Scribd
Upload
24 views2 pages

Variations of Di E-Hellman Problem: Abstract

Uploaded by

23pg1by0001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views2 pages

Variations of Di E-Hellman Problem: Abstract

Uploaded by

23pg1by0001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Variations of Diffie-Hellman Problem

Feng Bao, Robert H. Deng, and HuaFei Zhu

Infocomm Security Department, Institute for Infocomm Research.


21 Heng Mui Keng Terrace, Singapore 119613.
{baofeng, deng, huafei}@i2r.a-star.edu.sg

Abstract. This paper studies various computational and decisional


Diffie-Hellman problems by providing reductions among them in
the high granularity setting. We show that all three variations of
computational Diffie-Hellman problem: square Diffie-Hellman problem,
inverse Diffie-Hellman problem and divisible Diffie-Hellman problem, are
equivalent with optimal reduction. Also, we are considering variations of
the decisional Diffie-Hellman problem in single sample and polynomial
samples settings, and we are able to show that all variations are
equivalent except for the argument DDH ⇐ SDDH. We are not able to
prove or disprove this statement, thus leave an interesting open problem.

Keywords: Diffie-Hellman problem, Square Diffie-Hellman problem, In-


verse Diffie-Hellman problem, Divisible Diffie-Hellman problem

1 Introduction
The Diffie-Hellman problem [9] is a golden mine for cryptographic purposes and
is more and more studied. This problem is closely related to the difficult of
computing the discrete logarithm problem over a cyclic group[11]. There are
several works to study classical and variable Diffie-Hellman problems([13], [14],
[21], [18]) in the generic model. For the decisional Diffie-Hellman problem set-
ting, there is alternative, yet equivalent notation, called matching Diffie-Hellman
problem, have been studied by Handschuh, Tsiounis and Yung [10]. These vari-
ations are by now the security of many protocols relying on ([1], [2], [5], [6],[8]).
Tatsuaki Okamoto and David Pointcheval[16] introduce a new notion called the
Gap-Problems, which can be considered as a dual to the class of the decision
problems. While Sadeghi and Steinerhere [19] rigourously consider a set of Diffie-
Hellman related problems by identifying a parameter termed granularity, which
describes the underlying probabilistic space in an assumption.
This paper studies various computational and decisional problems related to
the Diffie-Hellman problems by providing reductions among them in the high
granularity setting, i.e., we consider the variations of Diffie-Hellman problem
defined over some cyclic group with explicit group structure. More precisely,
we are interested in studying relationship among variations of Diffie-Hellman
problem including computational and decisional cases in single and polynomial
setting and try to obtain reductions that are efficient so that an advantage
against one of these problems can be reached against the other one.

S. Qing, D. Gollmann, and J. Zhou (Eds.): ICICS 2003, LNCS 2836, pp. 301–312, 2003.

c Springer-Verlag Berlin Heidelberg 2003
302 F. Bao, R.H. Deng, and H. Zhu

The basic tools for relating the complexities of various problems are polyno-
mial reductions and transformations. We say that a problem A reduces in poly-
nomial time to another problem B, denoted by A ⇐ B, if and only if there is an
algorithm for A which uses a subroutine for B, and each call to the subroutine
for B counts as a single step, and the algorithm for A runs in polynomial-time.
The latter implies that the subroutine for B can be called at most a polynomially
bounded number of times. The practical implication comes from the following
proposition: If A polynomially reduces to B and there is a polynomial time al-
gorithm for B, then there is a polynomial time algorithm for A also. Specially,
for considering variation of Diffie-Hellman problem in polynomial time sampling
case, we need to define the conception of efficient constructing algorithm to meet
the requirement of the standard hybrid technique.
Our contributions: In this report, we are considering useful variations of
Diffie-Hellman problem: square computational(and decisional) Diffie-Hellman
problem, inverse computational(and decisional) Diffie-Hellman problem and di-
visible computational(and decisional) Diffie-Hellman problem. We are able to
show that all variations of computational Diffie-Hellman problem are equivalent
to the classic computational Diffie-Hellman problem if the order of a underlying
cyclic group is a large prime. We remark that our reduction is efficient, that is
an advantage against one of these problems can be reached against another one.
Also, we are considering variations of the decisional Diffie-Hellman problem in
single sample and polynomial samples settings, and we are able to show that all
variations are equivalent except for the argument DDH ⇐ SDDH. We are not
able to prove or disprove this statement, thus leave an interesting open problem
in this report.

2 Variations of Computational Diffie-Hellman Problem

Let p be a large prime number such that the discrete logarithm problem defined
in Zp is hard. Let G ∈ Zp be a cyclic group of prime order q and g is assumed
to be a generator of G. Though out this paper, we assume that G is prime
order, and security parameters p, q are defined as the fixed form p=2q + 1 and
ord(g)=q. A remarkable computational problem has been defined on this kind of
set by Diffie and Hellman [9]. More precisely, Diffie-Hellman assumption (CDH
assumption) is referred to as the following statement:
Computational Diffie-Hellman problem (CDH): On input g, g x , g y , comput-
ing g xy .
An algorithm that solves the computational Diffie-Hellman problem is a
probabilistic polynomial time Turing machine, on input g, g x , g y , outputs
g xy with non-negligible probability. Computational Diffie-Hellman assumption
means that there is no such a probabilistic polynomial time Turing machine.
This assumption is believed to be true for many cyclic groups, such as the prime
sub-group of the multiplicative group of finite fields.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy