schemes. In this paper, we focus on the basic problem of correcting faulty–or adversarially corrupted–random
oracles, so that they can be confidently applied for such cryptographic purposes.
We prove that a simple construction can transform a “subverted” random oracle–which disagrees with the original
one at a small fraction of inputs–into an object that is indifferentiable from a random function, even if the adversary
is made aware of all randomness used in the transformation. Our results permit future designers of cryptographic
primitives in typical kleptographic settings (i.e., those permitting adversaries that subvert or replace basic cryptographic
algorithms) to use random oracles as a trusted black box.