Paper 2024/993
Limits on the Power of Prime-Order Groups: Separating Q-Type from Static Assumptions
, NTT ResearchAbstract
Subgroup decision techniques on cryptographic groups and pairings have been critical for numerous applications. Originally conceived in the composite-order setting, there is a large body of work showing how to instantiate subgroup decision techniques in the prime-order setting as well. In this work, we demonstrate the first barrier to this research program, by demonstrating an important setting where composite-order techniques cannot be replicated in the prime-order setting. In particular, we focus on the case of $q$-type assumptions, which are ubiquitous in group- and pairing-based cryptography, but unfortunately are less desirable than the more well-understood static assumptions. Subgroup decision techniques have had great success in removing $q$-type assumptions, even allowing $q$-type assumptions to be generically based on static assumptions on composite-order groups. Our main result shows that the same likely does not hold in the prime order setting. Namely, we show that a large class of $q$-type assumptions, including the security definition of a number of cryptosystems, cannot be proven secure in a black box way from any static assumption.
Metadata
- Available format(s)
-
PDF
- Category
- Foundations
- Publication info
- Published by the IACR in CRYPTO 2024
- Keywords
- generic group model
- Contact author(s)
-
gclu @ cs utexas edu
mzhandry @ gmail com - History
- 2024-06-20: approved
- 2024-06-19: received
- See all versions
- Short URL
- https://ia.cr/2024/993
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/993,
author = {George Lu and Mark Zhandry},
title = {Limits on the Power of Prime-Order Groups: Separating Q-Type from Static Assumptions},
howpublished = {Cryptology ePrint Archive, Paper 2024/993},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/993}},
url = {https://eprint.iacr.org/2024/993}
}
