Paper 2019/1290

Trapdoor DDH groups from pairings and isogenies

Péter Kutas, Christophe Petit, and Javier Silva

Abstract

Trapdoor DDH groups are an appealing cryptographic primitive where DDH instances are hard to solve unless provided with additional information (i.e., a trapdoor). In this paper, we introduce a new trapdoor DDH group construction using pairings and isogenies of supersingular elliptic curves. The construction solves all shortcomings of previous constructions as identified by Seurin (RSA 2013). We also present partial attacks on a previous construction due to Dent--Galbraith, and we provide a formal security definition of the related notion of ``trapdoor pairings''.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision.SAC 2020
Keywords
elliptic curve cryptographypairingsisogeniestrapdoor DDH
Contact author(s)
christophe f petit @ gmail com
kutasp @ gmail com
javiersilvavelon @ gmail com
History
2020-11-27: revised
2019-11-07: received
See all versions
Short URL
https://ia.cr/2019/1290
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1290,
      author = {Péter Kutas and Christophe Petit and Javier Silva},
      title = {Trapdoor DDH groups from pairings and isogenies},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1290},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1290}},
      url = {https://eprint.iacr.org/2019/1290}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.