Abstract: We argue that the random oracle model ---where all parties have access to a public random oracle--- provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol P^R for the random oracle model, and then replacing oracle accesses by the computation of an ``appropriately chosen'' function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including encryption, signatures, and zero-knowledge proofs.
Ref: Extended abstract in Proc. First Annual Conference on Computer and Communications Security, ACM, 1993. Full paper available below.
Full paper: Available as compressed postscript, postscript, or pdf. ( Help if this doesn't work).
Following our work, the random oracle model has been used in several other places. For example, Pointcheval and Stern used it to analyze several signature schemes.