Streebog as a random oracle | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2024. № 64. DOI: 10.17223/20710410/64/3

The random oracle model is an instrument used for proving that protocol has no structural flaws when settling with standard hash properties is impossible or fairly difficult. In practice, however, random oracles must be instantiated with some specific hash functions that are not random oracles. Therefore, in the real world an adversary has broader capabilities than considered in the random oracle proof: it can exploit the peculiarities of a specific hash function to achieve its goal. In a case when a hash function is based on some building block, one can go further and show that even if the adversary has access to that building block, the hash function still behaves like a random oracle under some assumptions made about the building block. Thereby, the protocol can be proved secure against more powerful adversaries under less complex assumptions. The notion of indifferentiability formalizes that approach. In this paper, we show that Streebog, a Russian standardized hash function, is indifferentiable from a random oracle under an ideal cipher assumption for the underlying block cipher.

Download file

Counter downloads: 7

Title Streebog as a random oracle
Headline Streebog as a random oracle
Publesher Tomsk State University
Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 64 6/2024
Date: 6/2024
DOI 10.17223/20710410/64/3

Keywords

Streebog, GOST, random oracle, indifferentiability

Authors

Akhmetzyanova Liliya R.

LLC "CRYPTO-PRO"

lah@cryptopro.ru

Babueva Alexandra A.

LLC "CRYPTO-PRO"

babueva@cryptopro.ru

Bozhko Andrey A.

LLC "CRYPTO-PRO"

bozhko@cryptopro.ru

References

Bellare M. and Rogaway P. Random oracles are practical: A paradigm for designing efficient protocols. Proc. 1st ACM Conf. CCS'93, N.Y., ACM, 1993, pp. 62-73.

Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018, https://datatracker.ietf.org/doc/html/rfc8446.

Kaufman C., Hoffman P., Nir Y., et al.Internet Key Exchange Protocol Version 2 (IKEv2). RFC 7296, October 2014, https://datatracker.ietf.org/doc/html/rfc7296.

Schnorr C.P. Efficient identification and signatures for smart cards. LNCS, 1990, vol.435, pp.239-252.

Pointcheval D. and Stern J. Security proofs for signature schemes. LNCS, 1996, vol. 1070, pp.387-398.

Smyshlyaev S., Alekseev E., Griboedova E., et al. GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.3. RFC 9367, February 2023, https: //datatracker. ietf. org/doc/rfc9367.

Smyslov V. Using GOST Ciphers in the Encapsulating Security Payload (ESP) and Internet Key Exchange Version 2 (IKEv2) Protocols. RFC 9227, March 2022, https://datatracker.ietf.org/doc/rfc9227.

Smyshlyaev S., Alekseev E., Oshkin L, and Popov V. The Security Evaluated Standardized Password-Authenticated Key Exchange (SESPAKE) Protocol. RFC 8133, March 2017, https://datatracker.ietf.org/doc/html/rfc8133.

Alekseev E. K. and Smyshlyaev S. V. О bezopasnosti protokola SESPAKE (On security of the SESPAKE protocol]. Prikladnava Diskretnava Matematika, 2020, no. 50, pp. 5-41. (in Russian).

Akhmetzyanova L. R., Alekseev E. K., Babueva A. A., and Smyshlyaev S. V. On methods of shortening ElGamal-type signatures. Mat. Vopr. Kriptogr., 2021, vol. 12, no. 2, pp. 75-91.

Tessaro S. and Zhu C. Short pairing-free blind signatures with exponential security. LNCS, 2022, vol. 13276, pp. 782-811.

Vysotskaya V. V. and Chizhov I. V. The security of the code-based signature scheme based on the Stern identification protocol. Prikladnava Diskretnava Matematika, 2022, no. 57, pp.67-90.

Coron J. S., Dodis Y., Malinaud C., and Puniya P. Merkle-Damgard revisited: How to construct a hash function. LNCS, 2005, vol. 3621, pp. 430-448.

Coron J. S., Dodis Y., Malinaud C., and Puniya P. Merkle-Damgard revisited: How to construct a hash function. Full version, 2005. https://cs.nyu.edu/~dodis/ps/merkle.pdf.

Maurer U.M., Renner R., and Holenstein C. Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. LNCS, 2004, vol. 2951, pp.21-39.

GOST R 34.11-2012. Informatsionnava tekhnologiva. Kriptograficheskava zashchita informatsii. Funktsiva kheshirovaniva [Information Technology. Cryptographic Data Security. Hash Function]. Moscow, Standartinform Publ., 2012. (in Russian).

Smyshlyaev S. V., Shishkin V.A., Marshalko G. B., et al. Obzor rezul'tatov analiza khesh-funktsii GOST R 34.11-2012 [Overview of hash-function GOST R 34.11-2012 cryptoanalysis]. Problemv Informatsionnov Bezopasnosti. Komp'yuternve Sistemv, 2015, vol. 4, pp. 147-153. (in Russian).

Kiryukhin V. Keyed Streebog is a Secure PRF and MAC. 2022, Cryptology ePrint Archive, 2022. https://eprint.iacr.org/2022/972.

Ristenpart T., Shacham H., and Shrimpton T. Careful with composition: Limitations of the indifferentiabilitv framework. LNCS, 2011, vol. 6632, pp. 487-506.

Guo J., Jean J., Leurent G., et al. The usage of counter revisited: Second-preimage attack on new Russian standardized hash function. LNCS, 2014, vol. 8781, pp. 195-211.

Streebog as a random oracle | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2024. № 64. DOI: 10.17223/20710410/64/3

Download full-text version

Counter downloads: 143