Cryptology ePrint Archive: Report 2014/867

Random-Oracle Uninstantiability from Indistinguishability Obfuscation

Christina Brzuska and Pooya Farshim and Arno Mittelbach

Abstract: Assuming the existence of indistinguishability obfuscation (iO), we show that a number of prominent transformations in the random-oracle model are uninstantiable in the standard model. We start by showing that the Encrypt-with-Hash transform of Bellare, Boldyreva and O'Neill (CRYPTO 2007) for converting randomized public-key encryption schemes to deterministic ones is not instantiable in the standard model. To this end, we build on the recent work of Brzuska, Farshim and Mittelbach (CRYPTO 2014) and rely on the existence of iO for circuits or iO for Turing machines to derive uninstantiability for hash functions of a priori bounded polynomial size and arbitrary polynomial size, respectively. The techniques that we use to establish this result are flexible and lend themselves to a number of other transformations such as the classical Fujisaki--Okamoto transform (CRYPTO 1998) and transformations akin to those by Bellare and Keelveedhi (CRYPTO 2011) and Douceur et al. (ICDCS 2002) for obtaining KDM-secure encryption and de-duplication schemes respectively. Our results call for a re-assessment of scheme design in the random-oracle model and highlight the need for new transforms that do not suffer from iO-based attacks.

Category / Keywords: foundations / Random oracle, uninstantiability, indistinguishability obfuscation, deterministic PKE, hedged PKE, message-locked encryption, Fujisaki-Okamoto, KDM security, UCE.

Original Publication (with major differences): IACR-TCC-2015

Date: received 21 Oct 2014, last revised 15 Feb 2015

Contact author: arno mittelbach at cased de

Available format(s): PDF | BibTeX Citation

Version: 20150215:132438 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]