A Machine-Checked Formalization of the Random Oracle Model
Most approaches to the formal analysis of cryptography protocols make the perfect cryptographic assumption, which entails for example that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to abandon the perfect cryptography hypothesis and reason about the computational cost of breaking a cryptographic scheme by achieving such goals as gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by non-standard computational models such as the Generic Model and the Random Oracle Model. Using the proof assistant Coq, we provide a machine-checked account of the Generic Model and the Random Oracle Model. We exploit this framework to prove the security of the ElGamal cryptosystem against adaptive chosen ciphertexts attacks.
KeywordsHash Function Random Oracle Proof Assistant Security Proof Random Oracle Model
Unable to display preview. Download preview PDF.
- 6.Brown, D.: Generic Groups, Collision Resistance, and ECDSA (2002), Available from: http://eprint.iacr.org/2002/026/
- 7.Coq Development Team. The Coq Proof Assistant User’s Guide. Version 8.0 (January 2004)Google Scholar
- 9.Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
- 12.Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
- 13.Schneier, B.: Applied Cryptography, 2nd edn. John Wiley & Sons, Chichester (1996)Google Scholar
- 16.Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar