Limits on the Usefulness of Random Oracles

  • Iftach Haitner
  • Eran Omri
  • Hila Zarosim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7785)


In the random oracle model, parties are given oracle access to a random function (i.e., a uniformly chosen function from the set of all functions), and are assumed to have unbounded computational power (though they can only make a bounded number of oracle queries). This model provides powerful properties that allow proving the security of many protocols, even such that cannot be proved secure in the standard model (under any hardness assumptions). The random oracle model is also used for showing that a given cryptographic primitive cannot be used in a black-box way to construct another primitive; in their seminal work, ImpagliazzoRu89 [STOC ’89] showed that no key-agreement protocol exists in the random oracle model, yielding that key-agreement cannot be black-box reduced to one-way functions. Their work has a long line of followup works (Simon [EC ’98], Gertner et al. [STOC ’00] and Gennaro et al. [SICOMP ’05], to name a few), showing that given oracle access to a certain type of function family (e.g., the family that “implements” public-key encryption) is not sufficient for building a given cryptographic primitive (e.g., oblivious transfer). Yet, the following question remained open:

What is the exact power of the random oracle model?

We make progress towards answering this question, showing that essentially, any no private input, semi-honest two-party functionality that can be securely implemented in the random oracle model, can be securely implemented information theoretically (where parties are assumed to be all powerful, and no oracle is given). We further generalize the above result to function families that provide some natural combinatorial property.

Our result immediately yields that essentially the only no-input functionalities that can be securely realized in the random oracle model (in the sense of secure function evaluation), are the trivial ones (ones that can be securely realized information theoretically). In addition, we use the recent information theoretic impossibility result of McGregor et al. [FOCS ’10], to show the existence of functionalities (e.g., inner product) that cannot be computed both accurately and in a differentially private manner in the random oracle model; yielding that protocols for computing these functionalities cannot be black-box reduced to one-way functions.


random oracles black-box separations one-way functions differential privacy key agreement 


  1. 1.
    Barak, B., Mahmoody-Ghidary, M.: Merkle Puzzles Are Optimal — An O(n2)-Query Attack on Any Key Exchange from a Random Oracle. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 374–390. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Beimel, A., Nissim, K., Omri, E.: Distributed private data analysis: On simultaneously solving how and what. CoRR, abs/1103.2626 (2011)Google Scholar
  3. 3.
    Canetti, R., Goldreich, O., Halevi, S.: On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 40–57. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Chang, Y.-C., Hsiao, C.-Y., Lu, C.-J.: On the Impossibilities of Basing One-Way Permutations on Central Cryptographic Primitives. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 110–124. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Dachman-Soled, D., Lindell, Y., Mahmoody, M., Malkin, T.: On the Black-Box Complexity of Optimally-Fair Coin Tossing. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 450–467. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  7. 7.
    Gennaro, R., Trevisan, L.: Lower bounds on the efficiency of generic cryptographic constructions. In: Proceedings of the 41st Annual Symposium on Foundations of Computer Science, pp. 305–313 (2000)Google Scholar
  8. 8.
    Gennaro, R., Gertner, Y., Katz, J., Trevisan, L.: Bounds on the efficiency of generic cryptographic constructions. SIAM Journal on Computing 35(1), 217–246 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, STOC (2000)Google Scholar
  10. 10.
    Goldwasser, S., Tauman-Kalai, Y.: On the (in)security of the fiat-shamir paradigm. In: Proceedings of the 44th Annual Symposium on Foundations of Computer Science, FOCS (2003)Google Scholar
  11. 11.
    Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols – A tight lower bound on the round complexity of statistically-hiding commitments. In: Proceedings of the 48th Annual Symposium on Foundations of Computer Science, FOCS (2007)Google Scholar
  12. 12.
    Haitner, I., Omri, E., Zarosim, H.: Limits on the usefulness of random oracles. Technical Report 2012/573, Cryptology ePrint Archive (2012),
  13. 13.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC), pp. 44–61. ACM Press (1989)Google Scholar
  14. 14.
    Kahn, J., Saks, M., Smyth, C.: A dual version of reimer’s inequality and a proof of rudich’s conjecture. In: Proceedings of the 15th Annual IEEE Conference on Computational Complexity, 2000, pp. 98–103 (2000)Google Scholar
  15. 15.
    Kim, J.H., Simon, D., Tetali, P.: Limits on the efficiency of one-way permutation-based hash functions. In: 40th Annual Symposium on Foundations of Computer Science, 1999, pp. 535–542 (1999)Google Scholar
  16. 16.
    Mahmoody, M., Maji, H.K., Prabhakaran, M.: Limits of random oracles in secure computation. Technical Report, arXiv:1205.3554v1 (2012)Google Scholar
  17. 17.
    McGregor, A., Mironov, I., Pitassi, T., Reingold, O., Talwar, K., Vadhan, S.P.: The limits of two-party differential privacy. In: Electronic Colloquium on Computational Complexity (ECCC), p. 106 (2011); Preliminary version in FOCS 2010 (2010)Google Scholar
  18. 18.
    Merkle, R.C.: Secure communications over insecure channels. In: SIMMONS: Secure Communications and Asymmetric Cryptosystems (1982)Google Scholar
  19. 19.
    Mironov, I., Pandey, O., Reingold, O., Vadhan, S.: Computational Differential Privacy. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 126–142. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Pointcheval, D., Stern, J.: Security Proofs for Signature Schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  21. 21.
    Rudich, S.: The Use of Interaction in Public Cryptosystems. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 242–251. Springer, Heidelberg (1992)Google Scholar
  22. 22.
    Simon, D.R.: Findings Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  23. 23.
    Wee, H.: One-Way Permutations, Interactive Hashing and Statistically Hiding Commitments. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 419–433. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Iftach Haitner
    • 1
  • Eran Omri
    • 2
  • Hila Zarosim
    • 3
  1. 1.School of Computer ScienceTel Aviv UniversityIsrael
  2. 2.Dep. of Mathematics and Computer ScienceAriel University CenterIsrael
  3. 3.Dep. of Computer ScienceBar Ilan UniversityIsrael

Personalised recommendations