Paper 2018/529

Trapdoor Functions from the Computational Diffie-Hellman Assumption

Sanjam Garg and Mohammad Hajiabadi


Trapdoor functions (TDFs) are a fundamental primitive in cryptography. Yet, the current set of assumptions known to imply TDFs is surprisingly limited, when compared to public-key encryption. We present a new general approach for constructing TDFs. Specifically, we give a generic construction of TDFs from any Hash Encryption (Döttling and Garg [CRYPTO '17]) satisfying a novel property which we call recyclability. By showing how to adapt current Computational Diffie-Hellman (CDH) based constructions of hash encryption to yield recyclability, we obtain the first construction of TDFs with security proved under the CDH assumption. While TDFs from the Decisional Diffie-Hellman (DDH) assumption were previously known, the possibility of basing them on CDH had remained open for more than 30 years.

Note: Fixed a typo in the abstract.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in CRYPTO 2018
Trapdoor FunctionsComputational Diffie-Hellman Assumption
Contact author(s)
mdhajiabadi @ berkeley edu
sanjamg @ berkeley edu
2018-06-29: last of 2 revisions
2018-06-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sanjam Garg and Mohammad Hajiabadi},
      title = {Trapdoor Functions from the Computational Diffie-Hellman Assumption},
      howpublished = {Cryptology ePrint Archive, Paper 2018/529},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.