a public-key encryption scheme, EPOC, and digital signature scheme, TSH-ESIGN, to IEEE P1363a. The security of EPOC and TSH-ESIGN is based on the intractability of factoring n = pq, where p and q are primes. TSH-ESIGN is also based on the intractability of the approximate e-th root (AERP) assumption, which is the approximate version of the RSA assumption. This draft describes the l...