It is considered the simplest digital signature scheme to be provably secure in a random oracle model .

Nonetheless, for any more natural protocol a proof of security in the random oracle model gives very strong evidence of the security of the protocol.

Its proof does not use the random oracle model.

Example of probabilistic encryption in the random oracle model:

Non-interactive zero-knowledge proofs can also be obtained in the random oracle model using the Fiat-Shamir heuristic.

In the random oracle model, this hash-then-sign form of signature is existentially unforgeable, even against a chosen-message attack.

This work provided fairly strong security definitions (although weaker than semantic security), and gave constructions in the random oracle model.

See random oracle model, common reference string model.

The generic group model suffers from some of the same problems as the random oracle model.

For example, let A be an algorithm for breaking a digital signature scheme in the random oracle model.