Cryptology ePrint Archive: Report 2013/509

Replacing a Random Oracle: Full Domain Hash From Indistinguishability Obfuscation

Susan Hohenberger and Amit Sahai and Brent Waters

Abstract: Our main result gives a way to instantiate the random oracle with a concrete hash function in ``full domain hash'' applications. The term full domain hash was first proposed by Bellare and Rogaway and referred to a signature scheme from any trapdoor permutation that was part of their seminal work introducing the random oracle heuristic. Over time the term full domain hash has (informally) encompassed a broader range of notable cryptographic schemes including the Boneh-Franklin IBE scheme and Boneh-Lynn-Shacham (BLS) signatures.

All of the above described schemes required a hash function that had to be modeled as a random oracle to prove security. Our work utilizes recent advances in indistinguishability obfuscation to construct specific hash functions for use in these schemes. We then prove security of the original cryptosystems when instantiated with our specific hash function.

Of particular interest, our work evades the impossibility results of Dodis, Oliveira, and Pietrzak, who showed that there can be no black-box construction of hash functions that allow Full-Domain Hash Signatures to be based on trapdoor permutations, and its extension by Dodis, Haitner, and Tentes to the RSA Full-Domain Hash Signatures. This indicates that our techniques applying indistinguishability obfuscation may be useful in the future for circumventing other such black-box impossibility proofs.

Category / Keywords:

Original Publication (with major differences): IACR-EUROCRYPT-2014

Date: received 16 Aug 2013, last revised 26 Jan 2014

Contact author: bwaters at cs utexas edu

Available format(s): PDF | BibTeX Citation

Note: This is the full version of the work in Eurocrypt 2014.

Version: 20140126:215523 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]