Streebog as a random oracle

The random oracle model is an instrument used for proving that protocol has no structural flaws when settling with standard hash properties is impossible or fairly difficult. In practice, however, random oracles must be instantiated with some specific hash functions that are not random oracles. Therefore, in the real world an adversary has broader capabilities than considered in the random oracle proof: it can exploit the peculiarities of a specific hash function to achieve its goal. In a case when a hash function is based on some building block, one can go further and show that even if the adversary has access to that building block, the hash function still behaves like a random oracle under some assumptions made about the building block. Thereby, the protocol can be proved secure against more powerful adversaries under less complex assumptions. The notion of indifferentiability formalizes that approach. In this paper, we show that $\mathtt{Streebog}$, a Russian standardized hash function, is indifferentiable from a random oracle under an ideal cipher assumption for the underlying block cipher.