1

I was looking into the opaque authentication protocol and they discuss an oracle, which, if I understand it correctly is a projection $Z$ from $f$ to $g$ ($g$ at least the size of $f$), which maps inputs from $f$ to $g$. If $f$ and $g$ are the same, is this not comparable to an encryption with a substitution cipher of size $f$?

Ievgeni
  • 2,585
  • 1
  • 10
  • 32
Koos Gadellaa
  • 111
  • 1

1 Answers1

2

You can consider an oracle as some black-box algorithm, that has some well-defined interface: it accepts some requests, generates corresponding answers. But usually you don't know, what is hidden behind this interface (that's why it can be thought as black-box).

Oracles are used in many cryptographic proofs. For instance, in provable security methodology there's a concept of security game: given two parties (adversary and challenger), that exchange messages with each other: adversary makes some queries to challenger's oracles. E.g. in LOR-CCA (more often denoted as IND-CCA) model adversary has access to encryption and decryption oracles: first accepts two messages and returns ciphertext of one of them, second accepts some ciphertext and returns corresponding plaintext.

More info about provable security: A Graduate Course in Applied Cryptography.

Now moving on to substitution cipher notion differs dramatically :) It is a class of symmetric ciphers, that apply to each unit of plaintext (letter, bit, block, etc.) some permutation depending on an encryption key. It's a not quite strict definition, but this description provides some intuition behind the notion of substitution cipher.

Georgy Firsov
  • 255
  • 1
  • 9
  • Yes, but the heart of it is: can a substitution cipher be used as an oracle? Conceptually it feels so: an oracle on 26 values could be seen as a substitution of 26 values. Of course such a substitution key would quickly become prohibitively large, but conceptually I wonder if it would be a simple,valid implementation which is easily explained to laymen. – Koos Gadellaa Jul 27 '22 at 23:07