Paper 1998/011

The Random Oracle Methodology, Revisited

Ran Canetti, Oded Goldreich, and Shai Halevi

Abstract

We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes that result from implementing the random oracle by so called "cryptographic hash functions". The main result of this paper is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible definitions for the notion of a "good implementation" of a random oracle, pointing out limitations and challenges.

Metadata
Available format(s)
PDF PS
Category
Foundations
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Keywords
correlation intractabilityCS proofsencryption and signature schemesthe random-oracle model
Contact author(s)
shaih @ watson ibm com
History
2003-08-04: revised
2003-08-04: received
Short URL
https://ia.cr/1998/011
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:1998/011,
      author = {Ran Canetti and Oded Goldreich and Shai Halevi},
      title = {The Random Oracle Methodology, Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 1998/011},
      year = {1998},
      note = {\url{https://eprint.iacr.org/1998/011}},
      url = {https://eprint.iacr.org/1998/011}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.