Content deleted Content added
m Dating maintenance tags: {{Section rewrite}} |
|||
Line 14:
Not all uses of cryptographic hash functions require random oracles: schemes that require only one or more properties having a definition in the [[Standard model (cryptography)|standard model]] (such as [[collision resistance]], [[preimage resistance]], [[second preimage resistance]], etc.) can often be proven secure in the standard model (e.g., the [[Cramer–Shoup cryptosystem]]).
Random oracles have long been considered in [[computational complexity theory]],<ref>{{Citation | last1=Bennett | first1=Charles H. | author1-link=Charles H. Bennett (computer scientist) | last2=Gill | first2=John | title=Relative to a Random Oracle A, P^A != NP^A != co-NP^A with Probability 1 | year=1981 | journal=SIAM Journal on Computing | issn=1095-7111 | volume=10 | issue=1 | pages=96–113 | doi=10.1137/0210008}}</ref> and many schemes have been proven secure in the random oracle model, for example [[Optimal Asymmetric Encryption Padding]], [[Full Domain Hash|RSA-FDH]] and [[
In 1989, [[Russell Impagliazzo]] and [[Steven Rudich]]<ref>{{cite journal|first1=Russell|last1=Impagliazzo|first2=Steven|last2=Rudich|title=Limits on the Provable Consequences of One-Way Permutations|journal=[[Symposium on Theory of Computing|STOC]]|year=1989|pages=44–61}}</ref> showed the limitation of random oracles – namely that their existence alone is not sufficient for secret-key exchange.
| |||