Proving the security of ElGamal encryption via indistinguishability logic

Correctness of cryptosystems is in many cases an important prerequisite for trusting security relevant systems. Even cryptosystems with tiny specifications are often hard for humans to understand. It can be difficult to reason about them and to convince oneself that distinct security properties do indeed hold. Even mathematical "proofs" - carried out with paper and pencil - which are intended to show the strength of a cryptosystem with respect to some attacker model have turned out to be error prone. In this paper we address the problem of establishing trusted properties of cryptosystems. We report on proving the security of the ElGamal and Hashed ElGamal encryption schemes within Coq. Security is shown with respect to Real-orRandom chosen plaintext attacks (ROR-CPA). This work is a prototypical case study for a novel approach: having defined a framework for the specification of cryptographic processes and general rules for decomposing cryptographic proofs into smaller units we use this framework to specify the involved schemes and attack model. The defined rules are used to represent the overall security proof layout. They are proven sound with respect to basic mathematical properties. To achieve a formal security proof remaining goals are proven by special tactics or in an interactive way using the basic mathematical properties