ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

A Closer Look at Multiple Forking: Leveraging (In)Dependence for a Tighter Bound

Chatterjee, Sanjit and Kamath, Chethan (2016) A Closer Look at Multiple Forking: Leveraging (In)Dependence for a Tighter Bound. In: ALGORITHMICA, 74 (4). pp. 1321-1362.

[img] PDF
Alg_74-4_1321_2016.pdf - Published Version
Restricted to Registered users only

Download (1MB) | Request a copy
Official URL: http://dx.doi.org/10.1007/s00453-015-9997-6

Abstract

Boldyreva, Palacio and Warinschi introduced a multiple forking game as an extension of general forking. The notion of (multiple) forking is a useful abstraction from the actual simulation of cryptographic scheme to the adversary in a security reduction, and is achieved through the intermediary of a so-called wrapper algorithm. Multiple forking has turned out to be a useful tool in the security argument of several cryptographic protocols. However, a reduction employing multiple forking incurs a significant degradation of , where denotes the upper bound on the underlying random oracle calls and , the number of forkings. In this work we take a closer look at the reasons for the degradation with a tighter security bound in mind. We nail down the exact set of conditions for success in the multiple forking game. A careful analysis of the cryptographic schemes and corresponding security reduction employing multiple forking leads to the formulation of `dependence' and `independence' conditions pertaining to the output of the wrapper in different rounds. Based on the (in)dependence conditions we propose a general framework of multiple forking and a General Multiple Forking Lemma. Leveraging (in)dependence to the full allows us to improve the degradation factor in the multiple forking game by a factor of . By implication, the cost of a single forking involving two random oracles (augmented forking) matches that involving a single random oracle (elementary forking). Finally, we study the effect of these observations on the concrete security of existing schemes employing multiple forking. We conclude that by careful design of the protocol (and the wrapper in the security reduction) it is possible to harness our observations to the full extent.

Item Type: Journal Article
Additional Information: Copy right for this article belongs to the SPRINGER, 233 SPRING ST, NEW YORK, NY 10013 USA
Keywords: Cryptography; Provable security; Random oracle; Forking Lemma; Multiple Forking Lemma; Tightness
Department/Centre: Division of Electrical Sciences > Computer Science & Automation
Depositing User: Id for Latest eprints
Date Deposited: 11 May 2016 06:05
Last Modified: 11 May 2016 06:05
URI: http://eprints.iisc.ac.in/id/eprint/53775

Actions (login required)

View Item View Item