International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 2010: Advances in Cryptology - ASIACRYPT 2010 pp 283-302

On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields

  • Robert Granger
Conference paper

DOI: 10.1007/978-3-642-17373-8_17

Volume 6477 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Granger R. (2010) On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields. In: Abe M. (eds) Advances in Cryptology - ASIACRYPT 2010. ASIACRYPT 2010. Lecture Notes in Computer Science, vol 6477. Springer, Berlin, Heidelberg

Abstract

We show that for any elliptic curve \(E(\mathbb{F}_{q^n})\), if an adversary has access to a Static Diffie-Hellman Problem (Static DHP) oracle, then by making \(O(q^{1-\frac{1}{n+1}})\) Static DHP oracle queries during an initial learning phase, for fixed n > 1 and q → ∞ the adversary can solve any further instance of the Static DHP in heuristic time \(\tilde{O}(q^{1-\frac{1}{n+1}})\). Our proposal also solves the Delayed Target DHP as defined by Freeman, and naturally extends to provide algorithms for solving the Delayed Target DLP, the One-More DHP and One-More DLP, as studied by Koblitz and Menezes in the context of Jacobians of hyperelliptic curves of small genus. We also argue that for any group in which index calculus can be effectively applied, the above problems have a natural relationship, and will always be easier than the DLP. While practical only for very small n, our algorithm reduces the security provided by the elliptic curves defined over \(\mathbb{F}_{p^2}\) and \(\mathbb{F}_{p^4}\) proposed by Galbraith, Lin and Scott at EUROCRYPT 2009, should they be used in any protocol where a user can be made to act as a proxy Static DHP oracle, or if used in protocols whose security is related to any of the above problems.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2010

Authors and Affiliations

  • Robert Granger
    • 1
  1. 1.Claude Shannon Institute, School of ComputingDublin City UniversityDublin 9Ireland