Random oracle: Difference between revisions

Random oracles first appeared in the context of complexity theory, in which they were used to argue that complexity class separations may face relativization barriers, with the most prominent case being the [[P vs NP problem]], two classes shown in 1981 to be distinct relative to a random oracle [[almost surely]].<ref name="bennett-gill">{{cite journal|first1=Charles|last1=Bennett|first2=John|last2=Gill|title= Relative to a Random Oracle A, N^A != NP^A != coNP^A with Probability 1|journal=SIAM Journal on Computing|year=1981|pages=96–113|doi=10.1137/0210008|doi-access=free}}</ref> They made their way into cryptography by the publication of [[Mihir Bellare]] and [[Phillip Rogaway]] in 1993, which introduced them as a formal cryptographic model to be used in reduction proofs.<ref name="bellrog">{{cite journalbook|first1=Mihir|last1=Bellare|author-link=Mihir Bellare|first2=Phillip|last2=Rogaway|author-link2title=PhillipProceedings of the 1st ACM conference on Computer and communications security - CCS '93 Rogaway|titlechapter=Random Oraclesoracles are Practicalpractical: A Paradigmparadigm for Designingdesigning Efficientefficient protocols Protocols|journalauthor-link2=ACMPhillip Conference on ComputerRogaway and Communications Security|year=1993|pages=62–73|doi=10.1145/168588.168596 |s2cid=3047274 |doi-access=free|isbn=0-89791-629-8 }}</ref>

They are typically used when the proof cannot be carried out using weaker assumptions on the [[cryptographic hash function]]. A system that is proven secure when every hash function is replaced by a random oracle is described as being secure in the '''random oracle model''', asa opposeddifferentiation tofrom being secure in the [[Standard model (cryptography)|standard model of cryptography]].