Sciweavers

ASIACRYPT
2000
Springer

A Note on Security Proofs in the Generic Model

14 years 4 months ago
A Note on Security Proofs in the Generic Model
A discrete-logarithm algorithm is called generic if it does not exploit the specific representation of the cyclic group for which it is supposed to compute discrete logarithms. Such algorithms include the well-known Baby-Step-Giant-Step procedure as well as the PohligHellman algorithm. In particular, these algorithms match a lower bound of Nachaev showing that generic discrete-log algorithms require exponentially many group operations. Building on this lower bound, Shoup and subsequently Schnorr and Jakobsson proved other discrete-log-based protocols to be intractable in the generic model. Here, we discuss pitfalls when applying the generic model to other schemes than the discrete-log problem and when interpreting such lower bounds as security proofs for these schemes.
Marc Fischlin
Added 02 Aug 2010
Updated 02 Aug 2010
Type Conference
Year 2000
Where ASIACRYPT
Authors Marc Fischlin
Comments (0)