Paper 2006/230

Another Look at Generic Groups

Neal Koblitz and Alfred Menezes


Starting with Shoup's seminal paper [24], the generic group model has been an important tool in reductionist security arguments. After an informal explanation of this model and Shoup's theorem, we discuss the danger of flaws in proofs. We next describe an ontological difference between the generic group assumption and the random oracle model for hash functions. We then examine some criticisms that have been leveled at the generic group model and raise some questions of our own.

Available format(s)
Publication info
Published elsewhere. Also available at
Contact author(s)
ajmeneze @ uwaterloo ca
2011-08-15: last of 2 revisions
2006-07-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Neal Koblitz and Alfred Menezes},
      title = {Another Look at Generic Groups},
      howpublished = {Cryptology ePrint Archive, Paper 2006/230},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.