A Machine-Checked Formalization of the Generic Model and the Random Oracle Model

  • Gilles Barthe
  • Jan Cederquist
  • Sabrina Tarento
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3097)


Most approaches to the formal analyses of cryptographic protocols make the perfect cryptography assumption, i.e. the hypothese that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to rely on a weaker hypothesis on the computational cost of gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by the Generic Model and the Random Oracle Model which provide non-standard computational models in which one may reason about the computational cost of breaking a cryptographic scheme. Using the proof assistant Coq, we provide a machine-checked account of the Generic Model and the Random Oracle Model.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Blanchet, B.: Secrecy types for asymmetric communication. Theoretical Computer Science 298(3), 387–415 (2003)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M., Needham, R.M.: Prudent engineering practice for cryptographic protocols. Transactions on Software Engineering 22(1), 6–15 (1996)CrossRefGoogle Scholar
  3. 3.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)MATHMathSciNetGoogle Scholar
  4. 4.
    Bailey, A.: Representing Algebra in LEGO. Master’s thesis, University of Edinburgh (1993)Google Scholar
  5. 5.
    Barendregt, H., Geuvers, H.: Proof assistants using dependent type systems. In: Robinson, A., Voronkov, A. (eds.) Handbook of Automated Reasoning, ch. 18. vol. II, pp. 1149–1238. Elsevier Publishing, Amsterdam (2001)CrossRefGoogle Scholar
  6. 6.
    Bella, G., Massacci, F., Paulson, L.C.: Verifying the set registration protocols. IEEE Journal on Selected Areas in Communications 21, 77–87 (2003)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, November 1993, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  8. 8.
    Bolignano, D.: Towards a mechanization of cryptographic protocol verification. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 131–142. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Brown, D.: Generic groups, collision resistance, and ecdsa (2002), Available from http://eprint.iacr.org/2002/026/
  10. 10.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Proceedings of STOC 1998, pp. 209–218. ACM Press, New York (1998)Google Scholar
  12. 12.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP Decision Procedure for Protocol Insecurity with XOR. In: Proceedings of LICS 2003, pp. 261–270. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  13. 13.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proceedings of LICS 2003, pp. 271–280. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  14. 14.
    Coq Development Team. The Coq Proof Assistant User’s Guide. Version 7.4 (February 2003) Google Scholar
  15. 15.
    Dent, A.W.: Adapting theWeaknesses of the Random Oracle Model to the Generic Group Model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 100–109. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Bouchon, B., Yager, R.R. (eds.) Uncertainty in Knowledge-Based Systems. LNCS, vol. 286, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  17. 17.
    Gordon, A., Jeffrey, A.: Authenticity by typing for security protocols. In: Proceedings of CSFW 2001, pp. 145–159. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  18. 18.
    Harrison, J.: Theorem Proving with the Real Numbers. Distinguished Dissertations. Springer, Heidelberg (1998)Google Scholar
  19. 19.
    Hurd, J.: Formal Verification of Probabilistic Algorithms. PhD thesis, University of Cambridge (2002)Google Scholar
  20. 20.
    Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Meadows, C.: The nrl protocol analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)MATHCrossRefGoogle Scholar
  22. 22.
    Meadows, C.: Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: Proceedings of SOSP 1999, pp. 216–233. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  23. 23.
    Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, p. 21. Springer, Heidelberg (2001)Google Scholar
  24. 24.
    Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes 55(2), 165–172 (1994)CrossRefMathSciNetGoogle Scholar
  25. 25.
    Nedzusiak, A.: σ-fields and probability. Journal of Formalized Mathematics 1 (1989)Google Scholar
  26. 26.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1/2), 85–128 (1998)Google Scholar
  27. 27.
    Schnorr, C.-P.: Security of Blind Discrete Log Signatures against Interactive Attacks. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 1–12. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Schnorr, C.-P., Jakobsson, M.: Security of Signed ElGamal Encryption. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 73–89. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  29. 29.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  30. 30.
    Smart, N.: The exact security of ecies in the generic group model. In: Honary, B. (ed.) Cryptography and Coding, pp. 73–84. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  31. 31.
    Stern, J.: Why provable security matters? In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 449–461. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Gilles Barthe
    • 1
  • Jan Cederquist
    • 2
  • Sabrina Tarento
    • 1
  1. 1.INRIA Sophia-AntipolisFrance
  2. 2.CWIAmsterdamThe Netherlands

Personalised recommendations