Formally Certifying the Security of Digital Signature Schemes

30th IEEE Symposium on Security and Privacy, S&P 2009 |

Published by IEEE Computer Society

Publication

We present two machine-checked proofs of the existential unforgeability under adaptive chosen-message attacks of the full domain hash signature scheme. These proofs formalize the original argument of Bellare and Rogaway, and an optimal reduction by Coron that provides a tighter bound on the probability of a forgery. Both proofs are developed using CertiCrypt, a general framework to formalize exact security proofs of cryptographic systems in the computational model. Since CertiCrypt is implemented on top of theCoq proof assistant, the proofs are highly trustworthy and can beverified independently and fully automatically.