17 research outputs found
Fast generators for the Diffie-Hellman key agreement protocol and malicious standards
The Diffie-Hellman key agreement protocol is based on taking large powers of
a generator of a prime-order cyclic group. Some generators allow faster
exponentiation. We show that to a large extent, using the fast generators is as
secure as using a randomly chosen generator. On the other hand, we show that if
there is some case in which fast generators are less secure, then this could be
used by a malicious authority to generate a standard for the Diffie-Hellman key
agreement protocol which has a hidden trapdoor.Comment: Small update
PLUME: An ECDSA Nullifier Scheme for Unique Pseudonymity within Zero Knowledge Proofs
ZK-SNARKs (Zero Knowledge Succinct Noninteractive ARguments of Knowledge) are one of the most promising new applied cryptography tools: proofs allow anyone to prove a property about some data, without revealing that data. Largely spurred by the adoption of cryptographic primitives in blockchain systems, ZK-SNARKs are rapidly becoming computationally practical in real-world settings, shown by i.e. tornado.cash and rollups. These have enabled ideation for new identity applications based on anonymous proof-of-ownership. One of the primary technologies that would enable the jump from existing apps to such systems is the development of deterministic nullifiers.
Nullifiers are used as a public commitment to a specific anonymous account, to forbid actions like double spending, or allow a consistent identity between anonymous actions. We identify a new deterministic signature algorithm that both uniquely identifies the keypair, and keeps the account identity secret. In this work, we will define the full DDH-VRF construction, and prove uniqueness, secrecy, and existential unforgeability. We will also demonstrate a proof of concept of our Pseudonymously Linked Unique Message Entity (PLUME) scheme
Two remarks on the vectorization problem
We share two small but general observations on the vectorization problem for group actions, which appear to have been missed by the existing literature. The first observation is pre-quantum: explicit examples show that, for classical adversaries, the vectorization problem cannot in general be reduced to the parallelization problem. The second observation is post-quantum: by combining a method for solving systems of linear disequations due to Ivanyos with a Kuperberg-style sieve, one can solve the hidden shift problem, and therefore the vectorization problem, for any finite abelian -torsion group in polynomial time and using mostly classical work; here are any fixed non-negative integers and is any fixed prime number
The Relationship Between Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms
Both uniform and non-uniform results concerning the security of the Diffie-Hellman key-exchange protocol are proved. First, it is shown that in a cyclic group G of order jGj = Q p e i i , where all the multiple prime factors of jGj are polynomial in log jGj, there exists an algorithm that reduces the computation of discrete logarithms in G to breaking the Diffie-Hellman protocol in G and has complexity p maxf(p i )g \Delta (log jGj) O(1) , where (p) stands for the minimum of the set of largest prime factors of all the numbers d in the interval [p \Gamma 2 p p+1; p+2 p p+ 1]. Under the unproven but plausible assumption that (p) is polynomial in log p, this reduction implies that the Diffie-Hellman problem and the discrete logarithm problem are polynomial-time equivalent in G. Second, it is proved that the Diffie-Hellman problem and the discrete logarithm problem are equivalent in a uniform sense for groups whose orders belong to certain classes: there exists a p..
Compter (rapidement) le nombre de solutions d'\'equations dans les corps finis
The number of solutions in finite fields of a system of polynomial equations
obeys a very strong regularity, reflected for example by the rationality of the
zeta function of an algebraic variety defined over a finite field, or the
modularity of Hasse-Weil's -function of an elliptic curve over \Q. Since
two decades, efficient methods have been invented to compute effectively this
number of solutions, notably in view of cryptographic applications.
This expos\'e presents some of these methods, generally relying on the use of
Lefshetz's trace formula in an adequate cohomology theory and discusses their
respective advantages.
-----
Le nombre de solutions dans les corps finis d'un syst\`eme d'\'equations
polynomiales ob\'eit \`a une tr\`es forte r\'egularit\'e, refl\'et\'ee par
exemple par la rationalit\'e de la fonction z\^eta d'une vari\'et\'e
alg\'ebrique sur un corps fini, ou la modularit\'e de la fonction de
Hasse-Weil d'une courbe elliptique sur \Q.
Depuis une vingtaine d'ann\'ees des m\'ethodes efficaces ont \'et\'e
invent\'ees pour calculer effectivement ce nombre de solutions, notamment en
vue d'applications
\`a la cryptographie.
L'expos\'e en pr\'esentera quelques-unes, g\'en\'eralement fond\'ees
l'utilisation de la formule des traces de Lefschetz dans une th\'eorie
cohomologique convenable, et expliquera leurs avantages respectifs.Comment: S\'eminaire Bourbaki, 50e ann\'ee, expos\'e 968, Novembre 2006. 48
pages, in french. Final version to appear in Ast\'erisqu
Some Facets of Complexity Theory and Cryptography: A Five-Lectures Tutorial
In this tutorial, selected topics of cryptology and of computational
complexity theory are presented. We give a brief overview of the history and
the foundations of classical cryptography, and then move on to modern
public-key cryptography. Particular attention is paid to cryptographic
protocols and the problem of constructing the key components of such protocols
such as one-way functions. A function is one-way if it is easy to compute, but
hard to invert. We discuss the notion of one-way functions both in a
cryptographic and in a complexity-theoretic setting. We also consider
interactive proof systems and present some interesting zero-knowledge
protocols. In a zero-knowledge protocol one party can convince the other party
of knowing some secret information without disclosing any bit of this
information. Motivated by these protocols, we survey some complexity-theoretic
results on interactive proof systems and related complexity classes.Comment: 57 pages, 17 figures, Lecture Notes for the 11th Jyvaskyla Summer
Schoo
Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem
The Boneh-Boyen signature scheme is a short signature scheme which is provably secure in the standard model under the q-Strong Diffie-Hellman (SDH) assumption.
The primary objective of this thesis is to examine the relationship between the Boneh-Boyen signature scheme and SDH. The secondary objective is to survey surrounding topics such as the generic group model, related signature schemes, intractability assumptions, and the relationship to identity-based encryption (IBE) schemes. Along these lines, we analyze the plausibility of the SDH assumption using the generic bilinear group model. We present the security proofs for the Boneh-Boyen signature scheme, with the addition of a small improvement in one of the probability bounds.
Our main contribution is to give the reduction in the reverse direction; that is, to show that if the SDH problem can be solved then the Boneh-Boyen signature scheme can be forged. This contribution represents the first known proof of equivalence between the SDH problem and Boneh-Boyen signatures. We also discuss the algorithm of Cheon for solving the SDH problem. We analyze the implications of Cheon's algorithm for the security of the Boneh-Boyen signature scheme, accompanied by a brief discussion on how to counter the attack