CryptoDB
A Note on the Bilinear Diffie-Hellman Assumption
Authors: | |
---|---|
Download: | |
Abstract: | Abstract. The Bi-linear Diffie-Hellman (BDH) intractability assumption is required to establish the security of new Weil-pairing based cryptosystems. BDH is reducible to most of the older believed-to-be-hard discrete-log problems and DH problems, but there is no known reduction from any of those problems to BDH. Let the bilinear mapping be e:G1 X G1->G2, where G1 and G2 are cyclic groups. We show that a many-one reduction from any of the relevant problems to BDH has to include an efficient mapping \phi:G2 ->G1 where \phi(g^{x})=f(x)P. Here g, and P are generators of the corresponding cyclic groups. The function \phi must be used in the reduction either before or after the call to oracle BDH. We show that if f(x)=ax^n+b for any constants a,b,n, then \phi could be used as an oracle for a probabilistic polynomial time solution for Decision Diffie-Hellman in G2. Thus such a reduction is unlikely. |
BibTeX
@misc{eprint-2002-11636, title={A Note on the Bilinear Diffie-Hellman Assumption}, booktitle={IACR Eprint archive}, keywords={Bi-linear pairing; ID based cryptosystems}, url={http://eprint.iacr.org/2002/113}, note={Identity Based Encryption; Weil pairing yacov@microsoft.com 11909 received 7 Aug 2002, last revised 9 Aug 2002}, author={Yacov Yacobi}, year=2002 }