Composition does not imply adaptive security

Pietrzak KZ. 2005. Composition does not imply adaptive security. CRYPTO: International Cryptology Conference, LNCS, vol. 3621, 55–65.

Download
No fulltext has been uploaded. References only!

Conference Paper | Published
Series Title
LNCS
Abstract
We study the question whether the sequential or parallel composition of two functions, each indistinguishable from a random function by non-adaptive distinguishers is secure against adaptive distinguishers. The sequential composition of F and G is the function G(F()), the parallel composition is F G where ⋆ is some group operation. It has been shown that composition indeed gives adaptive security in the information theoretic setting, but unfortunately the proof does not translate into the more interesting computational case. In this work we show that in the computational setting composition does not imply adaptive security: If there is a prime order cyclic group where the decisional Diffie-Hellman assumption holds, then there are functions F and G which are indistinguishable by non-adaptive polynomially time-bounded adversaries, but whose parallel composition can be completely broken (i.e. we recover the key) with only three adaptive queries. We give a similar result for sequential composition. Interestingly, we need a standard assumption from the asymmetric (aka. public-key) world to prove a negative result for symmetric (aka. private-key) systems.
Publishing Year
Date Published
2005-09-12
Publisher
Springer
Acknowledgement
Supported by the Swiss National Science Foundation, project No. 200020-103847/1.
Volume
3621
Page
55 - 65
Conference
CRYPTO: International Cryptology Conference
IST-REx-ID

Cite this

Pietrzak KZ. Composition does not imply adaptive security. In: Vol 3621. Springer; 2005:55-65. doi:10.1007/11535218_4
Pietrzak, K. Z. (2005). Composition does not imply adaptive security (Vol. 3621, pp. 55–65). Presented at the CRYPTO: International Cryptology Conference, Springer. https://doi.org/10.1007/11535218_4
Pietrzak, Krzysztof Z. “Composition Does Not Imply Adaptive Security,” 3621:55–65. Springer, 2005. https://doi.org/10.1007/11535218_4.
K. Z. Pietrzak, “Composition does not imply adaptive security,” presented at the CRYPTO: International Cryptology Conference, 2005, vol. 3621, pp. 55–65.
Pietrzak KZ. 2005. Composition does not imply adaptive security. CRYPTO: International Cryptology Conference, LNCS, vol. 3621, 55–65.
Pietrzak, Krzysztof Z. Composition Does Not Imply Adaptive Security. Vol. 3621, Springer, 2005, pp. 55–65, doi:10.1007/11535218_4.

Export

Marked Publications

Open Data ISTA Research Explorer

Search this title in

Google Scholar