The main result of this paper is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes.
In the process of devising the above schemes, we consider possible definitions for the notion of a "good implementation" of a random oracle, pointing out limitations and challenges.
Category / Keywords: foundations / correlation intractability, CS proofs, encryption and signature schemes, the random-oracle model Publication Info: Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive. Date: received March 31st, 2003. last revised 3 Aug 2003 Contact author: shaih at watson ibm com Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Short URL: ia.cr/1998/011 Discussion forum: Show discussion | Start new discussion