Paper 1997/007

Towards realizing random oracles: Hash functions that hide all partial information

Ran Canetti


The random oracle model is a very convenient setting for designing cryptographic protocols. In this idealized model all parties have access to a common, public random function, called a random oracle. Protocols in this model are often very simple and efficient; also the analysis is often clearer. However, we do not have a general mechanism for transforming protocols that are secure in the random oracle model into protocols that are secure in real life. In fact, we do not even know how to meaningfully specify the properties required from such a mechanism. Instead, it is a common practice to simply replace - often without mathematical justification - the random oracle with a `cryptographic hash function' (e.g., MD5 or SHA). Consequently, the resulting protocols have no meaningful proofs of security.

Available format(s)
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Random oraclesHash functionsCollision resistanceSemantic security
Contact author(s)
canetti @ watson ibm com
1997-06-02: received
Short URL
Creative Commons Attribution


      author = {Ran Canetti},
      title = {Towards realizing random oracles: Hash functions that hide all partial information},
      howpublished = {Cryptology ePrint Archive, Paper 1997/007},
      year = {1997},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.