Cryptology ePrint Archive: Report 2019/1290

Trapdoor DDH groups from pairings and isogenies

Péter Kutas and Christophe Petit and Javier Silva

Abstract: Trapdoor DDH groups are an appealing cryptographic primitive where DDH instances are hard to solve unless provided with additional information (i.e., a trapdoor). In this paper, we introduce a new trapdoor DDH group construction using pairings and isogenies of supersingular elliptic curves. The construction solves all shortcomings of previous constructions as identified by Seurin (RSA 2013). We also present partial attacks on a previous construction due to Dent--Galbraith, and we provide a formal security definition of the related notion of ``trapdoor pairings''.

Category / Keywords: elliptic curve cryptography, pairings, isogenies, trapdoor DDH

Date: received 6 Nov 2019

Contact author: christophe f petit at gmail com, kutasp@gmail com, javiersilvavelon@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20191107:102006 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]