This is a very good explanation. I have a couple questions though:Is the chain-length of 100 arbitrary, or is there an optimal length of these chains?How many times would you run ORATION through the one-way function and compare it to your rainbow table before you decide it's not in the table?

 >Is the chain-length of 100 arbitrary, or is there an optimal length of these chains?100 is the compression ratio. If you make chains of length 100 then you can compress the dictionary 100:1. If you make the chains of length 1000 then you can compress 1000:1 but you have to do 1000 operations for each lookup instead of 100. It's a trade off.> How many times would you run ORATION through the one-way function and compare it to your rainbow table before you decide it's not in the table?You presumably know the length of the chains your table used, so if you go through the entire length without finding it then you'll know it really isn't in the table (e.g. Alice just provided a random word instead of one which was the output of the hash function and it turns out no dictionary word leads to the one she provided).
 If I wanted to compress 100:1, how would I select which words would be the "heads" of my chains?Choose every 100 words in the dictionary?Is there a risk of not getting complete coverage? Example: I keep applying the one-way function to the ciphertext, but the result is never an endpoint of one of my precomputed chains.