we are going to do our first
sample random oracle
model proof. To do that we will
need to work
with the RSA assumption
and an encryption scheme based on that
now we first
define a generation
algorithm for this RSA assumption. It takes the security
parameter as input
and what it does is the following.
It picks 2 prime numbers p & q randomly
such that let's say they are primes
of length let's say n
then it computes a value n
that's equal to p times q. This value
n defines the composite order group
ZN* remember integers modulo n
that are relatively prime to n
and the group operation is multiplication
modulo n. This group
remember has order phi(n) 
that is p-1
times q-1 there are that many elements in this group
then this Gen algorithm
computes two values e and d such that
e*d equivalent to 1
modulo this order of the group
p-1 * q-1
so eventually this gen algorithm
outputs n,e,d
the RSA assumption states the following
so this is an assumption. The RSA
assumption says
for all
probabilistic polynomial-time adversaries A
there exists a negligible
function let's say neg(n) in the security parameter
such that if we consider this following experiment
we run the gen algorithm
using the security parameter it outputs
n which defines ZN* group
e and d. And we pick
let's say a random value
x from
ZN*
and then what we do is we give the adversary
of course the security parameter, N
and e but not d, we don't give the
adversary d
instead we give the adversary x^e
so we compute this we give it to the adversary
and we expect the adversary to return back x
essentially the eth root of the element
in the group that we gave to the
adversary
and the RSA assumption states that for all PPT
adversaries this probability is negligible.
now using
this assumption
we are going to create an let's say
RSA based encryption scheme
let's call this scheme PI
scheme PI will have
this key generation algorithm where
n and e constitute the public
encryption key and d is our secret
decryption key. the encryption
in this RSA based
scheme that we are developing. We'll use this
public key
and we will take a message and we are going to
assume that
our message has length let's say some
l(n) where l is some polynomial in n
so we have a fixed length
message space. It needs to output some ciphertext
what it does is the following.
it's going to pick a value r
from ZN*
and it's going to compute
r^e
modulo n .This will be c1
then it's going to send
r to the random oracle
it will output some y
that is of the same length as the message
so the random oracle on input a group
element r
outputs some random
output essentially
of the same length as the message so
we compute c2 similar to one time pad
as y xor our message m.
and this c
the final ciphertext we output has two parts c1 and c2
what would be the corresponding
decryption remember decryption uses
the secret key
in an asymmetric scheme and it takes the
ciphertext
as the message its goal is to output the message back,
sorry ciphertext as the input
what it's going to do is as follows remember this ciphertext has two parts
c1 and
c2
it will take c1 computes c1^d
modulo n
now remember c1
is r^e mod n. We are computing r^e^d mod
r^e^d mod n. This is
essentially r^ed mod n. ed
is equivalent to 1 modula, the order of the
group therefore this thing will give us back r
now once we have r
we will send r to the random oracle
the random oracle since we are giving back the same r
it will return us back the same y. 
now that we have y our job is  extremely easy we compute
c2 xor y this will give us back
the same message m so this is
a correct encryption scheme
