A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is
On the looseness of FO derandomization
IACR Cryptology ePrint Archive
This paper proves, for two examples of a randomized ROM PKE C, that derandomizing C degrades ROM OW-CPA security by a factor close to the number of hash queries. The first example can be explained by the size of the message space of C but the second cannot. This paper also gives a concrete example of a randomized non-ROM PKE C that appears to have the same properties regarding known attacks.dblp:journals/iacr/Bernstein21 fatcat:ln3jjbnlbzbknl3wwe4xu6kcmq