Generic group model explained

The generic group model[1] [2] is an idealised cryptographic model, where the adversary is only given access to a randomly chosen encoding of a group, instead of efficient encodings, such as those used by the finite field or elliptic curve groups used in practice.

The model includes an oracle that executes the group operation. This oracle takes two encodings of group elements as input and outputs an encoding of a third element. If the group should allow for a pairing operation this operation would be modeled as an additional oracle.

One of the main uses of the generic group model is to analyse computational hardness assumptions. An analysis in the generic group model can answer the question: "What is the fastest generic algorithm for breaking a cryptographic hardness assumption". A generic algorithm is an algorithm that only makes use of the group operation, and does not consider the encoding of the group. This question was answered for the discrete logarithm problem by Victor Shoup using the generic group model.[1] Other results in the generic group model are for instance.[3] The model can also be extended to other algebraic structures like rings.[4]

The generic group model suffers from some of the same problems as the random oracle model. In particular, it has been shown[5] using a similar argument[6] that there exist cryptographic schemes which are provably secure in the generic group model but which are trivially insecure once the random group encoding is replaced with an efficiently computable instantiation of the encoding function.

Notes and References

  1. . Lower bounds for discrete logarithms and related problems . Advances in Cryptology – Eurocrypt ’97 . Lecture Notes in Computer Science . 1233 . 256–266 . Springer-Verlag . 1997 . 2010-04-09.
  2. Ueli Maurer . [ftp://ftp.inf.ethz.ch/pub/crypto/publications/Maurer05.pdf Abstract models of computation in cryptography ]. 10th IMA Conference On Cryptography and Coding . Lecture Notes in Computer Science . 2796 . 1–12 . Springer-Verlag . 2005 . https://web.archive.org/web/20170706135627/ftp://ftp.inf.ethz.ch/pub/crypto/publications/Maurer05.pdf . dead . 2017-07-06 . 2007-11-01.
  3. Ueli M. Maurer, Stefan Wolf: Lower Bounds on Generic Algorithms in Groups. EUROCRYPT 1998: 72-84
  4. Divesh Aggarwal, Ueli Maurer: Breaking RSA Generically Is Equivalent to Factoring. EUROCRYPT 2009:36-53
  5. Alexander W. Dent: Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model. ASIACRYPT 2002: 100-109
  6. Ran Canetti, Oded Goldreich and Shai Halevi, The Random Oracle Methodology Revisited, STOC 1998, pp. 209 - 218 (PS and PDF).