Paper 2012/710

Non Observability in the Random Oracle Model

Prabhanjan Ananth and Raghav Bhaskar

Abstract

The Random Oracle Model, introduced by Bellare and Rogaway, provides a method to heuristically argue about the security of cryptographic primitives and protocols. The basis of this heuristic is that secure hash functions are close enough to random functions in their behavior, and so, a primitive that is secure using a random function should continue to remain secure even when the random function is replaced by a real hash function. In the security proof, this setting is realized by modeling the hash function as a random oracle. However, this approach in particular also enables any reduction, reducing a hard problem to the existence of an adversary, to \emph{observe} the queries the adversary makes to its random oracle and to \emph{program} the responses that the oracle provides to these queries. While, the issue of programmability of query responses has received a lot of attention in the literature, to the best of our knowledge, observability of the adversary's queries has not been identified as an artificial artefact of the Random Oracle Model. In this work, we study the security of several popular schemes when the security reduction cannot ``observe'' the adversary's queries to the random oracle, but can (possibly) continue to ``program'' the query responses. We first show that RSA-PFDH and Schnorr's signatures continue to remain secure when the security reduction is non observing (NO reductions), which is not surprising as their proofs in the random oracle model rely on programmability. We also provide two example schemes, namely, Fischlin's NIZK-PoK \cite{Fischlin05} and non interactive extractable commitment scheme, extractor algorithms of which seem to rely on observability in the random oracle model. While we prove that Fischlin's online extractors cannot exist when they are non observing, our extractable commitment scheme continues to be secure even when the extractors are non observing. We also introduce Non Observing Non Programming reductions which we believe are closest to standard model reductions.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
prabhanjan va @ gmail com
rbhaskar @ microsoft com
History
2012-12-19: received
Short URL
https://ia.cr/2012/710
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/710,
      author = {Prabhanjan Ananth and Raghav Bhaskar},
      title = {Non Observability in the Random Oracle Model},
      howpublished = {Cryptology ePrint Archive, Paper 2012/710},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/710}},
      url = {https://eprint.iacr.org/2012/710}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.