Standard Model (cryptography)
Encyclopedia
In cryptography
the standard model is the model of computation in which the adversary
is only limited by the amount of time and computational power available. Other names used are bare model and plain model.
Cryptographic schemes are usually based on complexity assumptions
, which state that some problem, e.g. factorization
, cannot be solved in polynomial time. Schemes which can be proven secure
using only complexity assumptions are said to be secure in the standard model. Security proofs are notoriously difficult to achieve in the standard model, so in many proofs, cryptographic primitives are replaced by idealized versions. The most usual example of this technique, known as the random oracle model
, involves replacing a cryptographic hash function with a genuinely random function. Another example is the generic group model
, where the adversary is given access to a randomly chosen encoding of a group
, instead of the finite field
or elliptic curve groups
used in practice.
Other models used invoke trusted third parties to perform some task without cheating -- for example, the public key infrastructure
(PKI) model requires a certificate authority
, which if it were dishonest, could produce fake certificates and use them to forge signatures, or mount a man in the middle attack to read encrypted messages. Other examples of this type are the common random string model and the common reference string model
, where it is assumed that all parties have access to some string chosen uniformly at random or a string chosen according to some other probability distribution respectively. These models are often used for Non-interactive zero-knowledge proof
s (NIZK). In some applications, such as the Dolev-Dwork-Naor encryption scheme
, it makes sense for a particular party to generate the common reference string, while in other applications, the common reference string must be generated by a trusted third party. Collectively, these models are referred to as models with special setup assumptions.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
the standard model is the model of computation in which the adversary
Adversary (cryptography)
In cryptography, an adversary is a malicious entity whose aim is to prevent the users of the cryptosystem from achieving their goal...
is only limited by the amount of time and computational power available. Other names used are bare model and plain model.
Cryptographic schemes are usually based on complexity assumptions
Computational complexity theory
Computational complexity theory is a branch of the theory of computation in theoretical computer science and mathematics that focuses on classifying computational problems according to their inherent difficulty, and relating those classes to each other...
, which state that some problem, e.g. factorization
Factorization
In mathematics, factorization or factoring is the decomposition of an object into a product of other objects, or factors, which when multiplied together give the original...
, cannot be solved in polynomial time. Schemes which can be proven secure
Provable security
In cryptography, a system has provable security if its security requirements can be stated formally in an adversarial model, as opposed to heuristically, with clear assumptions that the adversary has access to the system as well as enough computational resources...
using only complexity assumptions are said to be secure in the standard model. Security proofs are notoriously difficult to achieve in the standard model, so in many proofs, cryptographic primitives are replaced by idealized versions. The most usual example of this technique, known as the random oracle model
, involves replacing a cryptographic hash function with a genuinely random function. Another example is the generic group model
Generic group model
The generic group model is an idealised cryptographic model, where the adversary is only given access to a randomly chosen encoding of a group, instead of efficient encodings, such as those used by the finite field or elliptic curve groups used in practice....
, where the adversary is given access to a randomly chosen encoding of a group
Group (mathematics)
In mathematics, a group is an algebraic structure consisting of a set together with an operation that combines any two of its elements to form a third element. To qualify as a group, the set and the operation must satisfy a few conditions called group axioms, namely closure, associativity, identity...
, instead of the finite field
Finite field
In abstract algebra, a finite field or Galois field is a field that contains a finite number of elements. Finite fields are important in number theory, algebraic geometry, Galois theory, cryptography, and coding theory...
or elliptic curve groups
Elliptic curve cryptography
Elliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S...
used in practice.
Other models used invoke trusted third parties to perform some task without cheating -- for example, the public key infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
(PKI) model requires a certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
, which if it were dishonest, could produce fake certificates and use them to forge signatures, or mount a man in the middle attack to read encrypted messages. Other examples of this type are the common random string model and the common reference string model
Common reference string model
In cryptography, the common reference string model captures the assumption that a trusted setup in which all involved parties get access to the same string crs taken from some distribution D exists. Schemes proven secure in the CRS model are secure given that the setup was performed correctly...
, where it is assumed that all parties have access to some string chosen uniformly at random or a string chosen according to some other probability distribution respectively. These models are often used for Non-interactive zero-knowledge proof
Non-interactive zero-knowledge proof
Non-interactive zero-knowledge proofs are a variant of zero-knowledge proofs. Blum, Feldman, and Micali showed that a common reference string shared between the prover and the verifier is enough to achieve computational zero-knowledge without requiring interaction. Goldreich and Oren gave...
s (NIZK). In some applications, such as the Dolev-Dwork-Naor encryption scheme
, it makes sense for a particular party to generate the common reference string, while in other applications, the common reference string must be generated by a trusted third party. Collectively, these models are referred to as models with special setup assumptions.