On the looseness of FO derandomization [article]

Daniel J. Bernstein
2021 IACR Cryptology ePrint Archive  
This paper proves, for two examples of a randomized ROM PKE C, that derandomizing C degrades ROM OW-CPA security by a factor close to the number of hash queries. The first example can be explained by the size of the message space of C but the second cannot. This paper also gives a concrete example of a randomized non-ROM PKE C that appears to have the same properties regarding known attacks.
dblp:journals/iacr/Bernstein21 fatcat:ln3jjbnlbzbknl3wwe4xu6kcmq