Sufficient Conditions for Intractability over Black-Box Groups: Generic Lower Bounds for Generalized DL and DH Problems

  • Andy Rupp
  • Gregor Leander
  • Endre Bangerter
  • Alexander W. Dent
  • Ahmad-Reza Sadeghi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5350)


The generic group model is a valuable methodology for analyzing the computational hardness of number-theoretic problems used in cryptography. Although generic hardness proofs exhibit many similarities, still the computational intractability of every newly introduced problem needs to be proven from scratch, a task that can easily become complicated and cumbersome when done rigorously. In this paper we make the first steps towards overcoming this problem by identifying criteria which guarantee the hardness of a problem in an extended generic model where algorithms are allowed to perform any operation representable by a polynomial function.


Generic Group Model Straight-Line Programs Hardness Conditions Lower Bounds 


  1. 1.
    Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes 55(2), 165–172 (1994)MathSciNetCrossRefMATHGoogle Scholar
  2. 2.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Damgård, I., Koprowski, M.: Generic lower bounds for root extraction and signature schemes in general groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 256–271. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Dent, A.W.: Adapting the weaknesses of the random oracle model to the generic group model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 100–109. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Boneh, D.: Number-theoretic assumptions. TCC’s Special Session on Assumptions for Cryptography (2007) (Invited Talk)Google Scholar
  8. 8.
    Kiltz, E.: A tool box of cryptographic functions related to the Diffie-Hellman function. In: Pandu Rangan, C., Ding, C. (eds.) INDOCRYPT 2001. LNCS, vol. 2247, pp. 339–350. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X., Goh, E.: Hierarchical identity based encryption with constant size ciphertext (full paper). Cryptology ePrint Archive, Report 2005/015 (2005),
  10. 10.
    Bresson, E., Lakhnech, Y., Mazaré, L., Warinschi, B.: A generalization of DDH with applications to protocol analysis and computational soundness. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 482–499. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Sadeghi, A., Steiner, M.: Assumptions related to discrete logarithms: Why subtleties make a real difference. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 244–260. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Rupp, A., Leander, G., Bangerter, E., Dent, A.W., Sadeghi, A.R.: Sufficient conditions for intractability over black-box groups: Generic lower bounds for generalized DL and DH problems (full version). Cryptology ePrint Archive, Report 2007/360 (2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Andy Rupp
    • 1
  • Gregor Leander
    • 1
  • Endre Bangerter
    • 2
  • Alexander W. Dent
    • 3
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityGermany
  2. 2.Bern University of Applied SciencesSwitzerland
  3. 3.Royal HollowayUniversity of LondonUnited Kingdom

Personalised recommendations