On the Indifferentiable Hash Functions in the Multi-Stage Security Games
It had been widely believed that the indifferentiability framework ensures composition in any security game. However, Ristenpart, Shacham, and Shrimpton (EUROCRYPT 2011) demonstrated that for some multi-stage security, there exists a cryptosystem which is secure in the Random Oracle (RO) model but is broken when some indifferentiable hash function is used. However, this does not imply that for any multi-stage security, any cryptosystem is broken when a RO is replaced with the indifferentiable hash function. They showed that the important multi-stage security: the Chosen-Distribution Attack (CDA) security is preserved for some Public Key Encryption (PKE) schemes when a RO is replaced with the indifferentiable hash function proposed by Dodis, Ristenpart, and Shrimpton (EUROCRYPT 2009).