Reading the Crypto Classics

Unruh: „Random Oracles and Auxiliary Input“ (Crypto 2007)

2023/03/21 10:00-12:00

Moderator: Patrick Struck (University of Regensburg, Data Security and Cryptography Group) | Location: online

Organizer: , TU Darmstadt, Cryptography and Information Security Group


This talk is the last session in the seminar series “Reading the Crypto Classics” for the winter term 2022/23. The idea of this seminar is to jointly read classical milestone papers in the area of cryptography, to discuss their impact and understand their relevance for current research areas. The seminar is running as an Oberseminar, but at the same time meant to be a joint reading group seminar of the CROSSING Special Interest Group on Advanced Cryptography with all interested CROSSING members being invited to participate.

This issue will cover the paper/talk

Unruh: „Random Oracles and Auxiliary Input“ (Crypto 2007) available at

with the following abstract:

“We introduce a variant of the random oracle model where oracle-dependent auxiliary input is allowed. In this setting, the adversary gets an auxiliary input that can contain information about the random oracle. Using simple examples we show that this model should be preferred over the classical variant where the auxiliary input is independent of the random oracle.

In the presence of oracle-dependent auxiliary input, the most important proof technique in the random oracle model—lazy sampling—does not apply directly. We present a theorem and a variant of the lazy sampling technique that allows one to perform proofs in the new model almost as easily as in the old one.

As an application of our approach and to illustrate how existing proofs can be adapted, we prove that RSA-OAEP is IND-CCA2 secure in the random oracle model with oracle-dependent auxiliary input.”


For participation in this virtual format, please write an e-mail to the organizer (see above).

More information