**Compressed Permutation Oracles (And the Collision-Resistance of Sponge/SHA3)** (report, 2021)

Dominique Unruh

[ eprint ]

We generalize Zhandry’s compressed oracle technique to invertible random permutations. (That is, to a quantum random oracle where the adversary has access to a random permutation and its inverse.) This enables security proofs with lazy sampling, i.e., where oracle outputs are chosen only when needed. As an application of our technique, we show the collision-resistance of the sponge construction based on invertible permutations. In particular, this shows the collision-resistance of SHA3 (in the random oracle model).