The key is here… because finding what is effectively hash collisions has become feasible for some types of hashes:

They were able to come up with a malicious program that, if presented with its own hash as the secret input, could compute the random challenges and then arrange its internal workings so the spots being challenged would pass inspection. The verifier would see no reason to doubt that the program really did output what the prover claimed, even though it did not.

What’s more, the researchers showed how to embed this malicious program in any task. For example, if you want to falsely prove that you possess correct answers to a homework assignment, you can replace the homework-grading program with a new one that contains the malicious program. The new program is still a valid grading program — it produces exactly the same grades as the original grading program. But you can nevertheless feed this program a set of incorrect homework answers and then use the GKR protocol to convince people that the program outputted “correct” when it really outputted “incorrect.”

A reliable random oracle in an adversarial environment should be based on sources of randomness from multiple sources and participants, usually the sources are the participants’ meaningful actions to prevent collusion.

It has been known for quite a while that if the space of inputs being hashed is small, the hashing is relatively useless for most benefits of a true one-way function (eg hashing a phone number in USA).