## Cryptology ePrint Archive: Report 2009/550

How to Construct Cryptosystems and Hash Functions in Weakened Random Oracle Models

Yusuke Naito and Lei Wang and Kazuo Ohta

Abstract: In this paper, we discuss how to construct secure cryptosystems and secure hash functions in weakened random oracle models.

~~~~The weakened random oracle model ($\wrom$), which was introduced by Numayama et al. at PKC 2008, is a random oracle with several weaknesses. Though the security of cryptosystems in the random oracle model, $\rom$, has been discussed sufficiently, the same is not true for $\wrom$. A few cryptosystems have been proven secure in $\wrom$. In this paper, we will propose a new conversion that can convert \emph{any} cryptosystem secure in $\rom$ to a new cryptosystem that is secure in the first preimage tractable random oracle model $\fptrom$ \emph{without re-proof}. $\fptrom$ is $\rom$ without preimage resistance and so is the weakest of the $\wrom$ models. Since there are many secure cryptosystems in $\rom$, our conversion can yield many cryptosystems secure in $\fptrom$.

~~~~The fixed input length weakened random oracle model, $\filwrom$, introduced by Liskov at SAC 2006, reflects the known weakness of compression functions. We will propose new hash functions that are indifferentiable from $\ro$ when the underlying compression function is modeled by a two-way partially-specified preimage-tractable fixed input length random oracle model ($\wfilrom$). $\wfilrom$ is $\filrom$ without two types of preimage resistance and is the weakest of the $\filwrom$ models. The proposed hash functions are more efficient than the existing hash functions which are indifferentiable from $\ro$ when the underlying compression function is modeled by $\wfilrom$.

Category / Keywords: Random oracle model, variable input length weakened random oracle model, fixed input length weakened random oracle model, hash functions, indifferentiability