Cryptology ePrint Archive: Report 2014/867
Random-Oracle Uninstantiability from Indistinguishability Obfuscation
Christina Brzuska and Pooya Farshim and Arno Mittelbach
Abstract: Assuming the existence of indistinguishability obfuscation (iO), we show that a number of prominent transformations in the random-oracle model are uninstantiable in the standard model. We start by showing that the Encrypt-with-Hash transform of Bellare, Boldyreva and O'Neill (CRYPTO 2007) for converting randomized public-key encryption schemes to deterministic ones is not instantiable in the standard model. To this end, we build on the recent work of Brzuska, Farshim and Mittelbach (CRYPTO 2014) and rely on the existence of iO for circuits or iO for Turing machines to derive uninstantiability for hash functions of a priori bounded polynomial size and arbitrary polynomial size, respectively. The techniques that we use to establish this result are flexible and lend themselves to a number of other transformations such as the classical Fujisaki--Okamoto transform (CRYPTO 1998) and transformations akin to those by Bellare and Keelveedhi (CRYPTO 2011) and Douceur et al. (ICDCS 2002) for obtaining KDM-secure encryption and de-duplication schemes respectively. Our results call for a re-assessment of scheme design in the random-oracle model and highlight the need for new transforms that do not suffer from iO-based attacks.
Category / Keywords: foundations / Random oracle, uninstantiability, indistinguishability obfuscation, deterministic PKE, hedged PKE, message-locked encryption, Fujisaki-Okamoto, KDM security, UCE.
Original Publication (with major differences): IACR-TCC-2015
Date: received 21 Oct 2014, last revised 15 Feb 2015
Contact author: arno mittelbach at cased de
Available format(s): PDF | BibTeX Citation
Version: 20150215:132438 (All versions of this report)
Short URL: ia.cr/2014/867
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]