Cryptology ePrint Archive: Report 2019/1290

Trapdoor DDH groups from pairings and isogenies

Péter Kutas and Christophe Petit and Javier Silva

Abstract: Trapdoor DDH groups are an appealing cryptographic primitive where DDH instances are hard to solve unless provided with additional information (i.e., a trapdoor). In this paper, we introduce a new trapdoor DDH group construction using pairings and isogenies of supersingular elliptic curves. The construction solves all shortcomings of previous constructions as identified by Seurin (RSA 2013). We also present partial attacks on a previous construction due to Dent--Galbraith, and we provide a formal security definition of the related notion of ``trapdoor pairings''.

Category / Keywords: public-key cryptography / elliptic curve cryptography, pairings, isogenies, trapdoor DDH

Original Publication (with minor differences): SAC 2020

Date: received 6 Nov 2019, last revised 27 Nov 2020

Contact author: christophe f petit at gmail com, kutasp at gmail com, javiersilvavelon at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20201127:151430 (All versions of this report)

Short URL: ia.cr/2019/1290


[ Cryptology ePrint archive ]