Hidden Pairings and Trapdoor DDH Groups
This paper suggests a new building block for cryptographic protocols and gives two instantiations of it. The concept is to generate two descriptions of the same group: a public description that allows a user to perform group operations, and a private description that allows a user to also compute a bilinear pairing on the group. A user who has the private information can therefore solve decisional Diffie-Hellman (DDH) problems, and potentially also discrete logarithm problems. Some cryptographic applications of this idea are given.
Both instantiations are based on elliptic curves. The first relies on the factoring assumption for hiding the pairing. The second relies on the difficulty of solving a system of multivariate equations. The second method also potentially gives rise to a practical trapdoor discrete logarithm system.
KeywordsElliptic Curve Elliptic Curf Discrete Logarithm Discrete Logarithm Problem Random Oracle Model
Unable to display preview. Download preview PDF.
- 1.Blake, I., Seroussi, G., Smart, N.P.: Advances in elliptic curve cryptography, Cambridge (2005)Google Scholar
- 3.Boneh, D.: Personal communication (July 1, 2005)Google Scholar
- 6.Demytko, N.: A new elliptic curve based analogue of RSA. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 40–49. Springer, Heidelberg (1994)Google Scholar
- 7.Frey, G.: How to disguise an elliptic curve (Weil descent), Talk at ECC, Slides (1998), Available from: http://www.cacr.math.uwaterloo.ca/conferences/1998/ecc98/frey.ps
- 10.Galbraith, S.D.: Disguising tori and elliptic curves (preprint, 2006)Google Scholar
- 11.Gordon, D.M.: Designing and detecting trapdoors for discrete log cryptosystems. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 66–75. Springer, Heidelberg (1993)Google Scholar
- 14.Joux, A., Lercier, R.: Discrete logarithms in GF(2607) and GF(2613), posting to the Number Theory Mailing List (September 23, 2005)Google Scholar
- 16.Lenstra Jr., H.W.: Elliptic curves and number theoretic algorithms. In: Proc. International Congr. Math., Berkeley 1986, pp. 99–120. AMS (1988)Google Scholar
- 18.Naccache, D., Stern, J.: A new public-key cryptosystem based on higher residues. In: ACM Conference on Computer and Communications Security, pp. 59–66 (1998)Google Scholar
- 20.Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
- 21.Rivest, R.L.: Homework 4 of course 6.897 “Selected Topics in Cryptography” (May 2004), http://theory.lcs.mit.edu/classes/6.897/spring04/hw4.txt
- 24.Thomé, E.: Personal communication (January 9, 2006)Google Scholar