Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups

  • David Mandell Freeman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6110)

Abstract

We develop an abstract framework that encompasses the key properties of bilinear groups of composite order that are required to construct secure pairing-based cryptosystems, and we show how to use prime-order elliptic curve groups to construct bilinear groups with the same properties. In particular, we define a generalized version of the subgroup decision problem and give explicit constructions of bilinear groups in which the generalized subgroup decision assumption follows from the decision Diffie-Hellman assumption, the decision linear assumption, and/or related assumptions in prime-order groups.

We apply our framework and our prime-order group constructions to create more efficient versions of cryptosystems that originally required composite-order groups. Specifically, we consider the Boneh-Goh-Nissim encryption scheme, the Boneh-Sahai-Waters traitor tracing system, and the Katz-Sahai-Waters attribute-based encryption scheme. We give a security theorem for the prime-order group instantiation of each system, using assumptions of comparable complexity to those used in the composite-order setting. Our conversion of the last two systems to prime-order groups answers a problem posed by Groth and Sahai.

Keywords

pairing-based cryptography composite-order groups cryptographic hardness assumptions 

References

  1. 1.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management — Part 1: General (revised). NIST Special Pub. 800-57 (2007)Google Scholar
  2. 2.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Boyen, X., Waters, B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1–15. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33, 167–226 (2003)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Duquesne, S., Lange, T.: Pairing-based cryptography. In: Handbook of Elliptic and Hyperelliptic Curve Cryptography, pp. 573–590. Chapman & Hall/CRC, Boca Raton (2006)Google Scholar
  9. 9.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. Journal of Cryptology 23, 224–280 (2010)MATHCrossRefGoogle Scholar
  10. 10.
    Freeman, D.M.: Converting pairing-based protocols from composite-order groups to prime-order groups. Cryptology ePrint Archive, Report 2009/540 (2009), http://eprint.iacr.org/2009/540
  11. 11.
    Galbraith, S., Verheul, E.: An analysis of the vector decomposition problem. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 308–327. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Gjøsteen, K.: Subgroup membership problems and public key cryptosystems. Ph.D. dissertation, Norwegian University of Science and Technology (2004), http://ntnu.diva-portal.org/smash/get/diva2:121977/FULLTEXT01
  13. 13.
    Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339–358. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008), http://eprint.iacr.org/2007/404 CrossRefGoogle Scholar
  17. 17.
    Lewko, A., Waters, B.: New techniques for dual system encryption and fully secure HIBE with short ciphertexts. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 455–479. Springer, Heidelberg (2010)Google Scholar
  18. 18.
    Scott, M.: Personal communication (February 17, 2009)Google Scholar
  19. 19.
    Shacham, H.: A Cramer-Shoup encryption scheme from the Linear assumption and from progressively weaker Linear variants. Cryptology ePrint Archive, Report 2007/074 (2007), http://eprint.iacr.org/2007/074
  20. 20.
    Shacham, H., Waters, B.: Efficient ring signatures without random oracles. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 166–180. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Waters, B.: Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Yoshida, M.: Inseparable multiplex transmission using the pairing on elliptic curves and its application to watermarking. In: Proc. 5th Conf. on Algebraic Geometry, Number Theory, Coding Theory and Cryptography, Univ. of Tokyo (2003), http://www.math.uiuc.edu/~duursma/pub/yoshida_paper.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • David Mandell Freeman
    • 1
  1. 1.Stanford UniversityUSA

Personalised recommendations