now we are going to talk about random oracles
so random oracle is both
a design strategy so
when we are creating let's say a scheme protocol
we are going to employ a random oracle
and it's all said proof strategy
the definition of a random oracle
is essentially says that
random oracle is a random function
so it has some domain let's say D
and some range let's say R
so random oracle is a randomly
chosen
function such that among
all functions with this domain and
this R that functions is chosen
randomly. But it's a function meaning that
every time the same input is given to
the random oracle
the same output needs to be returned so the way
to think about a random oracle
you can think about it
as a lookup table such that
one column represents the  input one
column represents the output so for each input
a randomly chosen output is stored
on this table whenever
the random oracle needs to compute over some
input X we find
that input and then return
the corresponding y value
this would have been a perfect random oracle
but representing
such a table requires exponential space
if this domain is let's say n bit
values then there are 2^n
rows of this table
instead we are going to
simulate this random oracle using it
a randomized way. But remember we need to
always return the same
output given the same input
so the way we are going to simulate it is as follows
the random oracle
will first initialize a database
that is empty. Now whenever
some input x is given
it will do 2 things
first it will search its database
for 
if a such a pair exists in the database
we will simply return that
y associated with our x
otherwise what the random oracle will do
is pick a y randomly from its range
then add to it's database
this 
and then again return
y. So
we are essentially sending back this y
in response to the input x. Now the claim is
that
essentially this version of the random oracle
is equivalent it can be simulated by
this version, Why? remember this database is initially empty
when the first query comes for some
particular X
what the random oracle will do is it will
create
a random Y that corresponds to this X
so think about
creating this first row with x,y
here
and then it will return that y
if a new x comes again it will do the same thing
in some sense creating the second
row here.
If the same
X is given again it will first look at
it's database
it will find it here return the same y. So
given the same input it always returns
the same
output. But there's a huge difference remember we
said this
requires exponential space but
this is a polynomial version
of it. Why? They are only polynomial queries possible
and each query creates at most one entry
in the database. So this version 
requires both polynomial
time and polynomial space. These
are essentially equivalent ways of thinking
about the random oracle
sometimes one is easier to imagine than
the other but in practice
we cannot use this version in practice
we need to use something like this
Remember, random Oracle
is essentially a proof strategy
and the types of proofs we are doing
are theorems such as
we say if lets say scheme PI1 is
is secure you or assumption
PI1 holds then scheme
PI2 is also a secure. So this is the type of theorem
we prove in general and remember our proof strategy
is by contrapositive. We say
if scheme PI2 is broken if there exists
a PPT adversary A that
that breaks the scheme then
we show that scheme PI1 is also broken
and the way we show is this if we have such a PPT
adversary A that breaks scheme PI2
we construct a PPT adversary
B that breaks scheme PI1.
if this claim is in the random oracle model
so we say that if scheme PI1
is secure then scheme PI2 is secure
in the random oracle model
then this proof the contrapositive
must also be in the random oracle model
What does it mean? In
our security proofs done by reduction
in the regular case. We have this
outside adversary B we need to construct.
and we have this inside adversary
A that we have no idea about it s code.
But what we know is A is
playing the game for
scheme PI2. So here is the game
for scheme PI2 this is the security experiment.
Security definition and we know that B
is playing the game
for scheme PI1
it is trying to break scheme PI1 or
assumption
PI1. And normally
we fill in the code for B.
We show that if the advantage
of the adversary A is non-negligible
advantage of the adversary B here would be non-negligible
This is the regular proof style
In the ROM 
if our proof is in the random oracle model in addition to the game
PI2 here, anywhere in this game A 
also has access
to random oracle queries so it will send some
query x to the random oracle expects some answers y
and of course since this is an oracle access it can be
anywhere within this game.
So if the proof is in the random oracle
model A
in addition to the game it's playing also
has
access to random oracle queries.
Furthermore
as for B
in addition to
writing these code here.
B also must write
the code for the random oracle. So
B's job is to simulate this random oracle that
is essentially good for B
because now B can see
all the queries A makes. And actually
can return a response in a way that he likes.
For example in general random oracle proof strategy
let's say we generated  some particular
value here
in response to let's say some of  these
interaction now
B can program this random oracle such that when
associated random oracle queries made.
It can return let's say the same value
to A. That's a great advantage for B
so B can, B needs to write the code for
the random oracle
but in addition, B can tie this code
of the random oracle to its original code.
essentially
this is a requirement. Otherwise
in general you wouldn't be able to
prove
security. If you could actually maybe you
didn't even need a random oracle to start with
So for the random oracle proofs in addition to the regular game A's
playing A
also has access to random oracle queries but this random oracle queries
are answered by B and the answers
may depend on other actions of
B the remaining of the proof
is the same. You need to show the
probability
relationship between A & B and so on.
you need to show B is polynomial time
including its random oracle simulation
so the rest of the proof style is the same
the only difference will be here
