Cryptology ePrint Archive: Report 1998/011

The Random Oracle Methodology, Revisited

Ran Canetti, Oded Goldreich, Shai Halevi

Abstract: We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes that result from implementing the random oracle by so called "cryptographic hash functions".

The main result of this paper is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes.

In the process of devising the above schemes, we consider possible definitions for the notion of a "good implementation" of a random oracle, pointing out limitations and challenges.

Category / Keywords: foundations / correlation intractability, CS proofs, encryption and signature schemes, the random-oracle model

Publication Info: Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.

Date: received March 31st, 2003. last revised 3 Aug 2003

Contact author: shaih at watson ibm com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]