Download Now Free registration required
The notion of indifferentiability was introduced and tailored for security analysis of hash function constructions, making indifferentiability from a random oracle the desired property for any hash function design. However, the widely accepted view that a construction enjoying such a proof with an underlying ideal compression function can replace the random oracle in any application without compromising security is not justified in certain settings, as pointed out recently. In this paper, the authors argue that one general reason for such a failure is the inflexibility of the indifferentiability notion with respect to more complex restrictions on resources (such as memory, randomness) available to the attacker.
- Format: PDF
- Size: 432.92 KB