language-icon Old Web
English
Sign In

Generic group model

The generic group model is an idealised cryptographic model, where the adversary is only given access to a randomly chosen encoding of a group, instead of efficient encodings, such as those used by the finite field or elliptic curve groups used in practice. The generic group model is an idealised cryptographic model, where the adversary is only given access to a randomly chosen encoding of a group, instead of efficient encodings, such as those used by the finite field or elliptic curve groups used in practice. The model includes an oracle that executes the group operation. This oracle takes two encodings of group elements as input and outputs an encoding of a third element. If the group should allow for a pairing operation this operation would be modeled as an additional oracle. One of the main uses of the generic group model is to analyse computational hardness assumptions. An analysis in the generic group model can answer the question: 'What is the fastest generic algorithm for breaking a cryptographic hardness assumption'. A generic algorithm is an algorithm that only makes use of the group operation, and does not consider the encoding of the group. This question was answered for the discrete logarithm problem by Victor Shoup using the generic group model. Other results in the generic group model are for instance. The model can also be extended to other algebraic structures like rings. The generic group model suffers from some of the same problems as the random oracle model. In particular, it has been shown using a similar argument that there exist cryptographic schemes which are provably secure in the generic group model but which are trivially insecure once the random group encoding is replaced with an efficiently computable instantiation of the encoding function.

[ "Random oracle" ]
Parent Topic
Child Topic
    No Parent Topic