Cryptology ePrint Archive: Report 2002/113

A Note on the Bilinear Diffie-Hellman Assumption

Yacov Yacobi

Abstract: Abstract. The Bi-linear Diffie-Hellman (BDH) intractability assumption is required to establish the security of new Weil-pairing based cryptosystems. BDH is reducible to most of the older believed-to-be-hard discrete-log problems and DH problems, but there is no known reduction from any of those problems to BDH. Let the bilinear mapping be e:G1 X G1->G2, where G1 and G2 are cyclic groups. We show that a many-one reduction from any of the relevant problems to BDH has to include an efficient mapping \phi:G2 ->G1 where \phi(g^{x})=f(x)P. Here g, and P are generators of the corresponding cyclic groups. The function \phi must be used in the reduction either before or after the call to oracle BDH. We show that if f(x)=ax^n+b for any constants a,b,n, then \phi could be used as an oracle for a probabilistic polynomial time solution for Decision Diffie-Hellman in G2. Thus such a reduction is unlikely.

Category / Keywords: Bi-linear pairing; ID based cryptosystems

Publication Info: Identity Based Encryption; Weil pairing

Date: received 7 Aug 2002, last revised 9 Aug 2002

Contact author: yacov at microsoft com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20020810:133304 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]