Streebog as a random oracle

L. R. Akhmetzyanova; A. A. Babueva; A. A. Bozhko

Geodesic

Parcourir par

Streebog as a random oracle

L. R. Akhmetzyanova ; A. A. Babueva ; A. A. Bozhko

Prikladnaâ diskretnaâ matematika, no. 2 (2024), pp. 27-42.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

The random oracle model is an instrument used for proving that protocol has no structural flaws when settling with standard hash properties is impossible or fairly difficult. In practice, however, random oracles must be instantiated with some specific hash functions that are not random oracles. Therefore, in the real world an adversary has broader capabilities than considered in the random oracle proof: it can exploit the peculiarities of a specific hash function to achieve its goal. In a case when a hash function is based on some building block, one can go further and show that even if the adversary has access to that building block, the hash function still behaves like a random oracle under some assumptions made about the building block. Thereby, the protocol can be proved secure against more powerful adversaries under less complex assumptions. The notion of indifferentiability formalizes that approach. In this paper, we show that $\mathtt{Streebog}$, a Russian standardized hash function, is indifferentiable from a random oracle under an ideal cipher assumption for the underlying block cipher.

Keywords: GOST, random oracle, indifferentiability.
Mots-clés : Streebog

@article{PDM_2024_2_a3,
     author = {L. R. Akhmetzyanova and A. A. Babueva and A. A. Bozhko},
     title = {Streebog as a random oracle},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {27--42},
     publisher = {mathdoc},
     number = {2},
     year = {2024},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/PDM_2024_2_a3/}
}

TY  - JOUR
AU  - L. R. Akhmetzyanova
AU  - A. A. Babueva
AU  - A. A. Bozhko
TI  - Streebog as a random oracle
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2024
SP  - 27
EP  - 42
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2024_2_a3/
LA  - en
ID  - PDM_2024_2_a3
ER  -

%0 Journal Article
%A L. R. Akhmetzyanova
%A A. A. Babueva
%A A. A. Bozhko
%T Streebog as a random oracle
%J Prikladnaâ diskretnaâ matematika
%D 2024
%P 27-42
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2024_2_a3/
%G en
%F PDM_2024_2_a3

L. R. Akhmetzyanova; A. A. Babueva; A. A. Bozhko. Streebog as a random oracle. Prikladnaâ diskretnaâ matematika, no. 2 (2024), pp. 27-42. http://geodesic.mathdoc.fr/item/PDM_2024_2_a3/

Bibliographie
Cité par

[1] Bellare M. and Rogaway P., “Random oracles are practical: A paradigm for designing efficient protocols”, Proc. 1st ACM Conf. CCS'93, ACM, N.Y., 1993, 62–73

[2] Rescorla E., The Transport Layer Security (TLS) Protocol Version 1.3, RFC 8446, August 2018 https://datatracker.ietf.org/doc/html/rfc8446 | Zbl

[3] Kaufman C., Hoffman P., Nir Y., et al., Internet Key Exchange Protocol Version 2 (IKEv2), RFC 7296, October 2014 https://datatracker.ietf.org/doc/html/rfc7296

[4] Schnorr C. P., “Efficient identification and signatures for smart cards”, LNCS, 435, 1990, 239–252 | MR | Zbl

[5] Pointcheval D. and Stern J., “Security proofs for signature schemes”, LNCS, 1070, 1996, 387–398 | MR | Zbl

[6] Smyshlyaev S., Alekseev E., Griboedova E., et al., GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.3, RFC 9367, February, 2023 https://datatracker.ietf.org/doc/rfc9367

[7] Smyslov V., Using GOST Ciphers in the Encapsulating Security Payload (ESP) and Internet Key Exchange Version 2 (IKEv2) Protocols, RFC 9227, March, 2022 https://datatracker.ietf.org/doc/rfc9227

[8] Smyshlyaev S., Alekseev E., Oshkin I., and Popov V., The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol, RFC 8133, March, 2017 https://datatracker.ietf.org/doc/html/rfc8133

[9] Alekseev E. K. and Smyshlyaev S. V., “On security of the SESPAKE protocol”, Prikladnaya Diskretnaya Matematika, 2020, no. 50, 5–41 (in Russian) | MR | Zbl

[10] Akhmetzyanova L. R., Alekseev E. K., Babueva A. A., and Smyshlyaev S. V., “On methods of shortening ElGamal-type signatures”, Mat. Vopr. Kriptogr., 12:2 (2021), 75–91 | DOI | MR | Zbl

[11] Tessaro S. and Zhu C., “Short pairing-free blind signatures with exponential security”, LNCS, 13276, 2022, 782–811 | MR | Zbl

[12] Vysotskaya V. V. and Chizhov I. V., “The security of the code-based signature scheme based on the Stern identification protocol”, Prikladnaya Diskretnaya Matematika, 2022, no. 57, 67–90 | DOI | MR | Zbl

[13] Coron J. S., Dodis Y., Malinaud C., and Puniya P., “Merkle-Damgård revisited: How to construct a hash function”, LNCS, 3621, 2005, 430–448 | MR | Zbl

[14] Coron J. S., Dodis Y., Malinaud C., and Puniya P., Merkle-Damgård revisited: How to construct a hash function, Full version, 2005 https://cs.nyu.edu/d̃odis/ps/merkle.pdf | MR

[15] Maurer U. M., Renner R., and Holenstein C., “Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology”, LNCS, 2951, 2004, 21–39 | MR | Zbl

[16] GOST R 34.11-2012. Information Technology. Cryptographic Data Security. Hash Function, Standartinform Publ., M., 2012 (in Russian)

[17] Smyshlyaev S. V., Shishkin V. A., Marshalko G. B., et al., “Overview of hash-function GOST R 34.11-2012 cryptoanalysis”, Problemy Informatsionnoy Bezopasnosti. Komp'yuternye Sistemy, 4 (2015), 147–153 (in Russian)

[18] Kiryukhin V., Keyed Streebog is a Secure PRF and MAC, Cryptology Archive, , 2022 https://eprint.iacr.org/2022/972 | MR | Zbl

[19] Ristenpart T., Shacham H., and Shrimpton T., “Careful with composition: Limitations of the indifferentiability framework”, LNCS, 6632, 2011, 487–506 | MR | Zbl

[20] Guo J., Jean J., Leurent G., et al., “The usage of counter revisited: Second-preimage attack on new Russian standardized hash function”, LNCS, 8781, 2014, 195–211 | MR | Zbl