The Random Oracle Methodology, Revisited
Ran Canetti, Oded Goldreich, Shai Halevi
Abstract: In this work we take a formal look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes which result from implementing the random oracle by so called ``cryptographic hash functions''. The main result of this paper is a negative one: There exist signature and encryption schemes which are secure in the Random Oracle Model, but for which {\em any implementation}\/ of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible definitions for the notion of a ``good implementation'' of a random oracle, pointing out limitations and challenges.
Keywords: Encryption and Signature Schemes, CS-Proofs.
comment: received March 31st, 1998.
contact author: oded@theory.lcs.mit.edu
Fetch PostScript file of the full paper.