Verified indifferentiable hashing into elliptic curves

Authors:
Gilles Barthe;Benjamin Grégoire;Sylvain Heraud;Federico Olmedo;Santiago Zanella Béguelin
Affiliations:
IMDEA Software Institute, Madrid, Spain;INRIA Sophia Antipolis-Méditerranée, France;INRIA Sophia Antipolis-Méditerranée, France;IMDEA Software Institute, Madrid, Spain;IMDEA Software Institute, Madrid, Spain
Venue:
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Year:
2012

Citing 25
Cited 3

Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The random oracle methodology, revisited

Journal of the ACM (JACM)
Short Signatures from the Weil Pairing

Journal of Cryptology
Approximated Computationally Bounded Simulation Relations for Probabilistic Automata

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Approximate non-interference

Journal of Computer Security - Special issue on WITS'02
A static analysis for quantifying information flow in a simple imperative language

Journal of Computer Security
Formal certification of code-based cryptographic proofs

Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Computational Introduction to Number Theory and Algebra

A Computational Introduction to Number Theory and Algebra
On the Foundations of Quantitative Information Flow

FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Proofs of randomized algorithms in Coq

Science of Computer Programming
How to Hash into Elliptic Curves

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
A modular formalisation of finite group theory

TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Primality proving with elliptic curves

TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
A Machine-Checked Formalization of Sigma-Protocols

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Efficient indifferentiable hashing into ordinary elliptic curves

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
A certifying compiler for zero-knowledge proofs of knowledge based on Σ-protocols

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Hyperproperties

Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Some observations on indifferentiability

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Deterministic encoding and hashing to odd hyperelliptic curves

Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Careful with composition: limitations of the indifferentiability framework

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Computer-aided security proofs for the working cryptographer

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Differential privacy

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Probabilistic relational reasoning for differential privacy

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Construction of rational points on elliptic curves over finite fields

ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Merkle-Damgård revisited: how to construct a hash function

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology

Full proof cryptography: verifiable compilation of efficient zero-knowledge protocols

Proceedings of the 2012 ACM conference on Computer and communications security
Indifferentiable hashing to barreto---naehrig curves

LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Verified indifferentiable hashing into elliptic curves

Journal of Computer Security - Security and Trust Principles

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many cryptographic systems based on elliptic curves are proven secure in the Random Oracle Model, assuming there exist probabilistic functions that map elements in some domain (e.g. bitstrings) onto uniformly and independently distributed points in a curve. When implementing such systems, and in order for the proof to carry over to the implementation, those mappings must be instantiated with concrete constructions whose behavior does not deviate significantly from random oracles. In contrast to other approaches to public-key cryptography, where candidates to instantiate random oracles have been known for some time, the first generic construction for hashing into ordinary elliptic curves indifferentiable from a random oracle was put forward only recently by Brier et al. We present a machine-checked proof of this construction. The proof is based on an extension of the CertiCrypt framework with logics and mechanized tools for reasoning about approximate forms of observational equivalence, and integrates mathematical libraries of group theory and elliptic curves.