I am new to Crypto field. Many papers are boasting of not using Random Oracle model. Instead, those prove security in Standard Model. I am surprised how do these models differ. Can anyone please clarify me? Does using Hash function mean that the paper makes use of Random Oracle?
Asked
Active
Viewed 4,265 times
1 Answers
13
The random oracle model is a heuristic that assumes the existence of a truly random function to which all parties involved in a protocol, good and bad alike, have access. Since in reality no such function exists, random oracles are instantiated with hash functions and one heuristically assumes that a hash function behaves good enough to be a replacement for random oracles. Random oracles are nice as they allow to prove protocols secure while they are still practically efficient.
Since there are theoretical results showing that there are protocols that are secure in the random oracle model but trivially insecure whenever the random oracle is instantiated with any hash function, standard model constructs, i.e., constructs that do not rely on random oracles, are nicer from a theoretical perspective. Standard model means that the protocols only rely on standard cryptographic assumptions (DDH, CDH...) in their proofs.
No, using hash functions does not mean that you are in the random oracle model - only if you model them as random oracles. If you rely for instance on the collision resistance of a hash function, you can be still in the standard model.
DrLecter
- 12,675
- 3
- 44
- 61