Many cryptographic systems which involve hash functions haveproof of their security in a so called random oracle model. Behavior of hashfunctions used in such cryptographic systems should be as close as possible tothe behavior of a random function. There are several properties of hash functionsdealing with a random behavior. A hash function is pseudo-random oracle if itis indifferentiable from a random oracle. However, it is well known that hashfunctions based on the popular Merkle-Damg°ard domain extension transform donot satisfy the pseudo-random oracle property. On the other hand no attack isknown for many concrete applications utilizing Merkle-Damg°ard hash functions.Hence, a weakened notion called public-use pseudo random oracle was introduced.The property can be met by the Merkle-Damg°ard construction and is sufficientfor several important applications. A hash function is public use pseudo-randomoracle if it is indifferentiable from a random oracle with public messages (i.e. allmessages hashed so far are available to all parties). This is is the case of mosthash based signature schemes.In this paper we analyze relationship between the property pseudo-random or-acle and its variant public image pseudo-random oracle. Roughly, a hash functionis public image pseudo-random oracle if it is indifferentiable from a random oraclewith public images (i.e. all images of messages hashed so far are available to allparties, messages are kept secret). We prove that the properties are equivalent.
@article{200, title = {On pseudo-random oracles}, journal = {Tatra Mountains Mathematical Publications}, volume = {51}, year = {2012}, doi = {10.2478/tatra.v53i0.200}, language = {EN}, url = {http://dml.mathdoc.fr/item/200} }
Rjaško, Michal. On pseudo-random oracles. Tatra Mountains Mathematical Publications, Tome 51 (2012) . doi : 10.2478/tatra.v53i0.200. http://gdmltest.u-ga.fr/item/200/