Easy decision-Diffie-Hellman groups
نویسندگان
چکیده
The decision-Diffie-Hellman problem (DDH) is a central computational problem in cryptography. It is already known that the Weil and Tate pairings can be used to solve many DDH problems on elliptic curves. A natural question is whether all DDH problems are easy on supersingular curves. To answer this question it is necessary to have suitable distortion maps. Verheul states that such maps exist, and this paper gives an algorithm to construct them. The paper therefore shows that all DDH problems on the supersingular elliptic curves used in practice are easy. We also discuss the issue of which DDH problems on ordinary curves are easy.
منابع مشابه
Diffie-Hellman type key exchange protocols based on isogenies
In this paper, we propose some Diffie-Hellman type key exchange protocols using isogenies of elliptic curves. The first method which uses the endomorphism ring of an ordinary elliptic curve $ E $, is a straightforward generalization of elliptic curve Diffie-Hellman key exchange. The method uses commutativity of the endomorphism ring $ End(E) $. Then using dual isogenies, we propose...
متن کاملEfficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-group signature scheme
We propose a robust proactive threshold signature scheme, a multisignature scheme and a blind signature scheme which work in any Gap Diffie-Hellman (GDH) group (where the Computational Diffie-Hellman problem is hard but the Decisional Diffie-Hellman problem is easy). Our constructions are based on the recently proposed GDH signature scheme of Boneh et al. [BLS]. Due to the instrumental structur...
متن کاملConstructing Elliptic Curves with Prescribed Embedding Degrees
Pairing-based cryptosystems depend on the existence of groups where the Decision Diffie-Hellman problem is easy to solve, but the Computational Diffie-Hellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree for most ellipti...
متن کاملIrreducibility to the One-More Evaluation Problems: More May Be Less
For a random-self-reducible function, the evaluation problem is irreducible to the one-moreevaluation problem, in the following sense. An irreduction algorithm exists that, given a re-duction algorithm from the evaluation to the one-more evaluation problem, solves a separatorproblem: the evaluation problem itself. Another irreduction shows that if the computationalDiffie-Hellman...
متن کاملThreshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme
We propose a robust proactive threshold signature scheme, a multisignature scheme and a blind signature scheme which work in any Gap Diffie-Hellman (GDH) group (where the Computational DiffieHellman problem is hard but the Decisional Diffie-Hellman problem is easy). Our constructions are based on the recently proposed GDH signature scheme of Boneh et al. [8]. Due to the instrumental structure o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2004 شماره
صفحات -
تاریخ انتشار 2004