# Standard model (cryptography)

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Standard_model_(cryptography)
> Markdown URL: https://mediated.wiki/source/Standard_model_(cryptography).md
> Source: https://en.wikipedia.org/wiki/Standard_model_(cryptography)
> Source revision: 1338355941
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Model of computation

In [cryptography](/source/Cryptography) the **standard model** is the model of computation in which the [adversary](/source/Adversary_(cryptography)) is only limited by the amount of time and computational power available. Other names used are **bare model** and **plain model**.

Cryptographic schemes are usually based on [complexity assumptions](/source/Computational_complexity_theory), which state that some problems, such as [factorization](/source/Factorization), cannot be solved in [polynomial time](/source/Polynomial_time). Schemes that can be [proven secure](/source/Provable_security) using only complexity assumptions are said to be secure in the standard model. Security proofs are notoriously difficult to achieve in the standard model, so in many proofs, cryptographic primitives are replaced by idealized versions. The most common example of this technique, known as the [random oracle model](/source/Random_oracle_model),[1][2] involves replacing a [cryptographic hash function](/source/Cryptographic_hash_function) with a genuinely random function. Another example is the [generic group model](/source/Generic_group_model),[3][4] where the adversary is given access to a randomly chosen encoding of a [group](/source/Group_(mathematics)), instead of the [finite field](/source/Finite_field) or [elliptic curve groups](/source/Elliptic_curve_cryptography) used in practice.

Other models used invoke trusted third parties to perform some task without cheating; for example, the [public key infrastructure](/source/Public_key_infrastructure) (PKI) model requires a [certificate authority](/source/Certificate_authority), which if it were dishonest, could produce fake certificates and use them to forge signatures, or mount a [man in the middle attack](/source/Man_in_the_middle_attack) to read encrypted messages. Other examples of this type are the [common random string model](https://en.wikipedia.org/w/index.php?title=Common_random_string_model&action=edit&redlink=1), where it is assumed that all parties have access to some string chosen uniformly at random, and its generalization, the [common reference string model](/source/Common_reference_string_model), where a string is chosen according to some other probability distribution.[5] These models are often used for [non-interactive zero-knowledge proofs](/source/Non-interactive_zero-knowledge_proof) (NIZK). In some applications, such as the Dolev–Dwork–Naor encryption scheme,[6] it makes sense for a particular party to generate the common reference string, while in other applications, the common reference string must be generated by a trusted third party. Collectively, these models are referred to as models with special setup assumptions.

## See also

- [Random oracle model](/source/Random_oracle_model)

## References

1. **[^](#cite_ref-1)** [Mihir Bellare](/source/Mihir_Bellare); [Phillip Rogaway](/source/Phillip_Rogaway) (1993). ["Random Oracles are Practical: A Paradigm for Designing Efficient Protocols"](http://www.cs.ucsd.edu/users/mihir/papers/ro.html). *Conference on Computer and Communications Security (CCS)*. ACM. pp. 62–73. Retrieved 2007-11-01.

1. **[^](#cite_ref-2)** [Ran Canetti](/source/Ran_Canetti); [Oded Goldreich](/source/Oded_Goldreich); [Shai Halevi](/source/Shai_Halevi) (1998). ["The Random Oracle Methodology Revisited"](http://eprint.iacr.org/1998/011). *Symposium on Theory of computing (STOC)*. ACM. pp. 209–218. Retrieved 2007-11-01.

1. **[^](#cite_ref-3)** [Victor Shoup](/source/Victor_Shoup) (1997). ["Lower bounds for discrete logarithms and related problems"](http://www.shoup.net/papers/evalbound.pdf) (PDF). *Advances in Cryptology – Eurocrypt ’97*. Vol. 1233. Springer-Verlag. pp. 256–266. Retrieved 2007-11-01.

1. **[^](#cite_ref-4)** Ueli Maurer (2005). ["Abstract models of computation in cryptography"](https://web.archive.org/web/20170706135627/ftp://ftp.inf.ethz.ch/pub/crypto/publications/Maurer05.pdf) (PDF). *IMA conference on Cryptography and Coding (IMACC)*. Vol. 3796. Springer-Verlag. pp. 1–12. Archived from [the original](ftp://ftp.inf.ethz.ch/pub/crypto/publications/Maurer05.pdf) (PDF) on 2017-07-06. Retrieved 2007-11-01.

1. **[^](#cite_ref-5)** Canetti, Ran; Pass, Rafael; Shelat, Abhi (2007). "Cryptography from Sunspots: How to Use an Imperfect Reference String". *48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07)*. pp. 249–259. [doi](/source/Doi_(identifier)):[10.1109/focs.2007.70](https://doi.org/10.1109%2Ffocs.2007.70). [ISBN](/source/ISBN_(identifier)) [978-0769530109](https://en.wikipedia.org/wiki/Special:BookSources/978-0769530109).

1. **[^](#cite_ref-6)** [Danny Dolev](/source/Danny_Dolev); [Cynthia Dwork](/source/Cynthia_Dwork); [Moni Naor](/source/Moni_Naor) (1991). ["Non-Malleable Cryptography"](http://www.cs.huji.ac.il/~dolev/pubs/nmc.pdf) (PDF). *Symposium on Theory of Computing (STOC)*. ACM. pp. 542–552. Retrieved 2011-12-18.

v t e Cryptographic models Standard model Common reference string model Random oracle model Generic group model

This cryptography-related article is a stub. You can help Wikipedia by adding missing information.

- [v](https://en.wikipedia.org/wiki/Template:Crypto-stub)
- [t](/source/Template_talk%3ACrypto-stub)
- [e](https://en.wikipedia.org/wiki/Special:EditPage/Template:Crypto-stub)

---
Adapted from the Wikipedia article [Standard model (cryptography)](https://en.wikipedia.org/wiki/Standard_model_(cryptography)) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Standard_model_(cryptography)?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
