1

I know that Dual_EC_DRBG's security is based on the ellitpic curve discrete logarithm problem, Micali-Schnorr is based on the difficulty of factorization, and MQ_DRBG is based on multivariate cryptography. Are there any others based on known hard problems instead of intricate designs?

Melab
  • 3,655
  • 2
  • 22
  • 44
  • Do you consider reversing a (particular) cryptographic hash or CCA against a particular cipher a "known hard problem"? Or are we restricting ourselves to known hard mathematical problems/prims. – Thomas M. DuBuisson Feb 16 '15 at 17:47
  • @ThomasMDubuisson I'm restricting it to known hard mathematical problems. Reversing a hash, while difficult, I'm told is not something that has security proofs like RSA, Diffie-Hellman, and the like. In other words, hashes are more or less designed by trial-and-error. – Melab Feb 16 '15 at 18:44
  • Algorithms can be designed on proven trapdoor/one-way functions. The Feistel construction (have a look at the simple picture in http://en.wikipedia.org/wiki/Feistel_cipher ), either used as hash, cipher , padding or PRG, has crypto-analysis and security evaluations ( http://www.iacr.org/archive/crypto2003/27290510/27290510.pdf ). – Pierre Feb 16 '15 at 21:12
  • 1
    @Melab: can you please point me to the security proofs for RSA or Diffie-Hellman? That is, the ones that don't start off assuming that the "RSA problem" or the "Diffie-Hellman problem" is hard? – poncho Feb 17 '15 at 15:09
  • 1
    There is Blum-Blum-Shub, which is related to factoring. But the security proof isn't very tight. – CodesInChaos Feb 17 '15 at 23:22
  • @poncho There's also "The RSA problem is hard and the hash function used to create the padding is a random oracle". – CodesInChaos Feb 17 '15 at 23:24
  • @Melab To be explicit about what poncho was saying: Your question seems well-formed but the commentary is flawed - cryptographic constructs are often proven to reduce to the hardness of a mathematical problem (DLP, etc) but the math isn't actually proven to be of a particular difficulty. As for you question, we can add lattice shortest vector problem (SVP) to the list. SVP is used in many ways, notably in FHE. – Thomas M. DuBuisson Feb 23 '15 at 17:36
  • @ThomasMDuBuisson I'm using the way NIST SP800-90A and the Wikipedia article on random number generators talk about it: PRNGs can be divided into ones based on cryptographic primitives, special designs (i.e., Yarrow), and ones based on number theoretic problems. – Melab Feb 24 '15 at 01:34
  • @Thomas-M.-DuBuisson Just in case the syntax is messed up. – Melab Feb 24 '15 at 04:57

0 Answers0