**Boneh-Boyen signatures and the Strong Diffie-Hellman problem**

*David Jao and Kayo Yoshida*

**Abstract: **The Boneh-Boyen signature scheme is a pairing based short signature scheme which is provably secure in the standard model under the $q$-Strong Diffie-Hellman assumption. In this paper, we prove the converse of this statement, and show that forging Boneh-Boyen signatures is actually equivalent to solving the $q$-Strong Diffie-Hellman problem. Using this equivalence, we exhibit an algorithm which, on the vast majority of pairing-friendly curves, recovers Boneh-Boyen private keys in $O(p^{\frac{2}{5}+\varepsilon})$ time, using $O(p^{\frac{1}{5}+\varepsilon})$ signature queries. We present implementation results comparing the performance of our algorithm and traditional discrete logarithm algorithms such as Pollard's lambda algorithm and Pollard's rho algorithm. We also discuss some possible countermeasures and strategies for mitigating the impact of these findings.

**Category / Keywords: **public-key cryptography /

**Publication Info: **Full version of Pairing 2009 paper. Contains detailed tables and graphs of experimental results.

**Date: **received 18 May 2009, last revised 31 May 2009

**Contact author: **djao at math uwaterloo ca

**Available format(s): **PDF | BibTeX Citation

**Note: **Added corrections and acknowledgments.

**Version: **20090531:220649 (All versions of this report)

**Short URL: **ia.cr/2009/221

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]