On the Equivalence of Generic Group Models
- 537 Downloads
The generic group model (GGM) is a commonly used tool in cryptography, especially in the analysis of fundamental cryptographic problems, such as the complexity of the discrete logarithm problem [1,2,3] or the relationship between breaking RSA and factoring integers [4,5,6]. Moreover, the GGM is frequently used to gain confidence in the security of newly introduced computational problems or cryptosystems [7,8,9,10,11]. The GGM serves basically as an idealization of an abstract algebraic group: An algorithm is restricted to basic group operations, such as computing the group law, checking for equality of elements, and possibly additional operations, without being able to exploit any specific property of a given group representation.
Different models formalizing the notion of generic groups have been proposed in the literature. Although all models aim to capture the same notion, it is not obvious that a security proof in one model implies security in the other model. Thus the validity of a proven statement may depend on the choice of the model. In this paper we prove the equivalence of the models proposed by Shoup  and Maurer .
KeywordsGroup Element Success Probability Discrete Logarithm Discrete Logarithm Problem Security Proof
Unable to display preview. Download preview PDF.
- 2.Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
- 6.Aggarwal, D., Maurer, U.: Factoring is equivalent to generic RSA. Cryptology ePrint Archive, Report 2008/260 (2008), http://eprint.iacr.org/
- 7.Schnorr, C.P., Jakobsson, M.: Security of signed elgamal encryption. In: , pp. 73–89Google Scholar
- 8.Smart, N.P.: The exact security of ECIES in the generic group model. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 73–84. Springer, Heidelberg (2001)Google Scholar
- 10.Dent, A.W.: The hardness of the DHK problem in the generic group model. Cryptology ePrint Archive, Report 2006/156 (2006), http://eprint.iacr.org/.
- 14.Shanks, D.: Class number, a theory of factorization, and genera. In: Lewis, D.J. (ed.) 1969 Number Theory Institute. Proceedings of Symposia in Pure Mathematics, Providence, Rhode Island, vol. 20, pp. 415–440. American Mathematical Society (1971)Google Scholar
- 17.Fischlin, M.: A note on security proofs in the generic model. In:  pp. 458–469Google Scholar
- 19.Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete algorithms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 271–281. Springer, Heidelberg (1994)Google Scholar
- 20.Boneh, D., Lipton, R.J.: Algorithms for black-box fields and their application to cryptography (extended abstract). In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297. Springer, Heidelberg (1996)Google Scholar