CryptoDB
Separate Your Domains: NIST PQC KEMs and Pitfalls in Implementing Random Oracles
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Much of public key cryptography is designed in the Random Oracle Model, which assumes parties have access to one or more independent random functions. Implementing these random functions securely, usually via a cryptographic hash function, critically requires a technique called domain separation. This talk is about how spectacularly wrong things can go when domain separation is not done right, and simple ways to do it right. We begin with a case study on random oracle implementation in the NIST PQC KEM standardization effort, giving attacks arising from poor domain separation on some submissions, and classifying the remaining submissions from dubious to good. We then give a library of proof-validated domain separations that are secure, easy to implement, and usable in any type of cryptographic protocol, not just PQC KEMs. |
| Video: | https://youtu.be/X0Y6D5zLI-Y?t=2657 |
BibTeX
@misc{rwc-2021-35531,
title={Separate Your Domains: NIST PQC KEMs and Pitfalls in Implementing Random Oracles},
note={Video at \url{https://youtu.be/X0Y6D5zLI-Y?t=2657}},
howpublished={Talk given at RWC 2021},
author={Mihir Bellare and Hannah Davis and Felix Günther},
year=2021
}