Entry Date:
May 5, 2002

The Random Oracle Model


A popular methodology for designing cryptographic protocols consists of the following two steps. One first designs an ideal system in which all parties (including the adversary) have oracle access to a truly random function, and proves the security of this ideal system. Next, one replaces the random oracle by a “good cryptographic hashing function” (such as MD5 or SHA), providing all parties (including the adversary) with the succinct description of this function. Thus, one obtains an implementation of the ideal system in a ``real-world'' where random oracles do not exist. This methodology, explicitly formulated by Bellare and Rogaway, and hereafter referred to as the random oracle methodology, has been used in many
works.