Verified Indifferentiable Hashing into Elliptic Curves

摘要

Many cryptographic systems based on elliptic curves are proven se cure in the Random Oracle Model, assuming there exist probabilistic functions that map elements in some domain (e.g. bitstrings) onto uniformly and indepen dently distributed points in a curve. When implementing such systems, and in order for the proof to carry over to the implementation, those mappings must be instantiated with concrete constructions whose behavior does not deviate signif icantly from random oracles. In contrast to other approaches to public-key cryp tography, where candidates to instantiate random oracles have been known for some time, the first generic construction for hashing into ordinary elliptic curves indifferentiable from a random oracle was put forward only recently by Brier et al. We present a machine-checked proof of this construction. The proof is based on an extension of the CertiCrypt framework with logics and mechanized tools for reasoning about approximate forms of observational equivalence, and inte grates mathematical libraries of group theory and elliptic curves.