International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2010: Advances in Cryptology - ASIACRYPT 2010 pp 539-556

# The Semi-Generic Group Model and Applications to Pairing-Based Cryptography

• Tibor Jager
• Andy Rupp
Conference paper

DOI: 10.1007/978-3-642-17373-8_31

Volume 6477 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Jager T., Rupp A. (2010) The Semi-Generic Group Model and Applications to Pairing-Based Cryptography. In: Abe M. (eds) Advances in Cryptology - ASIACRYPT 2010. ASIACRYPT 2010. Lecture Notes in Computer Science, vol 6477. Springer, Berlin, Heidelberg

## Abstract

In pairing-based cryptography the Generic Group Model (GGM) is used frequently to provide evidence towards newly introduced hardness assumptions. Unfortunately, the GGM does not reflect many known properties of bilinear group settings and thus hardness results in this model are of limited significance. This paper proposes a novel computational model for pairing-based cryptography, called the Semi-Generic Group Model (SGGM), that is closer to the standard model and allows to make more meaningful security guarantees. In fact, the best algorithms currently known for solving pairing-based problems are semi-generic in nature. We demonstrate the usefulness of our new model by applying it to study several important assumptions (BDDH, Co-DH). Furthermore, we develop master theorems facilitating an easy analysis of other (future) assumptions. These master theorems imply that (unless there are better algorithms than the semi-generic ones) great parts of the zoo of novel assumptions over bilinear groups are reducible to just two (more or less) standard assumptions over finite fields. Finally, we examine the appropriateness of the SGGM as a tool for analyzing the security of practical cryptosystems without random oracles by applying it to the BLS signature scheme.

### Keywords

Restricted models of computationgeneric groupssemi-generic group modelcryptographic assumptionsmaster theoremsprovable securitypairing-based cryptography