Cryptology ePrint Archive: Report 2017/517

PRF-ODH: Relations, Instantiations, and Impossibility Results

Jacqueline Brendel and Marc Fischlin and Felix Günther and Christian Janson

Abstract: The pseudorandom-function oracle-Diffie–Hellman (PRF-ODH) assumption has been introduced recently to analyze a variety of DH-based key exchange protocols, including TLS 1.2 and the TLS 1.3 candidates, as well as the extended access control (EAC) protocol. Remarkably, the assumption comes in different flavors in these settings and none of them has been scrutinized comprehensively yet. In this paper here we therefore present a systematic study of the different PRF-ODH variants in the literature. In particular, we analyze their strengths relative to each other, carving out that the variants form a hierarchy. We further investigate the boundaries between instantiating the assumptions in the standard model and the random oracle model. While we show that even the strongest variant is achievable in the random oracle model under the strong Diffie–Hellman assumption, we provide a negative result showing that it is implausible to instantiate even the weaker variants in the standard model via algebraic black-box reductions to common cryptographic problems.

Category / Keywords: PRF-ODH, key exchange

Original Publication (with major differences): IACR-CRYPTO-2017

Date: received 2 Jun 2017, last revised 26 Sep 2017

Contact author: jacqueline brendel at cryptoplexity de

Available format(s): PDF | BibTeX Citation

Version: 20170926:135012 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]