Machine-checked verification of digital signature schemes in EasyCrypt

Student thesis: Doctoral ThesisDoctor of Philosophy (PhD)


The signature schemes based on the discrete logarithm problem often suffer from their length. Their security reduction usually involves either rewinding [1] (leading to looseness) or complex reasoning (requiring non-standard assumptions) [2, 3, 4, 5]. At EURO CRYPT ‘03, Goh and Jarecki presented a signature scheme (EDL), a discrete logarithm-based scheme with tight security in the random oracle model. The EDL signature size is lengthier than the traditional ones (more exponentiations). At CRYPTO ‘05, Chevallier-Mames proposed a new signature scheme (CM) where he shortened the size of the EDL scheme. The scheme benefitted from a tight discrete logarithm-based reduction in the random oracle model. Later in 2007, Goh, Jarecki, Katz and Wang [6] (GJKW) proposed an efficient signature scheme, and the scheme is also a discrete logarithm based scheme with tight security. Moreover, the last two decades have witnessed that the cryptographic proofs in the provable security are complicated and only focus on algorithmic definitions rather than the implementation, which automatically increases vulnerabilities. The gap between cryptographic engineering and provable security can be addressed with machine-checked frameworks.

This thesis aims to formalise and presents the first machine-checked security proofs of three digital signatures (EDL, CM and GJKW) and shows that the schemes are the first discrete logarithm-based schemes with tight security, produced using EasyCrypt proof assistant. Although the pen and paper proofs of all three schemes have differences, the core principles that make them secure in EasyCrypt are the same as the EasyCrypt formalisation allows one to identify the proof principles. This research shows that proofs extracted from all three signature schemes have a generic proof structure and also have the technique of reducing the local proof effort. One can adopt the technique and the proof pattern to other related existing or new constructions of discrete logarithm-based schemes to obtain proof of tight security.
Date of Award21 Mar 2023
Original languageEnglish
Awarding Institution
  • The University of Bristol
SupervisorFrançois Dupressoir (Supervisor)


  • Machine-checked proofs
  • Formal verification
  • EasyCrypt Proof assistant
  • Digital signature scheme
  • CDH assumption
  • Tight security

Cite this