Standard model (cryptography)
In cryptography the standard model is the model of computation in which the adversary is only limited by the amount of time and computational power available. Other names used are bare model and plain model.
Cryptographic schemes are usually based on complexity assumptions, which state state that some problem, e.g. factorization, cannot be solved in polynomial time. Schemes which can be proven secure using only complexity assumptions are said to be secure in the standard model. Security proofs are notoriously difficult to achieve in the standard model, so in many proofs, cryptographic primitives are replaced by idealized versions. The most usual example of this technique, known as the random oracle model [1] [2], involves replacing a cryptographic hash function with a genuinely random function. Another example is the generic group model [3] [4], where the adversary is given access to a randomly chosen encoding of a group, instead of the finite field or elliptic curve groups used in practice.
Other models used invoke trusted third parties to perform some task without cheating -- for example, the public key infrastructure (PKI) model requires a certificate authority, which if it were dishonest, could produce fake certificates and use them to forge signatures, or mount a man in the middle attack to read encrypted messages. Other examples of this type are the common random string model and the common reference string model, where it is assumed that all parties have access to some string chosen uniformly at random or a string chosen according to some other probability distribution respectively. These models are often used for Non-interactive zero-knowledge proofs (NIZK). In some applications, such as the Dolev-Dwork-Naor encryption scheme [5], it makes sense for a particular party to generate the common reference string, while in other applications, the common reference string must be generated by a trusted third party. Collectively, these models are referred to as models with special setup assumptions.
References
- ^ Mihir Bellare (1993). "Random Oracles are Practical: A Paradigm for Designing Efficient Protocols". ACM Conference on Computer and Communications Security. ACM. pp. 62–73. Retrieved 2007-11-01.
{{cite conference}}: Unknown parameter|booktitle=ignored (|book-title=suggested) (help); Unknown parameter|coauthors=ignored (|author=suggested) (help) - ^ Ran Canetti (1998). "The Random Oracle Methodology Revisited". Proceedings of the thirtieth annual ACM symposium on Theory of computing. ACM. pp. 209–218. Retrieved 2007-11-01.
{{cite conference}}: Unknown parameter|booktitle=ignored (|book-title=suggested) (help); Unknown parameter|coauthors=ignored (|author=suggested) (help) - ^ Victor Shoup (1997). "Lower bounds for discrete logarithms and related problems" (pdf). Lecture Notes in Computer Science. Advances in Cryptology – Eurocrypt ’97. Vol. 1233. Springer-Verlag. pp. 256–266. Retrieved 2007-11-01.
{{cite conference}}: Unknown parameter|booktitle=ignored (|book-title=suggested) (help) - ^ Ueli Maurer (2005). "Abstract models of computation in cryptography" (pdf). Lecture Notes in Computer Science. 10th IMA Conference On Cryptography and Coding. Vol. 2796. Springer-Verlag. pp. 1–12. Retrieved 2007-11-01.
{{cite conference}}: Unknown parameter|booktitle=ignored (|book-title=suggested) (help) - ^ Danny Dolev (1991). "Non-Malleable Cryptography". Proceedings of the Twenty Third Annual ACM Symposium on Theory of Computing. ACM. pp. 542–552.
{{cite conference}}: Unknown parameter|booktitle=ignored (|book-title=suggested) (help); Unknown parameter|coauthors=ignored (|author=suggested) (help)
See also
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |