Paper 2005/210

The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function

John Black

Abstract

The Ideal-Cipher Model of a blockcipher is a well-known and widely-used model dating back to Shannon and has seen frequent use in proving the security of various cryptographic objects and protocols. But very little discussion has transpired regarding the meaning of proofs conducted in this model or regarding the model's validity. In this paper, we briefly discuss the implications of proofs done in the ideal-cipher model, then show some limitations of the model analogous to recent work regarding the Random-Oracle Model. In particular, we extend work by Canetti, Goldreich and Halevi, and a recent simplification by Maurer, Renner, and Holenstein, to exhibit a blockcipher-based hash function that is provably-secure in the ideal-cipher model but trivially insecure when instantiated by any blockcipher.

Metadata
Available format(s)
PDF PS
Category
Foundations
Publication info
Published elsewhere. Unpublished
Keywords
Ideal-Cipher ModelInformation-Theoretic CryptographyRandom-Oracle Model
Contact author(s)
jrblack @ cs colorado edu
History
2005-07-05: received
Short URL
https://ia.cr/2005/210
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/210,
      author = {John Black},
      title = {The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function},
      howpublished = {Cryptology {ePrint} Archive, Paper 2005/210},
      year = {2005},
      url = {https://eprint.iacr.org/2005/210}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.