Random Oracles and Auxiliary Input
نویسنده
چکیده
We introduce a variant of the random oracle model where oracledependent auxiliary input is allowed. In this setting, the adversary gets an auxiliary input that can contain information about the random oracle. Using simple examples we show that this model should be preferred over the classical variant where the auxiliary input is independent of the random oracle. In the presence of oracle-dependent auxiliary input, the most important proof technique in the random oracle model—lazy sampling—does not apply directly. We present a theorem and a variant of the lazy sampling technique that allows one to perform proofs in the new model almost as easily as in the old one. As an application of our approach and to illustrate how existing proofs can be adapted, we prove that RSA-OAEP is IND-CCA2 secure in the random oracle model with oracle-dependent auxiliary input.
منابع مشابه
Fixing Cracks in the Concrete: Random Oracles with Auxiliary Input, Revisited
We revisit the security of cryptographic primitives in the random-oracle model against attackers having a bounded amount of auxiliary information about the random oracle. This situation arises most naturally when an attacker carries out offline preprocessing to generate state (namely, auxiliary information) that is later used as part of an on-line attack, with perhaps the best-known example bei...
متن کاملTowards Realizing Random Oracles: Hash Functions That Hide All Partial Information
The random oracle model is a very convenient setting for designing cryptographic protocols. In this idealized model all parties have access to a common, public random function, called a random oracle. Protocols in this model are often very simple and efficient; also the analysis is often clearer. However, we do not have a general mechanism for transforming protocols that are secure in the rando...
متن کاملOn the (In)Security of SNARKs in the Presence of Oracles
In this work we study the feasibility of knowledge extraction for succinct non-interactive arguments of knowledge (SNARKs) in a scenario that, to the best of our knowledge, has not been analyzed before. While prior work focuses on the case of adversarial provers that may receive (statically generated) auxiliary information, here we consider the scenario where adversarial provers are given acces...
متن کاملA Relationship between One-Wayness and Correlation Intractability
The notion of correlation intractability was introduced in an attempt to capture the “unpredictability” property of random oracles: It is assumed that if R is a random oracle then it is infeasible to find an input x such that the input-output pair (x,R(x)) has some desired property. It is desirable that a plausible construction of correlation intractable function ensembles will be provided sinc...
متن کاملNon-adaptive programmability of random oracle
Random Oracles serve as an important heuristic for proving security of many popular and important cryptographic primitives. But, at the same time they are criticized due to the impossibility of practical instantiation. Programmability is one of the most important feature behind the power of Random Oracles. Unfortunately, in the standard hash functions, the feature of programmability is limited....
متن کامل