Random oracle methodology, revisited

Ran Canetti*, Oded Goldreich, Shai Halevi

*Corresponding author for this work

Research output: Contribution to journalConference articlepeer-review


We take a formal look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes which result from implementing the random oracle by so called `cryptographic hash functions'. The main result of this paper is a negative one: There exist signature and encryption schemes which are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible definitions for the notion of a `good implementation' of a random oracle, pointing out limitations and challenges.

Original languageEnglish
Pages (from-to)209-218
Number of pages10
JournalConference Proceedings of the Annual ACM Symposium on Theory of Computing
StatePublished - 1998
Externally publishedYes
EventProceedings of the 1998 30th Annual ACM Symposium on Theory of Computing - Dallas, TX, USA
Duration: 23 May 199826 May 1998


Dive into the research topics of 'Random oracle methodology, revisited'. Together they form a unique fingerprint.

Cite this