TY  - CHAP
A1  - Schnorr, Claus Peter
A1  - Jakobsson, Markus
A2  - Odlyzko, Andrew M.
A2  - Walsh, Gary
A2  - Williams, Hugh
T1  - Security of discrete log cryptosystems in the random oracle and the generic model
N2  - We introduce novel security proofs that use combinatorial counting arguments rather than reductions to the discrete logarithm or to the Diffie-Hellman problem. Our security results are sharp and clean with no polynomial reduction times involved. We consider a combination of the random oracle model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we first show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including l sequential interactions with the signer cannot produce l+1 signatures with a better probability than (t 2)/q. We also characterize the different power of sequential and of parallel attacks. Secondly, we prove signed ElGamal encryption is secure against the adaptive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. Moreover, signed ElGamal encryption is secure against the one-more decryption attack: A generic adversary performing t generic steps including l interactions with the decryption oracle cannot distinguish the plaintexts of l + 1 ciphertexts from random strings with a probability exceeding (t 2)/q.
Y1  - 2000
UR  - http://publikationen.ub.uni-frankfurt.de/frontdoor/index/index/docId/4256
UR  - https://nbn-resolving.org/urn:nbn:de:hebis:30-12261
N1  - Erschienen in: Andrew M. Odlyzko ; Gary Walsh ; Hugh Williams (Hrsg.): Conference on the mathematics of public key cryptography, Toronto, Ontariothe : Fields Institute for Research in the Mathematical Sciences, 1999
SP  - 1
EP  - 15
ER  -