Cryptology ePrint Archive: Report 2021/448

On the Memory-Tightness of Hashed ElGamal

Ashrujit Ghoshal and Stefano Tessaro

Abstract: We study the memory-tightness of security reductions in public-key cryptography, focusing in particular on Hashed ElGamal. We prove that any straightline (i.e., without rewinding) black-box reduction needs memory which grows linearly with the number of queries of the adversary it has access to, as long as this reduction treats the underlying group generically. This makes progress towards proving a conjecture by Auerbach et al. (CRYPTO 2017), and is also the first lower bound on memory-tightness for a concrete cryptographic scheme (as opposed to generalized reductions across security notions). Our proof relies on compression arguments in the generic group model.

Category / Keywords: public-key cryptography / Public-key cryptography, memory-tightness, lower bounds, generic group model, foundations, compression arguments

Original Publication (with major differences): IACR-EUROCRYPT-2020

Date: received 6 Apr 2021

Contact author: ashrujit at cs washington edu

Available format(s): PDF | BibTeX Citation

Version: 20210408:122227 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]