On the (Im)possibility of Projecting Property in Prime-Order Setting

نویسنده

  • Jae Hong Seo
چکیده

Projecting bilinear pairings have frequently been used for designing cryptosystems since they were first derived from composite order bilinear groups. There have been only a few studies on the (im)possibility of projecting bilinear pairings. Groth and Sahai showed that projecting bilinear pairings can be achieved in the prime-order group setting. They constructed both projecting asymmetric bilinear pairings and projecting symmetric bilinear pairings, where a bilinear pairing e is symmetric if it satisfies e(g, h) = e(h, g) for any group elements g and h; otherwise, it is asymmetric. In this paper, we provide impossibility results on projecting bilinear pairings in a prime-order group setting. More precisely, we specify the lower bounds of 1. the image size of a projecting asymmetric bilinear pairing 2. the image size of a projecting symmetric bilinear pairing 3. the computational cost for a projecting asymmetric bilinear pairing 4. the computational cost for a projecting symmetric bilinear pairing in a prime-order group setting naturally induced from the k-linear assumption, where the computational cost means the number of generic operations. Our lower bounds regarding a projecting asymmetric bilinear pairing are tight, i.e., it is impossible to construct a more efficient projecting asymmetric bilinear pairing than the constructions of Groth-Sahai and Freeman. However, our lower bounds regarding a projecting symmetric bilinear pairing differ from Groth and Sahai’s results regarding a symmetric bilinear pairing results; We fill these gaps by constructing projecting symmetric bilinear pairings. In addition, on the basis of the proposed symmetric bilinear pairings, we construct more efficient instantiations of cryptosystems that essentially use the projecting symmetric bilinear pairings in a modular fashion. Example applications include new instantiations of the Boneh-Goh-Nissim cryptosystem, the Groth-Sahai non-interactive proof system, and SeoCheon round optimal blind signatures proven secure under the DLIN assumption. These new instantiations are more efficient than the previous ones, which are also provably secure under the DLIN assumption. These applications are of independent interest.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Beyond the Limitation of Prime-Order Bilinear Groups, and Round Optimal Blind Signatures

At Eurocrypt 2010, Freeman proposed a transformation from pairing-based schemes in composite-order bilinear groups to equivalent ones in prime-order bilinear groups. His transformation can be applied to pairing-based cryptosystems exploiting only one of two properties of composite-order bilinear groups: cancelling and projecting. At Asiacrypt 2010, Meiklejohn, Shacham, and Freeman showed that p...

متن کامل

A Characterization of the Suzuki Groups by Order and the Largest Elements Order

One of the important problems in group theory is characterization of a group by a given property, that is, to prove there exist only one group with a given property. Let  be a finite group. We denote by  the largest order of elements of . In this paper, we prove that some Suzuki groups are characterizable by order and the largest order of elements. In fact, we prove that if  is a group with  an...

متن کامل

A Profitable Sub-prime Loan: Obtaining the Advantages of Composite Order in Prime-Order Bilinear Groups

Composite-order bilinear groups provide many structural features that are useful for both constructing cryptographic primitives and enabling security reductions. Despite these convenient features, however, composite-order bilinear groups are less desirable than prime-order bilinear groups for reasons of both efficiency and security. A recent line of work has therefore focused on translating the...

متن کامل

New characterization of some linear ‎groups‎

‎There are a few finite groups that are determined up to isomorphism solely by their order, such as $mathbb{Z}_{2}$ or $mathbb{Z}_{15}$. Still other finite groups are determined by their order together with other data, such as the number of elements of each order, the structure of the prime graph, the number of order components, the number of Sylow $p$-subgroups for each prime $p$, etc. In this...

متن کامل

A NEW PROOF OF THE PERSISTENCE PROPERTY FOR IDEALS IN DEDEKIND RINGS AND PR¨UFER DOMAINS

In this paper, by using elementary tools of commutative algebra,we prove the persistence property for two especial classes of rings. In fact, thispaper has two main sections. In the first main section, we let R be a Dedekindring and I be a proper ideal of R. We prove that if I1, . . . , In are non-zeroproper ideals of R, then Ass1(Ik11 . . . Iknn ) = Ass1(Ik11 ) [ · · · [ Ass1(Iknn )for all k1,...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2013  شماره 

صفحات  -

تاریخ انتشار 2012