TY - GEN
T1 - Toward separating the strong adaptive pseudo-freeness from the strong RSA assumption
AU - Fukumitsu, Masayuki
AU - Hasegawa, Shingo
AU - Isobe, Shuji
AU - Koizumi, Eisuke
AU - Shizuya, Hiroki
PY - 2013/9/26
Y1 - 2013/9/26
N2 - The notion of pseudo-freeness of a group was introduced by Hohenberger, and formalized by Rivest in order to unify cryptographic assumptions. Catalano, Fiore and Warinschi proposed the adaptive pseudo-free group as a generalization of pseudo-free group. They showed that the RSA group ℤN X is pseudo-free even if the adversary against pseudo-freeness is allowed to operate adaptively, provided that the adaptive behavior of the adversary is restricted by some specific parametric distribution. They also proposed the notion of strong adaptive pseudo-freeness in which the adaptive behavior of the adversary is not restricted. However, it remains open whether ℤNX is also strongly-adaptive pseudo-free under the strong RSA (SRSA) assumption. In this paper, we give a negative circumstantial evidence for the question. We show that the SRSA assumption does not imply the strong adaptive pseudo-freeness of ℤNX, as far as the algebraic reduction is concerned. The algebraic reduction means that the algorithm of the black-box reduction performs only group operations for elements in ℤNX. Our result indicates that the strong adaptive pseudo-freeness for the RSA group ℤNX cannot be shown under the SRSA assumption, by employing only current proof techniques which are used in ordinary security proofs.
AB - The notion of pseudo-freeness of a group was introduced by Hohenberger, and formalized by Rivest in order to unify cryptographic assumptions. Catalano, Fiore and Warinschi proposed the adaptive pseudo-free group as a generalization of pseudo-free group. They showed that the RSA group ℤN X is pseudo-free even if the adversary against pseudo-freeness is allowed to operate adaptively, provided that the adaptive behavior of the adversary is restricted by some specific parametric distribution. They also proposed the notion of strong adaptive pseudo-freeness in which the adaptive behavior of the adversary is not restricted. However, it remains open whether ℤNX is also strongly-adaptive pseudo-free under the strong RSA (SRSA) assumption. In this paper, we give a negative circumstantial evidence for the question. We show that the SRSA assumption does not imply the strong adaptive pseudo-freeness of ℤNX, as far as the algebraic reduction is concerned. The algebraic reduction means that the algorithm of the black-box reduction performs only group operations for elements in ℤNX. Our result indicates that the strong adaptive pseudo-freeness for the RSA group ℤNX cannot be shown under the SRSA assumption, by employing only current proof techniques which are used in ordinary security proofs.
UR - http://www.scopus.com/inward/record.url?scp=84884470843&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84884470843&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-39059-3_6
DO - 10.1007/978-3-642-39059-3_6
M3 - Conference contribution
AN - SCOPUS:84884470843
SN - 9783642390586
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 72
EP - 87
BT - Information Security and Privacy - 18th Australasian Conference, ACISP 2013, Proceedings
T2 - 18th Australasian Conference on Information Security and Privacy, ACISP 2013
Y2 - 1 July 2013 through 3 July 2013
ER -