More generally, we show that a certain goal, that we call key-verifiable, ciphertext-verifiable IND-CCA-preserving asymmetric encryption, is achievable in the RO model (by Hash ElGamal in particular) but unachievable in the standard model. This helps us better understand the source of the anomalies in Hash ElGamal and also lifts our uninstantiability result from being about a specific scheme to being about a primitive or goal.
These results extend our understanding of the gap between the standard and RO models, and bring concerns raised by previous work closer to practice by indicating that the problem of RO-model schemes admitting no secure instantiation can arise in domains where RO schemes are commonly designed.Category / Keywords: Random oracle model, encryption Publication Info: Extended abstract appears in Eurocrypt 2004. This is the full version. Date: received 24 Apr 2003, last revised 9 Mar 2004 Contact author: mihir at cs ucsd edu Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20040309:183558 (All versions of this report) Discussion forum: Show discussion | Start new discussion