The theory of hash functions and random oracles: an approach to modern cryptography
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Cham, Switzerland
Springer
[2021]
|
| Schriftenreihe: | Information security and cryptography
|
| Schlagworte: | |
| Online-Zugang: | Inhaltsverzeichnis |
| Beschreibung: | xxiii, 788 Seiten Illustrationen, Diagramme |
| ISBN: | 9783030632861 9783030632892 |
Internformat
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV047639500 | ||
| 003 | DE-604 | ||
| 005 | 20240722 | ||
| 007 | t | ||
| 008 | 211214s2021 a||| |||| 00||| eng d | ||
| 020 | |a 9783030632861 |c hbk |9 978-3-030-63286-1 | ||
| 020 | |a 9783030632892 |c pbk |9 978-3-030-63289-2 | ||
| 035 | |a (OCoLC)1322799912 | ||
| 035 | |a (DE-599)BVBBV047639500 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-11 |a DE-355 |a DE-706 | ||
| 082 | 0 | |a 005.8 |2 23 | |
| 084 | |a ST 276 |0 (DE-625)143642: |2 rvk | ||
| 100 | 1 | |a Mittelbach, Arno Andreas |e Verfasser |0 (DE-588)1081959061 |4 aut | |
| 245 | 1 | 0 | |a The theory of hash functions and random oracles |b an approach to modern cryptography |c Arno Mittelbach, Marc Fischlin |
| 264 | 1 | |a Cham, Switzerland |b Springer |c [2021] | |
| 264 | 4 | |c © 2021 | |
| 300 | |a xxiii, 788 Seiten |b Illustrationen, Diagramme | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 490 | 0 | |a Information security and cryptography | |
| 650 | 4 | |a Systems and Data Security | |
| 650 | 4 | |a Principles and Models of Security | |
| 650 | 4 | |a Mobile and Network Security | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Computer networks / Security measures | |
| 650 | 0 | 7 | |a Kryptologie |0 (DE-588)4033329-2 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Hash-Algorithmus |0 (DE-588)4323071-4 |2 gnd |9 rswk-swf |
| 689 | 0 | 0 | |a Hash-Algorithmus |0 (DE-588)4323071-4 |D s |
| 689 | 0 | 1 | |a Kryptologie |0 (DE-588)4033329-2 |D s |
| 689 | 0 | |5 DE-604 | |
| 700 | 1 | |a Fischlin, Marc |d 1973- |e Verfasser |0 (DE-588)12359751X |4 aut | |
| 776 | 0 | 8 | |i Erscheint auch als |n Online-Ausgabe |z 978-3-030-63287-8 |
| 856 | 4 | 2 | |m Digitalisierung UB Regensburg - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=033023720&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-033023720 | |
Datensatz im Suchindex
| _version_ | 1807956474841792512 |
|---|---|
| adam_text |
Contents 1 Formalizing Cryptography. Algorithms, Turing Machines, and Circuits . 1.3.1 Turing Machines. . 1.3.2 Uncomputable Functions. 1.3.3 Circuits: A Non-uniform Computational Model. 1.3.4 Writing Algorithms. 1.3.5 The Security Parameter. 1.3.6 Running Time of Adversaries. 1.4 Complexity Theory. 1.4.1 Easy-to-Decide Languages. 1.4.2 Easy-to-Verify Languages. 1.5 Information-Theoretic Security. 1.5.1 Basic Probability Theory. 1.5.2 Perfect Secrecy. 1.5.3 Shannon’s Theorem. 1.5.4 Measuring Information—Entropy. 1.5.5 A Worst-Case Treatment of Entropy—Min-Entropy. 1.5.6 Key Reuse in One-Time Pads. 1 2 6 10 11 20 21 29 30 33 36 36 38 41 42 45 48 49 53 57 Chapter Notes and References . Exercises.
. Chapter Bibliography . 64 66 67 Foundations. 1.1 Notational Conventions . 1.2 1.3 Part I Foundations of Modern Cryptography 2 71 2.1 The Indispensability of Computational Security. 71 2.2 Bounding Adversarial Resources. 73 2.2.1 Bounding the Success Probability . 75 Computational Security . XV
Contents xvi 2.2.2 Asymptotic vs. Concrete Security . One-Way Functions. 2.3.1 A Game-Based Definition . 2.3.2 Generalized Input Distributions. 2.3.3 Keyed One-Way Functions. 2.4 Security Reductions and Leaky One-Way Functions. 2.5 Computational Security—Summary. 2.3 79 80 81 83 84 85 89 Chapter Notes and References . 91 Exercises. 91 Chapter Bibliography . 93 3 Pseudorandomness and ComputationalIndistinguishability 95 3.1 3.2 3.3 3.4 3.5 Indistinguishability. 96 3.1:1 Probability Ensembles . 97 3.1.2 Statistical Distance. 98 3.1.3 Information-Theoretic Indistinguishability. 99 3.1.4 Computational Indistinguishability. 101 3.1.5 Properties of Indistinguishability. . 102 Proof Techniques. 105 3.2.1 Game Hopping. 106 3.2.2 The Hybrid
Argument. Ill Pseudorandomness . 124 3.3.1 Pseudorandom Functions. 124 3.3.2 Pseudorandom Permutations. 127 3.3.3 Constructing PRPs: The Feistel Construction. 129 3.3.4 Pseudorandom Generators. 130 3.3.5 Pseudorandom Generators vs. One-Way Functions . 135 Pseudorandom Functions vs. Generators. 140 3.4.1 PRGs from PRFs. 140 3.4.2 PRFs from PRGs—The GGM Construction. 141 Message Authentication Codes. 150 Chapter Notes and References .154 Exercises. 155 Chapter Bibliography .158 4 Collision Resistance . 161 4.1 Formalizing Collision Resistance.162 4.1.1 Collision Resistance vs. Non-uniform Adversaries.163 4.1.2 A Generic Lower Bound for Collision Resistance. 165 4.1.3 Collision Resistance vs. One-Wayness. 169 4.2 Second-Preimage and Target-Collision Resistance. 172 4.2.1 Secónd-Preimage Resistance.
173 4.2.2 Target-Collision Resistance. 174 4.3 Relating the Collision Resistance Flavors. 175
Contents xvii 4.4 Collision Resistance from One-Way Functions. 180 4.4.1 Target-Collision Resistance from One-Wayness. 180 4.4.2 Impossibility of Collision Resistance from One-Wayness 181 Chapter Notes and References . 204 Exercises. 205 Chapter Bibliography . 207 5 Encryption Schemes. 209 Symmetric Encryption. 211 5.1.1 Indistinguishability of Ciphertexts. 213 5.1.2 Multiple Encryptions with IND-СРА Security. 218 5.1.3 IND-СРА Symmetric Encryptionfrom PRFs. 221 5.1.4 The Fundamental Lemma of Game Playing . 223 5.1.5 Showing IND-СРА Security. 229 5.1.6 Indistinguishability under Chosen-Ciphertext Attacks . 235 5.2 Public-Key Encryption. 242 5.2.1 Defining Public-Key Encryption. 243 5.2.2 Impossibility of Perfectly Secure PKE Schemes. 244 5.2.3 IND-СРА Security for PKE Schemes. 245 5.2.4 IND-CCA for Public-Key Encryption. 246 5.3 Constructing Public-Key Encryption Schemes. 247 5.3.1 Trapdoor One-Way Functions.
248 5.3.2 The Hard Core of OWFs: Hardcore Functions. 250 5.3.3 Goldreich-Levin Hardcore Bits. 252 5.3.4 PRGs from One-Way Functions Revisited. 254 5.3.5 PKE from Trapdoor and Hardcore Functions. 255 5.1 Chapter Notes and References . 256 Exercises. 257 Chapter Bibliography . 259 6 Signature Schemes. 261 6.1 Formalizing Secure Signature Schemes . 262 6.2 One-Time Signatures . 264 6.3 Hash-and-Sign: Signing Long Messages. 272 6.3.1 From Collision Resistance. 272 6.3.2 From Target-Collision Resistance. 277 6.4 Many-Time Signature Schemes. 283 6 .’4.1 Hash Trees. 284 6 .4.2 Merkle Signatures. 288 6.5 Constructing EUF-CMA Signatures. 290 6.6 Signature Schemes and One-Way Functions. 296 6.7 Certificates and Public-Key Infrastructures. 296
Chapter Notes and References . 298
xviii Contents Exercises. 299 Chapter Bibliography . 300 7 Non֊cryptographic Hashing. 303 7.1 7.2 7.3 7.4 7.5 Universal Hash Functions. 304 7.1.1 є-Almost Universal Hash Functions. 304 7.1.2 XOR-Universal Hash Function. 305 7.1.3 Constructions.307 Extractors and the Leftover Hash Lemma . 312 7.2.1 Randomness Extractors. 312 7.2.2 Leftover Hash Lemma. . 314 Message Authentication Based on Universal Hashing. 317 Pairwise Independent Hash Functions.322 7.4.1 Definition. 322 7.^2 Constructions. 324 7.4.3 One-Time Message Authentication. 326 Target-Collision Resistance from One-Way Permutations . 327 Chapter Notes and References .332 Exercises. 333 Chapter Bibliography . 333 Part II The Random Oracle Methodology 8 The Random
Oracle Model. 337 8.1 The Random Oracle Model. 338 8.1.1 Random Functions . 338 8.1.2 Random Oracles . 343 8.2 Random Oracles Are Ideal Hash Functions.346 8.2.1 To Key or Not To Key. 346 8.2.2 One-Wayness. 347 8.2.3 Collision Resistance. 352 8.2.4 Pseudorandomness . 354 8.3 Properties of Random Oracles. 356 8.3.1 Random Oracles against Inefficient Adversaries. 356 8.3.2 Domain Separation. 357 8.3.3 Output Size Extension. 358 8.3.4 Domain Extension. . 358 8.3.5 Keyed Random Oracles. 359 8.4 The Random Oracle Methodology. 360 8.4.1 Efficient Commitment Schemes in the ROM. . . 360 8.4.2 Instantiating Random Oracles.364 Chapter Notes and References . 365 Exercises.
366 Chapter Bibliography . 366
xix Contents 9 The Full Power of Random Oracles. 9.1 9.2 9.3 9.4 9.5 9.6 369 Unpredictability: Blockchains and Proofs of Work. 369 9.1.1 Blockchain . 370 9.1.2 Proofs of Work.373 Observing Reductions: PKE from Random Oracles. 376 9.2.1 Random Oracles Are Hardcore for Any OWF . 376 9.2.2 The BR93 Public-Key Encryption Scheme. 381 Programming Reductions: Full Domain Hash.382 9.3.1 Full Domain Hash Signatures. 382 9.3.2 The Programmable Random Oracle Model . 389 Removing Correlation: Correlated-Input Security. 390 9.4.1 Correlated-Input Secure Hash Functions. 391 9.4.2 Random Oracles Are Correlated-Input Secure. 394 9.4.3 Correlated-Input Security in the Standard Model. 395 Derandomization: Deterministic PKE. 395 9.5.1 Deterministic Public-Key Encryption.396 9.5.2 The Encrypt-with-Hash Transformation. 400 9.5.3 DPKE in the Standard Model.401 Conclusion . 402 Chapter Notes and References . 403 Exercises. 404 Chapter Bibliography . 405 10 Random
Oracle Schemes in Practice. 407 10.1 Number-Theoretic Assumptions. 408 10.1.1 Number-Theoretic Background. 408 10.1.2 The Discrete-Logarithm Assumption. 413 10.1.3 The RSA Assumption. 415 10.2 Fiat-Shamir Signatures.416 10.2.1 Schnorr Identification and Signature Scheme. 416 10.2.2 Security Proof via Forking. 421 10.3 Optimal Asymmetric Encryption Padding—OAEP. 429 10.4 Fujisaki-Okamoto Hybrid Encryption. 431 10.5 Probabilistic Signature Scheme—PSS. 433 Chapter Notes and References . . 435 Exercises. 437 Chapter Bibliography . 437 11 Limitations of Random Oracles . . . 441 11.1 11.2 11.3 11.4 11.5 Key Exchange Protocols. 441 Diffie-Hellman Key Exchange. 444 Merkle Puzzles. 446 Key Exchange and Complexity
Theory. 448 Impossibility of Key Exchange from Random Oracles. 451
Contents xx Chapter Notes and References . 458 Exercises.458 Chapter Bibliography . 459 12 The Random Oracle Controversy. 461 12.1 Random Oracle Uninstantiability. 462 12.2 An Uninstantiable Signature Scheme.465 12.3 The Random Oracle Methodology—A Controversy. 468 Chapter Notes and References .473 Exercises. /. 474 Chapter Bibliography. . 474 Part III Hash Function Constructions 13 Iterated Hash Functions. 479 13.1 The Merkle-Damgård Transformation. 481 13.1.1 Message Padding . 482 13.1.2 Merkle-Damgård Preserves Collision Resistance. 485 13.1.3 Keyed Merkle-Damgård. 490 13.1.4 MD Does Not Preserve SPR and TCR. 492 13.1.5 Domain Extension for SPR and TCR. 498 13.1.6 Length-Extension Attacks on Merkle-Damgård. 500 13.1.7 Wide-Pipe Constructions and Chopped MD . 503 13.2 Generic Attacks on Iterated Hash Functions
. 504 13.2.1 Second-Preimage Attacks via Fixed Points. 504 13.2.2 Multicollisions. 509 13.2.3 Second-Preimage Attacks via Multicollisions. 513 13.2.4 Predicting the Future with Herding Attacks . 514 13.2.5 On the Practicality of Generic Attacks. 522 13.3 Cryptographic Sponges. 523 13.3.1 Defining Cryptographic Sponges. . 524 13.3.2 Message Padding. 527 13.3.3 Security of Cryptographic Sponges . 531 Chapter Notes and References .535 Exercises. 536 Chapter Bibliography . . 537 14 Constructing Compression Functions. 539 14.1 Compression Functions from Block Ciphers. 541 14.1.1 Block Ciphers. 542 14.1.2 The Ideal Cipher Model.548 14.1.3 Rate-1 Constructions. 551 14.1.4 Impossibility of Highly EfficientConstructions. 561 14.1.5 Double Block-Length Compression Functions.
563
Contents xxi 14.2 Number-Theoretic Constructions. 566 14.2.1 Discrete-Logarithm-Based Construction. 568 14.2.2 Construction Based on the RSA Problem. 570 14.2.3 Chameleon Hash Functions. 572 Chapter Notes and References . 577 Exercises. 579 Chapter Bi'bliography . 580 15 Iterated Hash Functions in Practice. 585 15.1 MD5. 586 15.1.1 The MD5 Function. 587 15.1.2 Attacks on MD5 .589 15.2 SHA-1. 591 15.2.1 The SHA-1 Function. 591 15.2.2 Attacks on SHA-1. 592 15.3 SHA-2. 594 15.3.1 The SHA-2 Functions. 595 15.3.2 Security of SHA-2. 596 15.4 SHA-3. 598 15.4.1 KeccAK and Its
Permutation KeccAK-p. 599 15.4.2 SHA-3 Function Specifications. 606 15.4.3 Security of SHA-3. 610 Chapter Bibliography . 611 16 Constructions of Keyed Hash Functions . 619 16.1 Keying Merkle-Damgård. 621 16.1.1 The Secret-IV Method . 622 !6.1.2 The Secret-Prefix Method. 623 16.1.3 The Secret-Suffix Method . 624 16.1.4 Keyed Compression Function. 625 16.2 Iterating PRFs with Merkle-Damgård . 627 16.2.1 Weak Collision Resistance. 627 16.2.2 Security of Iterating Keyed Compression Functions . 631 16.2.3 Security of the Secret-IV Method. 635 16.2.4 Security of the Secret-Prefix Method. 647 16.2.5 Security of the Secret-Suffix Method.647 16.3 Hash-Based Message Authentication Codes.649 16.3.1 Nested Message Authentication Code (NMAC). 650 16.3.2 Hash-Based Message Authentication Code (HMAC) . 662 16.4 The Sandwich Construction. 666 16.5 Sponge-Based
MACs.667 16.6 Key Derivation. 668 16.6.1 HKDF: HMAC-Based Key Derivation. . . 669 16.6.2 Key Derivation Security Model.671
Contents xxii 16.6.3 Security of HKDF. . 675 16.6.4 Key Derivation from Low-Entropy Sources. 677 Chapter Notes and References . 679 Exercises.681 Chapter Bibliography. 681 17 Constructing Random Oracles—Indifferentiability. 685 Indifferentiability. 686 Defining Indifferentiability. 688 The Indifferentiability Composition Theorem. 690 Merkle-Damgård Is Not Indifferentiable. 698 Indifferentiable Hash Function Constructions. 701 17.5.1 Chopped Merkle-Damgård Is Indifferentiable. 702 17.5.2 Other Indifferentiable Hash Constructions. 713 17.5.3 Security of Sponges Revisited. 713 17.6 Indifferentiability of Compression Functions. 715 17.7 Multi-stage Security Definitions. 716 17.7.1 The Challenge-Response Protocol . 717 17.7.2 The Challenge-Response Protocol Is Not Secure. 718 17.7.3 Single-Stage vs. Multi-stage Games . 719 17.1 17.2 17.3 17.4 17.5 Chapter Notes and References
. 722 Exercises. 723 Chapter Bibliography . 724 18 Constructing Random Oracles—UCEs. 727 18.1 Behaving Like a Random Oracle. . 729 18.2 Defining Universal Computational Extractors. 733 18.2.1 Unpredictable Sources . 736 18.2.2 UCEs vs. Classical Hash Function Properties. 738 18.3 Applying UCEs. .'. 740 18.3.1 Proofs of Storage from UCEs. 741 18.3.2 Universal Hardcore Functions from UCEs . 744 18.3.3 Deterministic Public-Key Encryption from UCEs. 746 18.4 Constructing UCEs in Idealized Models. 751 18.4.1 Layered Cryptography. 752 18.4.2 UCEs from Random Oracles.752 18.4.3 UCEs in the Indifferentiability Framework . . 761 18.4.4 Indifferentiability for Multi-stage Games . 768 18.5 UCEs in the Standard Model. 768 18.5.1 A Brief Introduction to Obfuscation. 769 18.5.2 Uninstantiability of Strong UCEs. 771 18.5.3 UCEs or Indistinguishability
Obfuscation. 774 Chapter Notes and References .775
Contents xxiii Exercises. 776 Chapter Bibliography .777 Index. 779 |
| adam_txt |
Contents 1 Formalizing Cryptography. Algorithms, Turing Machines, and Circuits . 1.3.1 Turing Machines. . 1.3.2 Uncomputable Functions. 1.3.3 Circuits: A Non-uniform Computational Model. 1.3.4 Writing Algorithms. 1.3.5 The Security Parameter. 1.3.6 Running Time of Adversaries. 1.4 Complexity Theory. 1.4.1 Easy-to-Decide Languages. 1.4.2 Easy-to-Verify Languages. 1.5 Information-Theoretic Security. 1.5.1 Basic Probability Theory. 1.5.2 Perfect Secrecy. 1.5.3 Shannon’s Theorem. 1.5.4 Measuring Information—Entropy. 1.5.5 A Worst-Case Treatment of Entropy—Min-Entropy. 1.5.6 Key Reuse in One-Time Pads. 1 2 6 10 11 20 21 29 30 33 36 36 38 41 42 45 48 49 53 57 Chapter Notes and References . Exercises.
. Chapter Bibliography . 64 66 67 Foundations. 1.1 Notational Conventions . 1.2 1.3 Part I Foundations of Modern Cryptography 2 71 2.1 The Indispensability of Computational Security. 71 2.2 Bounding Adversarial Resources. 73 2.2.1 Bounding the Success Probability . 75 Computational Security . XV
Contents xvi 2.2.2 Asymptotic vs. Concrete Security . One-Way Functions. 2.3.1 A Game-Based Definition . 2.3.2 Generalized Input Distributions. 2.3.3 Keyed One-Way Functions. 2.4 Security Reductions and Leaky One-Way Functions. 2.5 Computational Security—Summary. 2.3 79 80 81 83 84 85 89 Chapter Notes and References . 91 Exercises. 91 Chapter Bibliography . 93 3 Pseudorandomness and ComputationalIndistinguishability 95 3.1 3.2 3.3 3.4 3.5 Indistinguishability. 96 3.1:1 Probability Ensembles . 97 3.1.2 Statistical Distance. 98 3.1.3 Information-Theoretic Indistinguishability. 99 3.1.4 Computational Indistinguishability. 101 3.1.5 Properties of Indistinguishability. . 102 Proof Techniques. 105 3.2.1 Game Hopping. 106 3.2.2 The Hybrid
Argument. Ill Pseudorandomness . 124 3.3.1 Pseudorandom Functions. 124 3.3.2 Pseudorandom Permutations. 127 3.3.3 Constructing PRPs: The Feistel Construction. 129 3.3.4 Pseudorandom Generators. 130 3.3.5 Pseudorandom Generators vs. One-Way Functions . 135 Pseudorandom Functions vs. Generators. 140 3.4.1 PRGs from PRFs. 140 3.4.2 PRFs from PRGs—The GGM Construction. 141 Message Authentication Codes. 150 Chapter Notes and References .154 Exercises. 155 Chapter Bibliography .158 4 Collision Resistance . 161 4.1 Formalizing Collision Resistance.162 4.1.1 Collision Resistance vs. Non-uniform Adversaries.163 4.1.2 A Generic Lower Bound for Collision Resistance. 165 4.1.3 Collision Resistance vs. One-Wayness. 169 4.2 Second-Preimage and Target-Collision Resistance. 172 4.2.1 Secónd-Preimage Resistance.
173 4.2.2 Target-Collision Resistance. 174 4.3 Relating the Collision Resistance Flavors. 175
Contents xvii 4.4 Collision Resistance from One-Way Functions. 180 4.4.1 Target-Collision Resistance from One-Wayness. 180 4.4.2 Impossibility of Collision Resistance from One-Wayness 181 Chapter Notes and References . 204 Exercises. 205 Chapter Bibliography . 207 5 Encryption Schemes. 209 Symmetric Encryption. 211 5.1.1 Indistinguishability of Ciphertexts. 213 5.1.2 Multiple Encryptions with IND-СРА Security. 218 5.1.3 IND-СРА Symmetric Encryptionfrom PRFs. 221 5.1.4 The Fundamental Lemma of Game Playing . 223 5.1.5 Showing IND-СРА Security. 229 5.1.6 Indistinguishability under Chosen-Ciphertext Attacks . 235 5.2 Public-Key Encryption. 242 5.2.1 Defining Public-Key Encryption. 243 5.2.2 Impossibility of Perfectly Secure PKE Schemes. 244 5.2.3 IND-СРА Security for PKE Schemes. 245 5.2.4 IND-CCA for Public-Key Encryption. 246 5.3 Constructing Public-Key Encryption Schemes. 247 5.3.1 Trapdoor One-Way Functions.
248 5.3.2 The Hard Core of OWFs: Hardcore Functions. 250 5.3.3 Goldreich-Levin Hardcore Bits. 252 5.3.4 PRGs from One-Way Functions Revisited. 254 5.3.5 PKE from Trapdoor and Hardcore Functions. 255 5.1 Chapter Notes and References . 256 Exercises. 257 Chapter Bibliography . 259 6 Signature Schemes. 261 6.1 Formalizing Secure Signature Schemes . 262 6.2 One-Time Signatures . 264 6.3 Hash-and-Sign: Signing Long Messages. 272 6.3.1 From Collision Resistance. 272 6.3.2 From Target-Collision Resistance. 277 6.4 Many-Time Signature Schemes. 283 6 .’4.1 Hash Trees. 284 6 .4.2 Merkle Signatures. 288 6.5 Constructing EUF-CMA Signatures. 290 6.6 Signature Schemes and One-Way Functions. 296 6.7 Certificates and Public-Key Infrastructures. 296
Chapter Notes and References . 298
xviii Contents Exercises. 299 Chapter Bibliography . 300 7 Non֊cryptographic Hashing. 303 7.1 7.2 7.3 7.4 7.5 Universal Hash Functions. 304 7.1.1 є-Almost Universal Hash Functions. 304 7.1.2 XOR-Universal Hash Function. 305 7.1.3 Constructions.307 Extractors and the Leftover Hash Lemma . 312 7.2.1 Randomness Extractors. 312 7.2.2 Leftover Hash Lemma. . 314 Message Authentication Based on Universal Hashing. 317 Pairwise Independent Hash Functions.322 7.4.1 Definition. 322 7.^2 Constructions. 324 7.4.3 One-Time Message Authentication. 326 Target-Collision Resistance from One-Way Permutations . 327 Chapter Notes and References .332 Exercises. 333 Chapter Bibliography . 333 Part II The Random Oracle Methodology 8 The Random
Oracle Model. 337 8.1 The Random Oracle Model. 338 8.1.1 Random Functions . 338 8.1.2 Random Oracles . 343 8.2 Random Oracles Are Ideal Hash Functions.346 8.2.1 To Key or Not To Key. 346 8.2.2 One-Wayness. 347 8.2.3 Collision Resistance. 352 8.2.4 Pseudorandomness . 354 8.3 Properties of Random Oracles. 356 8.3.1 Random Oracles against Inefficient Adversaries. 356 8.3.2 Domain Separation. 357 8.3.3 Output Size Extension. 358 8.3.4 Domain Extension. . 358 8.3.5 Keyed Random Oracles. 359 8.4 The Random Oracle Methodology. 360 8.4.1 Efficient Commitment Schemes in the ROM. . . 360 8.4.2 Instantiating Random Oracles.364 Chapter Notes and References . 365 Exercises.
366 Chapter Bibliography . 366
xix Contents 9 The Full Power of Random Oracles. 9.1 9.2 9.3 9.4 9.5 9.6 369 Unpredictability: Blockchains and Proofs of Work. 369 9.1.1 Blockchain . 370 9.1.2 Proofs of Work.373 Observing Reductions: PKE from Random Oracles. 376 9.2.1 Random Oracles Are Hardcore for Any OWF . 376 9.2.2 The BR93 Public-Key Encryption Scheme. 381 Programming Reductions: Full Domain Hash.382 9.3.1 Full Domain Hash Signatures. 382 9.3.2 The Programmable Random Oracle Model . 389 Removing Correlation: Correlated-Input Security. 390 9.4.1 Correlated-Input Secure Hash Functions. 391 9.4.2 Random Oracles Are Correlated-Input Secure. 394 9.4.3 Correlated-Input Security in the Standard Model. 395 Derandomization: Deterministic PKE. 395 9.5.1 Deterministic Public-Key Encryption.396 9.5.2 The Encrypt-with-Hash Transformation. 400 9.5.3 DPKE in the Standard Model.401 Conclusion . 402 Chapter Notes and References . 403 Exercises. 404 Chapter Bibliography . 405 10 Random
Oracle Schemes in Practice. 407 10.1 Number-Theoretic Assumptions. 408 10.1.1 Number-Theoretic Background. 408 10.1.2 The Discrete-Logarithm Assumption. 413 10.1.3 The RSA Assumption. 415 10.2 Fiat-Shamir Signatures.416 10.2.1 Schnorr Identification and Signature Scheme. 416 10.2.2 Security Proof via Forking. 421 10.3 Optimal Asymmetric Encryption Padding—OAEP. 429 10.4 Fujisaki-Okamoto Hybrid Encryption. 431 10.5 Probabilistic Signature Scheme—PSS. 433 Chapter Notes and References . . 435 Exercises. 437 Chapter Bibliography . 437 11 Limitations of Random Oracles . . . 441 11.1 11.2 11.3 11.4 11.5 Key Exchange Protocols. 441 Diffie-Hellman Key Exchange. 444 Merkle Puzzles. 446 Key Exchange and Complexity
Theory. 448 Impossibility of Key Exchange from Random Oracles. 451
Contents xx Chapter Notes and References . 458 Exercises.458 Chapter Bibliography . 459 12 The Random Oracle Controversy. 461 12.1 Random Oracle Uninstantiability. 462 12.2 An Uninstantiable Signature Scheme.465 12.3 The Random Oracle Methodology—A Controversy. 468 Chapter Notes and References .473 Exercises. /. 474 Chapter Bibliography. . 474 Part III Hash Function Constructions 13 Iterated Hash Functions. 479 13.1 The Merkle-Damgård Transformation. 481 13.1.1 Message Padding . 482 13.1.2 Merkle-Damgård Preserves Collision Resistance. 485 13.1.3 Keyed Merkle-Damgård. 490 13.1.4 MD Does Not Preserve SPR and TCR. 492 13.1.5 Domain Extension for SPR and TCR. 498 13.1.6 Length-Extension Attacks on Merkle-Damgård. 500 13.1.7 Wide-Pipe Constructions and Chopped MD . 503 13.2 Generic Attacks on Iterated Hash Functions
. 504 13.2.1 Second-Preimage Attacks via Fixed Points. 504 13.2.2 Multicollisions. 509 13.2.3 Second-Preimage Attacks via Multicollisions. 513 13.2.4 Predicting the Future with Herding Attacks . 514 13.2.5 On the Practicality of Generic Attacks. 522 13.3 Cryptographic Sponges. 523 13.3.1 Defining Cryptographic Sponges. . 524 13.3.2 Message Padding. 527 13.3.3 Security of Cryptographic Sponges . 531 Chapter Notes and References .535 Exercises. 536 Chapter Bibliography . . 537 14 Constructing Compression Functions. 539 14.1 Compression Functions from Block Ciphers. 541 14.1.1 Block Ciphers. 542 14.1.2 The Ideal Cipher Model.548 14.1.3 Rate-1 Constructions. 551 14.1.4 Impossibility of Highly EfficientConstructions. 561 14.1.5 Double Block-Length Compression Functions.
563
Contents xxi 14.2 Number-Theoretic Constructions. 566 14.2.1 Discrete-Logarithm-Based Construction. 568 14.2.2 Construction Based on the RSA Problem. 570 14.2.3 Chameleon Hash Functions. 572 Chapter Notes and References . 577 Exercises. 579 Chapter Bi'bliography . 580 15 Iterated Hash Functions in Practice. 585 15.1 MD5. 586 15.1.1 The MD5 Function. 587 15.1.2 Attacks on MD5 .589 15.2 SHA-1. 591 15.2.1 The SHA-1 Function. 591 15.2.2 Attacks on SHA-1. 592 15.3 SHA-2. 594 15.3.1 The SHA-2 Functions. 595 15.3.2 Security of SHA-2. 596 15.4 SHA-3. 598 15.4.1 KeccAK and Its
Permutation KeccAK-p. 599 15.4.2 SHA-3 Function Specifications. 606 15.4.3 Security of SHA-3. 610 Chapter Bibliography . 611 16 Constructions of Keyed Hash Functions . 619 16.1 Keying Merkle-Damgård. 621 16.1.1 The Secret-IV Method . 622 !6.1.2 The Secret-Prefix Method. 623 16.1.3 The Secret-Suffix Method . 624 16.1.4 Keyed Compression Function. 625 16.2 Iterating PRFs with Merkle-Damgård . 627 16.2.1 Weak Collision Resistance. 627 16.2.2 Security of Iterating Keyed Compression Functions . 631 16.2.3 Security of the Secret-IV Method. 635 16.2.4 Security of the Secret-Prefix Method. 647 16.2.5 Security of the Secret-Suffix Method.647 16.3 Hash-Based Message Authentication Codes.649 16.3.1 Nested Message Authentication Code (NMAC). 650 16.3.2 Hash-Based Message Authentication Code (HMAC) . 662 16.4 The Sandwich Construction. 666 16.5 Sponge-Based
MACs.667 16.6 Key Derivation. 668 16.6.1 HKDF: HMAC-Based Key Derivation. . . 669 16.6.2 Key Derivation Security Model.671
Contents xxii 16.6.3 Security of HKDF. . 675 16.6.4 Key Derivation from Low-Entropy Sources. 677 Chapter Notes and References . 679 Exercises.681 Chapter Bibliography. 681 17 Constructing Random Oracles—Indifferentiability. 685 Indifferentiability. 686 Defining Indifferentiability. 688 The Indifferentiability Composition Theorem. 690 Merkle-Damgård Is Not Indifferentiable. 698 Indifferentiable Hash Function Constructions. 701 17.5.1 Chopped Merkle-Damgård Is Indifferentiable. 702 17.5.2 Other Indifferentiable Hash Constructions. 713 17.5.3 Security of Sponges Revisited. 713 17.6 Indifferentiability of Compression Functions. 715 17.7 Multi-stage Security Definitions. 716 17.7.1 The Challenge-Response Protocol . 717 17.7.2 The Challenge-Response Protocol Is Not Secure. 718 17.7.3 Single-Stage vs. Multi-stage Games . 719 17.1 17.2 17.3 17.4 17.5 Chapter Notes and References
. 722 Exercises. 723 Chapter Bibliography . 724 18 Constructing Random Oracles—UCEs. 727 18.1 Behaving Like a Random Oracle. . 729 18.2 Defining Universal Computational Extractors. 733 18.2.1 Unpredictable Sources . 736 18.2.2 UCEs vs. Classical Hash Function Properties. 738 18.3 Applying UCEs. .'. 740 18.3.1 Proofs of Storage from UCEs. 741 18.3.2 Universal Hardcore Functions from UCEs . 744 18.3.3 Deterministic Public-Key Encryption from UCEs. 746 18.4 Constructing UCEs in Idealized Models. 751 18.4.1 Layered Cryptography. 752 18.4.2 UCEs from Random Oracles.752 18.4.3 UCEs in the Indifferentiability Framework . . 761 18.4.4 Indifferentiability for Multi-stage Games . 768 18.5 UCEs in the Standard Model. 768 18.5.1 A Brief Introduction to Obfuscation. 769 18.5.2 Uninstantiability of Strong UCEs. 771 18.5.3 UCEs or Indistinguishability
Obfuscation. 774 Chapter Notes and References .775
Contents xxiii Exercises. 776 Chapter Bibliography .777 Index. 779 |
| any_adam_object | 1 |
| any_adam_object_boolean | 1 |
| author | Mittelbach, Arno Andreas Fischlin, Marc 1973- |
| author_GND | (DE-588)1081959061 (DE-588)12359751X |
| author_facet | Mittelbach, Arno Andreas Fischlin, Marc 1973- |
| author_role | aut aut |
| author_sort | Mittelbach, Arno Andreas |
| author_variant | a a m aa aam m f mf |
| building | Verbundindex |
| bvnumber | BV047639500 |
| classification_rvk | ST 276 |
| ctrlnum | (OCoLC)1322799912 (DE-599)BVBBV047639500 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| discipline_str_mv | Informatik |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000 c 4500</leader><controlfield tag="001">BV047639500</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20240722</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">211214s2021 a||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783030632861</subfield><subfield code="c">hbk</subfield><subfield code="9">978-3-030-63286-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783030632892</subfield><subfield code="c">pbk</subfield><subfield code="9">978-3-030-63289-2</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1322799912</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV047639500</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-11</subfield><subfield code="a">DE-355</subfield><subfield code="a">DE-706</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Mittelbach, Arno Andreas</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1081959061</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The theory of hash functions and random oracles</subfield><subfield code="b">an approach to modern cryptography</subfield><subfield code="c">Arno Mittelbach, Marc Fischlin</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Cham, Switzerland</subfield><subfield code="b">Springer</subfield><subfield code="c">[2021]</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">© 2021</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xxiii, 788 Seiten</subfield><subfield code="b">Illustrationen, Diagramme</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Information security and cryptography</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Systems and Data Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Principles and Models of Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Mobile and Network Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks / Security measures</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Kryptologie</subfield><subfield code="0">(DE-588)4033329-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Hash-Algorithmus</subfield><subfield code="0">(DE-588)4323071-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Hash-Algorithmus</subfield><subfield code="0">(DE-588)4323071-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Kryptologie</subfield><subfield code="0">(DE-588)4033329-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Fischlin, Marc</subfield><subfield code="d">1973-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)12359751X</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe</subfield><subfield code="z">978-3-030-63287-8</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=033023720&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-033023720</subfield></datafield></record></collection> |
| id | DE-604.BV047639500 |
| illustrated | Illustrated |
| index_date | 2024-07-03T18:47:33Z |
| indexdate | 2024-08-21T00:54:15Z |
| institution | BVB |
| isbn | 9783030632861 9783030632892 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-033023720 |
| oclc_num | 1322799912 |
| open_access_boolean | |
| owner | DE-11 DE-355 DE-BY-UBR DE-706 |
| owner_facet | DE-11 DE-355 DE-BY-UBR DE-706 |
| physical | xxiii, 788 Seiten Illustrationen, Diagramme |
| publishDate | 2021 |
| publishDateSearch | 2021 |
| publishDateSort | 2021 |
| publisher | Springer |
| record_format | marc |
| series2 | Information security and cryptography |
| spelling | Mittelbach, Arno Andreas Verfasser (DE-588)1081959061 aut The theory of hash functions and random oracles an approach to modern cryptography Arno Mittelbach, Marc Fischlin Cham, Switzerland Springer [2021] © 2021 xxiii, 788 Seiten Illustrationen, Diagramme txt rdacontent n rdamedia nc rdacarrier Information security and cryptography Systems and Data Security Principles and Models of Security Mobile and Network Security Computer security Computer networks / Security measures Kryptologie (DE-588)4033329-2 gnd rswk-swf Hash-Algorithmus (DE-588)4323071-4 gnd rswk-swf Hash-Algorithmus (DE-588)4323071-4 s Kryptologie (DE-588)4033329-2 s DE-604 Fischlin, Marc 1973- Verfasser (DE-588)12359751X aut Erscheint auch als Online-Ausgabe 978-3-030-63287-8 Digitalisierung UB Regensburg - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=033023720&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Mittelbach, Arno Andreas Fischlin, Marc 1973- The theory of hash functions and random oracles an approach to modern cryptography Systems and Data Security Principles and Models of Security Mobile and Network Security Computer security Computer networks / Security measures Kryptologie (DE-588)4033329-2 gnd Hash-Algorithmus (DE-588)4323071-4 gnd |
| subject_GND | (DE-588)4033329-2 (DE-588)4323071-4 |
| title | The theory of hash functions and random oracles an approach to modern cryptography |
| title_auth | The theory of hash functions and random oracles an approach to modern cryptography |
| title_exact_search | The theory of hash functions and random oracles an approach to modern cryptography |
| title_exact_search_txtP | The theory of hash functions and random oracles an approach to modern cryptography |
| title_full | The theory of hash functions and random oracles an approach to modern cryptography Arno Mittelbach, Marc Fischlin |
| title_fullStr | The theory of hash functions and random oracles an approach to modern cryptography Arno Mittelbach, Marc Fischlin |
| title_full_unstemmed | The theory of hash functions and random oracles an approach to modern cryptography Arno Mittelbach, Marc Fischlin |
| title_short | The theory of hash functions and random oracles |
| title_sort | the theory of hash functions and random oracles an approach to modern cryptography |
| title_sub | an approach to modern cryptography |
| topic | Systems and Data Security Principles and Models of Security Mobile and Network Security Computer security Computer networks / Security measures Kryptologie (DE-588)4033329-2 gnd Hash-Algorithmus (DE-588)4323071-4 gnd |
| topic_facet | Systems and Data Security Principles and Models of Security Mobile and Network Security Computer security Computer networks / Security measures Kryptologie Hash-Algorithmus |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=033023720&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT mittelbacharnoandreas thetheoryofhashfunctionsandrandomoraclesanapproachtomoderncryptography AT fischlinmarc thetheoryofhashfunctionsandrandomoraclesanapproachtomoderncryptography |