## Cryptology ePrint Archive: Report 2009/221

Boneh-Boyen signatures and the Strong Diffie-Hellman problem

David Jao and Kayo Yoshida

Abstract: The Boneh-Boyen signature scheme is a pairing based short signature scheme which is provably secure in the standard model under the $q$-Strong Diffie-Hellman assumption. In this paper, we prove the converse of this statement, and show that forging Boneh-Boyen signatures is actually equivalent to solving the $q$-Strong Diffie-Hellman problem. Using this equivalence, we exhibit an algorithm which, on the vast majority of pairing-friendly curves, recovers Boneh-Boyen private keys in $O(p^{\frac{2}{5}+\varepsilon})$ time, using $O(p^{\frac{1}{5}+\varepsilon})$ signature queries. We present implementation results comparing the performance of our algorithm and traditional discrete logarithm algorithms such as Pollard's lambda algorithm and Pollard's rho algorithm. We also discuss some possible countermeasures and strategies for mitigating the impact of these findings.

Category / Keywords: public-key cryptography /

Publication Info: Full version of Pairing 2009 paper. Contains detailed tables and graphs of experimental results.

Date: received 18 May 2009, last revised 31 May 2009

Contact author: djao at math uwaterloo ca

Available format(s): PDF | BibTeX Citation