Paper 1997/007

Towards realizing random oracles: Hash functions that hide all partial information

Ran Canetti

Abstract

The random oracle model is a very convenient setting for designing cryptographic protocols. In this idealized model all parties have access to a common, public random function, called a random oracle. Protocols in this model are often very simple and efficient; also the analysis is often clearer. However, we do not have a general mechanism for transforming protocols that are secure in the random oracle model into protocols that are secure in real life. In fact, we do not even know how to meaningfully specify the properties required from such a mechanism. Instead, it is a common practice to simply replace - often without mathematical justification - the random oracle with a `cryptographic hash function' (e.g., MD5 or SHA). Consequently, the resulting protocols have no meaningful proofs of security.

Metadata
Available format(s)
PS
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Keywords
Random oraclesHash functionsCollision resistanceSemantic security
Contact author(s)
canetti @ watson ibm com
History
1997-06-02: received
Short URL
https://ia.cr/1997/007
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:1997/007,
      author = {Ran Canetti},
      title = {Towards realizing random oracles: Hash functions that hide all partial information},
      howpublished = {Cryptology ePrint Archive, Paper 1997/007},
      year = {1997},
      note = {\url{https://eprint.iacr.org/1997/007}},
      url = {https://eprint.iacr.org/1997/007}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.