Cryptographic schemes are usually based on complexity assumptions, which state that some problems, such as factorization, cannot be solved in polynomial time.
Security proofs are notoriously difficult to achieve in the standard model, so in many proofs, cryptographic primitives are replaced by idealized versions.
The most common example of this technique, known as the random oracle model,[1][2] involves replacing a cryptographic hash function with a genuinely random function.
Other models used invoke trusted third parties to perform some task without cheating; for example, the public key infrastructure (PKI) model requires a certificate authority, which if it were dishonest, could produce fake certificates and use them to forge signatures, or mount a man in the middle attack to read encrypted messages.
In some applications, such as the Dolev–Dwork–Naor encryption scheme,[6] it makes sense for a particular party to generate the common reference string, while in other applications, the common reference string must be generated by a trusted third party.