On the Equivalence of Generic Group Models

  • Tibor Jager
  • Jörg Schwenk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5324)

Abstract

The generic group model (GGM) is a commonly used tool in cryptography, especially in the analysis of fundamental cryptographic problems, such as the complexity of the discrete logarithm problem [1,2,3] or the relationship between breaking RSA and factoring integers [4,5,6]. Moreover, the GGM is frequently used to gain confidence in the security of newly introduced computational problems or cryptosystems [7,8,9,10,11]. The GGM serves basically as an idealization of an abstract algebraic group: An algorithm is restricted to basic group operations, such as computing the group law, checking for equality of elements, and possibly additional operations, without being able to exploit any specific property of a given group representation.

Different models formalizing the notion of generic groups have been proposed in the literature. Although all models aim to capture the same notion, it is not obvious that a security proof in one model implies security in the other model. Thus the validity of a proven statement may depend on the choice of the model. In this paper we prove the equivalence of the models proposed by Shoup [2] and Maurer [3].

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes 55(2), 165–172 (1994)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Maurer, U.M.: Abstract models of computation in cryptography. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 1–12. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Damgård, I., Koprowski, M.: Generic lower bounds for root extraction and signature schemes in general groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 256–271. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Leander, G., Rupp, A.: On the equivalence of RSA and factoring regarding generic ring algorithms. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 241–251. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Aggarwal, D., Maurer, U.: Factoring is equivalent to generic RSA. Cryptology ePrint Archive, Report 2008/260 (2008), http://eprint.iacr.org/
  7. 7.
    Schnorr, C.P., Jakobsson, M.: Security of signed elgamal encryption. In: [24], pp. 73–89Google Scholar
  8. 8.
    Smart, N.P.: The exact security of ECIES in the generic group model. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 73–84. Springer, Heidelberg (2001)Google Scholar
  9. 9.
    Brown, D.R.L.: Generic groups, collision resistance, and ECDSA. Des. Codes Cryptography 35(1), 119–152 (2005)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Dent, A.W.: The hardness of the DHK problem in the generic group model. Cryptology ePrint Archive, Report 2006/156 (2006), http://eprint.iacr.org/.
  11. 11.
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptology 21(2), 149–177 (2008)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Shanks, D.: Class number, a theory of factorization, and genera. In: Lewis, D.J. (ed.) 1969 Number Theory Institute. Proceedings of Symposia in Pure Mathematics, Providence, Rhode Island, vol. 20, pp. 415–440. American Mathematical Society (1971)Google Scholar
  15. 15.
    Pollard, J.M.: A Monte Carlo method for factorization. BIT 15, 331–334 (1975)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    Odlyzko, A.M.: Discrete logarithms in finite fields and their cryptographic significance. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 224–314. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  17. 17.
    Fischlin, M.: A note on security proofs in the generic model. In: [24] pp. 458–469Google Scholar
  18. 18.
    Dent, A.W.: Adapting the weaknesses of the random oracle model to the generic group model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 100–109. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete algorithms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 271–281. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Boneh, D., Lipton, R.J.: Algorithms for black-box fields and their application to cryptography (extended abstract). In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Maurer, U.M., Wolf, S.: Lower bounds on generic algorithms in groups. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 72–84. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Altmann, K., Jager, T., Rupp, A.: On black-box ring extraction and integer factorization. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 437–448. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Koblitz, N., Menezes, A.: Another look at generic groups. Advances in Mathematics of Communications 1, 13–28 (2007)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Okamoto, T. (ed.): ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Tibor Jager
    • 1
  • Jörg Schwenk
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumGermany

Personalised recommendations