Weakened Random Oracle Models with Target Prefix

TL;DR

This paper introduces new weakened random oracle models to analyze cryptographic scheme security more precisely, especially focusing on signature schemes like RSA-FDH and DSA, by formalizing and extending existing models.

Contribution

The paper formalizes the generalized FPT-ROM and proposes three new WROMs to better capture chosen prefix collision attacks in cryptographic security analysis.

Findings

Formalization of GFPT-ROM for precise security analysis

Introduction of three new WROMs for chosen prefix collision attacks

Application to RSA-FDH, variants, and DSA signature schemes

Abstract

Weakened random oracle models (WROMs) are variants of the random oracle model (ROM). The WROMs have the random oracle and the additional oracle which breaks some property of a hash function. Analyzing the security of cryptographic schemes in WROMs, we can specify the property of a hash function on which the security of cryptographic schemes depends. Liskov (SAC 2006) proposed WROMs and later Numayama et al. (PKC 2008) formalized them as CT-ROM, SPT-ROM, and FPT-ROM. In each model, there is the additional oracle to break collision resistance, second preimage resistance, preimage resistance respectively. Tan and Wong (ACISP 2012) proposed the generalized FPT-ROM (GFPT-ROM) which intended to capture the chosen prefix collision attack suggested by Stevens et al. (EUROCRYPT 2007). In this paper, in order to analyze the security of cryptographic schemes more precisely, we formalize GFPT-ROM and propose additional three WROMs which capture the chosen prefix collision attack and its variants. In particular, we focus on signature schemes such as RSA-FDH, its variants, and DSA, in order to understand essential roles of WROMs in their security proofs.