Diffie-Hellman Problems and Bilinear Maps

We investigate relations among the discrete logarithm (DL) problem, the Diffie-Hellman (DH) problem and the bilinear Diffie-Hellman (BDH) problem when we have an efficient computable non-degenerate bilinear map e : G G ! H. Under a certain assumption on the order of G, we show that the DH problem on H implies the DH problem on G, and both of them are equivalent to the BDH problem when e is weak-invertible. Moreover, we show that given the bilinear map e an injective homomorphism f : H ! G enables us to solve the DH problem on G eciently, which implies the non-existence a self-bilinear map e : G G ! G when the DH problem on G is hard. Finally we introduce a sequence of bilinear maps and its applications

Advances in signatures, encryption, and E-Cash from bilinear groups

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 147-161).We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups. 1. Re-Signatures: We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. 2. Re-Encryption: We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage.(cont.) 3. Compact; E-Cash with Tracing and Bounded-Anonymity: We present an offline e-cash system where 2 coins can be stored in O(e + k) bits and withdrawn or spent in 0(f + k) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be 0(2t . k). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system.by Susan Hohenberger.Ph.D