The theory of hash functions and random oracles. An approach to modern cryptography (Q2668881)

The authors put a lot of work to create this 788-page book -- the text has been edited even after the layout to insert links with page numbers, there are exercises and a website for errata and discussions. The book considers in ``Foundations'' the background needed from algorithms, complexity theory, information security and in three consecutive parts considers most of the important topics in modern cryptology (Part 1 -- Foundations of modern cryptology, Part II -- The random oracle methodology, Part III -- Hash function constructions). The book does not consider cryptography practice (``we do not go into detail on the various schemas that can be constructed'' (p. vii), the practice is hinted by links to several standards) but ``discuss a number of important results that hitherto only exist in not easily accessible research papers'' (p. vii, i.e. the book does not contain new results except the results of the first author in [Random oracles in the standard model. Darmstadt: Technische Universität Darmstadt (PhD Thesis) (2016)] (guided by the second author). The main theme is ``a detailed treatment of the random oracle methodology'' (p. vii). Random oracles were introduced in 1996, and a few years later their weakness was proved: (see [\textit{R. Canetti} et al., J. ACM 51, No. 4, 557--594 (2004; Zbl 1204.94063)]), what is still the main problem with the `random oracle method': ``There exist signature and encryption schemes that are secure in the random oracle model, but for which any implementation of the random oracle results in insecure schemes''. The authors agree that ``schemes exist that are provably secure in the random oracle model but trivially broken in the real world'' (p. vii), thus ``secure in the random oracle model'' is not equal to ``secure''. The authors suggest as the target audience for this book students (p. viii), but this suggestion is problematic -- young minds may not be able to properly discern the differences between ``proven secure'' and ``proven secure in the random oracle model'' (the authors also suggest several other textbooks on cryptography). The authors agree that ``an important open question is thus how to properly interpret results that are based on random oracles'' (p. vii); the same holds for all of this book.