Paper 2018/770

Combiners for Backdoored Random Oracles

Balthazar Bauer, Pooya Farshim, and Sogol Mazaheri


We formulate and study the security of cryptographic hash functions in the backdoored random-oracle (BRO) model, whereby a big brother designs a "good" hash function, but can also see arbitrary functions of its table via backdoor capabilities. This model captures intentional (and unintentional) weaknesses due to the existence of collision-finding or inversion algorithms, but goes well beyond them by allowing, for example, to search for structured preimages. The latter can easily break constructions that are secure under random inversions. BROs make the task of bootstrapping cryptographic hardness somewhat challenging. Indeed, with only a single arbitrarily backdoored function no hardness can be bootstrapped as any construction can be inverted. However, when two (or more) independent hash functions are available, hardness emerges even with unrestricted and adaptive access to all backdoor oracles. At the core of our results lie new reductions from cryptographic problems to the communication complexities of various two-party tasks. Along the way we establish a communication complexity lower bound for set-intersection for cryptographically relevant ranges of parameters and distributions and where set-disjointness can be easy.

Available format(s)
Publication info
A major revision of an IACR publication in CRYPTO 2018
random oraclecombinercommunication complexityset- disjointnessset-intersectionlower bounds
Contact author(s)
sogol mazaheri @ cryptoplexity de
2018-08-27: received
Short URL
Creative Commons Attribution


      author = {Balthazar Bauer and Pooya Farshim and Sogol Mazaheri},
      title = {Combiners for Backdoored Random Oracles},
      howpublished = {Cryptology ePrint Archive, Paper 2018/770},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.