A study of the random oracle model.

摘要

The random oracle model is a popular heuristic used to provide security arguments for cryptographic protocols by modeling cryptographic hash functions with perfectly random functions. For example, protocols like RSA-OAEP and PSS, which are now standards for encryption and digital signature, both find their formal justification in the random oracle model. Recent results, have shown that protocols proven secure in the random oracle model do not always remain so when the random oracles are instantiated with cryptographic hash functions, but, since they are based on unnatural constructions or security definitions, it remains unclear if these results truly demonstrate weaknesses in the random oracle model.;We show that these 'separation results' are indeed far less damaging to the random oracle model than previously thought, since they either rely on improper security definitions, or separate the random oracle model from the standard model on technicalities, rather than on its founding principles. We also make steps towards secure instantiation of random oracles by introducing new computational assumptions that can be used to prove the security of an encryption scheme which could only be proven secure in the random oracle model.;Finally, on a different topic, we introduce new attribute-based encryption schemes that were developed for the reversible redaction of confidential documents.