Abstract
Bilinear pairings on elliptic curves have been of much interest in cryptography recently. Most of the protocols involving pairings rely on the hardness of the bilinear Diffie–Hellman problem. In contrast to the discrete log (or Diffie–Hellman) problem in a finite field, the difficulty of this problem has not yet been much studied. In 2001, Verheul (Advances in Cryptology—EUROCRYPT 2001, LNCS 2045, pp. 195–210, 2001) proved that on a certain class of curves, the discrete log and Diffie–Hellman problems are unlikely to be provably equivalent to the same problems in a corresponding finite field unless both Diffie–Hellman problems are easy. In this paper we generalize Verheul’s theorem and discuss the implications on the security of pairing based systems.
Similar content being viewed by others
References
Bostan A., Morain F., Salvy B., Schost É.: Fast algorithms for computing isogenies between elliptic curves. Math. Comput. 77, 1755–1778 (2008)
Bröker R.: Constructing supersingular elliptic curves. J. Combinatorics Number Theory (2008), to appear.
Cox D.: Primes of the form x 2 + ny 2. Wiley, New York (1989)
den Boer B.: Diffie–Hellman is as strong as discrete log for certain primes. In: Advances in Cryptology ’88. Lect. Notes in Comput. Sci., vol. 403, pp. 530–539. Springer, Berlin (1989).
Elkies N.: Elliptic and modular curves over finite fields and related computational issues. In: Buell D.A., Teitelbaum J.T. (eds.) Computational Perspectives on Number Theory: Proceedings of a Conference in Honor of AOL Atkin, pp. 21–76 (1997).
Galbraith S., Paterson K.G.: In: Blake I.F., Seroussi G., Smart N.P. (eds.) Pairings, Ch. IX and X of Advances in Elliptic Curve Cryptography. London Math. Soc. Lecture Note Ser., vol. 317. Cambridge University Press (2005).
Galbraith S., Rotger V.: Easy decision Diffie–Hellman groups. LMS J. Comput. Math. 7, 201–218 (2004)
Galbriath S., O hEigeartaigh C., Sheedy C.: Simplified pairing computation and security implications. J. Math. Cryptol. 1, 267–281 (2007)
Galbraith S., Hess F., Vercauteren F.: Aspects of pairing inversion. IEEE Trans. Inform. Theory 12, 5719–5728 (2008)
Joux A.: The Weil and Tate pairings as building blocks for public key cryptosystems (survey). In: ANTS-V: Proceedings of the 5th International Symposium on Algorithmic Number Theory. Lect. Notes in Comput. Sci., vol. 2369, pp. 20–32. Springer (2002).
Koblitz N., Menezes A.: Pairing-based cryptography at high security levels. In: Smart N. (ed.) Cryptography and Coding. Lect. Notes in Comput. Sci., vol. 3796, pp. 13–36. Springer (2005).
Kohel D.: Endomorphism rings of elliptic curves over finite fields. PhD thesis, University of California at Berkeley (1996).
Lenstra A., Verheul E.: The XTR public key system. In: Advances in Cryptology-CRYPTO 2000. Lect. Notes in Comput. Sci., vol. 1880, pp. 1–19. Springer (2000).
Maurer U., Wolf S.: The Diffie–Hellman protocol. Des. Codes Cryptogr. 19, 147–171 (2000)
Menezes A.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers (1993).
Menezes A., Okamoto T., Vanstone S.: Reducing elliptic curve logarithms to logarithms in finite fields. IEEE Trans. Inform. Theory IT-39, 1639–1646 (1993)
Menezes A., Vanstone S.: ECSTR (XTR): Elliptic Curve Singular Trace Representation, Rump Session of Crypto (2000).
Moody D.: The Diffie–Hellman problem and generalization of Verheuls theorem, Cryptology ePrint Archive, Report 2008/456 (2008). Available at http://eprint.iacr.org/2008/456.
Morales D.: Cheon’s algorithm, pairing inversion and the discrete logarithm problem, Cryptology ePrint Archive, Report 2008/300 (2008). Available at http://eprint.iacr.org/2008/300.
Satoh T.: On Degrees of Polynomial Interpolations Related to Elliptic Curves, International Workshop, WCC 2005, Bergen, Norway, March 2005, Revised and Selected Papers, Lect. Notes in Comput. Sci., vol. 3969, pp. 155–163. Springer (2006).
Satoh T.: On polynomial interpolations related to Verheul homomorphisms. LMS J. Comput. Math. 9, 135–158 (2006)
Satoh T.: On pairing inversion problems. In: Pairing Conference 2007. Lect. Notes in Comput. Sci., vol. 4575, pp. 317–328. Springer (2007).
Satoh T.: Closed formulae for the Weil pairing inversion. Finite Fields Appl. 14, 743–765 (2008)
Silverman J.: The Arithmetic of Elliptic Curves. Springer, New York (1986)
Stark H.M.: Class numbers of complex quadratic fields. In: Kuyk W. (ed.) Modular Functions of One Variable I. Lecture Notes in Math., vol. 320, pp. 153–174. Springer (1973).
Verheul E.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Advances in Cryptology—EUROCRYPT 2001. Lect. Notes in Comput. Sci., vol. 2045, pp. 195–210. Springer (2001).
Verheul E.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. J. Cryptol. 17, 277–296 (2004)
Washington L.: Elliptic Curves (Number Theory and Cryptography), 2nd edn. Chapman & Hall, Boca Raton, FL (2008)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by S.Galbraith.
Rights and permissions
About this article
Cite this article
Moody, D. The Diffie–Hellman problem and generalization of Verheul’s theorem. Des. Codes Cryptogr. 52, 381–390 (2009). https://doi.org/10.1007/s10623-009-9287-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-009-9287-x