Formally Certifying the Security of Digital Signature Schemes

Abstract

We present two machine-checked proofs of the existentialunforgeability under adaptive chosen-message attacks of the FullDomain Hash signature scheme. These proofs formalize the originalargument of Bellare and Rogaway, and an optimal reduction by Coronthat provides a tighter bound on the probability of a forgery. Bothproofs are developed using CertiCrypt, a general framework toformalize exact security proofs of cryptographic systems in thecomputational model. Since CertiCrypt is implemented on top of theCoq proof assistant, the proofs are highly trustworthy and can beverified independently and fully automatically.