Jump to content

Standard model (cryptography)

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 134.58.253.57 (talk) at 12:59, 6 June 2007. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In cryptography the standard model is the model that gives the adversary the strongest powers for attacking the cryptographic scheme at hand. Other names used ar bare model and plain model. The attacker is only restricted in a complexity theoretic sense, i.e. in the amount of computation he can do in a certain time interval. A polynomially bounded attacker can only do a polynomial amount of computation, and can thus not solve every problem instance of a super-polynomial problem. Exponential time is an important subset of super-polynomial time.

Cryptographic schemes are often based on the assumption that a certain problem, e.g. factorization, is super-polynomial. If such assumptions are the only assumptions made by the scheme, the scheme can be proven secure in the standard model. However at times it is convenient to limit some of the powers of the attackers. This can be done by introducing idealized objects that cannot be manipulated by the adversary. Two objects which are widely used for proofs in cryptography are a random oracle and a common reference string. These changes give rise to the random oracle model and the common reference string model. Often the standard model is negatively defined as the model that does not use these objects. Another widely used model it public key infrastructure or PKI model.

There exists a fundamental difference between the random oracle model and other models, is that random oracles cannot exist in the standard model. A common reference string is just a sequence of bits and consequently can exist--even if it is impossible for two parties that have never met each other and know nothing about each other to agree on such a string by means of a cryptographic protocol alone, when communicating over an adversary controlled network. For instance these parties could meet, throw some coins, and record the results. They could also register their identities and public keys with the certificate authority of a PKI, and then run a cryptographic coin flipping protocol. This argument also shows that the PKI model is at least as powerful as the CRS model.

As real world implementation the objects provided by the extended model are usually established in an special setup phase that follows its own rules, non-standard models are also referred to as models with setup assumptions.

See also

Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Standard_model_(cryptography)&oldid=136345245"