Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify reliance on Keccak behaving like a random oracle #10

Open
ounsworth opened this issue Apr 18, 2023 · 1 comment
Open

Clarify reliance on Keccak behaving like a random oracle #10

ounsworth opened this issue Apr 18, 2023 · 1 comment

Comments

@ounsworth
Copy link
Collaborator

ounsworth commented Apr 18, 2023
edited
Loading

Nimrod Aviram said:

The construction relies on Keccak behaving like a random oracle.
As Joan and Gilles have pointed out, this is a modelling choice, not something that can be proven.
This is a somewhat strong assumption, albeit a workable one. I recommend clarifying the reliance on this assumption in the document.
The construction proposed here can be assumed to be a dual-PRF when
assuming the underlying hash function to be a random oracle.
My understanding is that the authors don't claim it to be a dual-PRF
without random oracle assumptions, i.e. in the standard model.

https://mailarchive.ietf.org/arch/msg/cfrg/LYkaqKMS2yIWqkHKASWbZ9aHhTY/
@wussler
Copy link
Collaborator

wussler commented Jul 17, 2023

From Felix:
Simply adding the following consideration may be sufficient

"The sponge construction was proven to be indifferentiable from a
random oracle [BDPA08], assuming the Keccak permutation behaves like a
random permutation."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ounsworth @wussler