Security of Discrete Log Cryptosystems in theRandom Oracle + Generic ModelClaus

Based on a novel proof model we prove security for simple discrete log cryptosystems for which security has been an open problem. We consider a combination of the random oracle (RO) model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we rst show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including`sequential interactions with the signer cannot producè+1 signatures with a better probability than ? t 2 =q. We also characterize the diierent power of sequential and of parallel attacks. Secondly, we prove a simple ElGamal based encryption to be secure against the adap-tive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. This encryption scheme is also shown to be secure against the one-more decryption attack: A generic adversary performing t generic steps includingìnteractions with the decryption oracle cannot distinguish the plaintexts of`+ 1 ciphertexts from random strings with a probability exceeding ? t 2 =q.