On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes

  • Ran Canetti
  • Oded Goldreich
  • Shai Halevi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2951)


In earlier work, we described a “pathological” example of a signature scheme that is secure in the Random Oracle Model, but for which no secure implementation exists. For that example, however, it was crucial that the scheme is able to sign “long messages” (i.e., messages whose length is not a-priori bounded). This left open the possibility that the Random Oracle Methodology is sound with respect to signature schemes that sign only “short” messages (i.e., messages of a-priori bounded length, smaller than the length of the keys in use), and are “memoryless” (i.e., the only thing kept between different signature generations is the initial signing-key). In this work, we extend our negative result to address such signature schemes. A key ingredient in our proof is a new type of interactive proof systems, which may be of independent interest.


  1. 1.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st Conference on Computer and Communications Security, pp. 62–73. ACM, New York (1993)Google Scholar
  2. 2.
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the Correctness of Memories. Algorithmica 12(2/3), 225–244 (1994); Preliminary version in 32nd FOCS (1991)Google Scholar
  3. 3.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum Disclosure Proofs of Knowledge. JCSS 37(2), 156–189 (1988); Preliminary version by Brassard and Crépeau in 27th FOCS (1986)Google Scholar
  4. 4.
    Goldreich, O., Håstad, J.: On the complexity of interactive proofs with bounded communication. Information Processing Letters 67(4), 205–214 (1998)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Canetti, R., Goldreich, O., Halevi, S.: The Random Oracle Methodology, Revisited. Preliminary version in Proceedings of the 30th Annual ACM Symposium on the Theory of Computing, Dallas, TX, May 1998. ACM, New York (1998); TR version(s) available on-line from:,
  6. 6.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33(4), 210–217 (1986)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Goldreich, O., Ostrovsky, R.: Software Protection and Simulation on Oblivious RAMs. J. ACM 43, 431–473 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Goldreich, O., Vadhan, S.P., Wigderson, A.: On interactive proofs with a laconic prover. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 334–345. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SICOMP 18, 186–208 (1989); Preliminary version in 17th STOC (1985)Google Scholar
  10. 10.
    Holenstein, C., Maurer, U., Renner, R.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. Appears in these proceedings, Also available at:
  11. 11.
    Kilian, J.: A Note on Efficient Zero-Knowledge Proofs and Arguments. In: 24th STOC, pp. 723–732 (1992)Google Scholar
  12. 12.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  13. 13.
    Micali, S.: Computationally Sound Proofs. SICOMP 30(4), 1253–1298 (2000); Preliminary version in 35th FOCS (1994)Google Scholar
  14. 14.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 33–43 (1989)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Ran Canetti
    • 1
  • Oded Goldreich
    • 2
  • Shai Halevi
    • 1
  1. 1.IBM T.J. Watson Research CenterHawthorneUSA
  2. 2.Department of Computer ScienceWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations