Paper 2024/1452

On the Complexity of Cryptographic Groups and Generic Group Models

Cong Zhang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou High-Tech Zone (Binjiang) Blockchain and Data Security Research Institute
Keyu Ji, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou High-Tech Zone (Binjiang) Blockchain and Data Security Research Institute
Taiyu Wang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou High-Tech Zone (Binjiang) Blockchain and Data Security Research Institute
Bingsheng Zhang, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou High-Tech Zone (Binjiang) Blockchain and Data Security Research Institute
Hong-Sheng Zhou, Virginia Commonwealth University
Xin Wang, Digital Technologies, Ant Group
Kui Ren, The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou High-Tech Zone (Binjiang) Blockchain and Data Security Research Institute
Abstract

Ever since the seminal work of Diffie and Hellman, cryptographic (cyclic) groups have served as a fundamental building block for constructing cryptographic schemes and protocols. The security of these constructions can often be based on the hardness of (cyclic) group-based computational assumptions. Then, the generic group model (GGM) has been studied as an idealized model (Shoup, EuroCrypt 1997), which justifies the hardness of many (cyclic) group-based assumptions and shows the limits of some group-based cryptosystems. We stress that, the importance of the length of group encoding, either in a concrete group-based construction or assumption, or in the GGM, has not been studied. In this work, we initiate a systematic study on the complexity of cryptographic groups and generic group models, varying in different lengths of group encodings, and demonstrate evidences that ``the length matters''. More concretely, we have the following results: -- We show that there is no black-box/relativizing reduction from the CDH-secure groups (i.e., over such groups, the computational Diffie-Hellman assumption holds) with shorter encodings, to the CDH-secure groups with longer encodings, within the same security parameter. More specifically, given any arbitrary longer CDH-secure group, it is impossible to generically shorten the group encoding and obtain a shorter CDH-secure group within the same group order. -- We show that there is a strict hierarchy of the GGMs with different lengths of encodings. That is, in the framework of indifferentiability, the shorter GGM is strictly stronger than the longer ones, even in the presence of computationally bounded adversaries.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in ASIACRYPT 2024
Keywords
Generic Group ModelIndifferentiability
Contact author(s)
congresearch @ zju edu cn
jikeyu @ zju edu cn
taiyuwang @ zju edu cn
bingsheng @ zju edu cn
hszhou @ vcu edu
wx352699 @ antgroup com
kuiren @ zju edu cn
History
2024-09-18: approved
2024-09-17: received
See all versions
Short URL
https://ia.cr/2024/1452
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1452,
      author = {Cong Zhang and Keyu Ji and Taiyu Wang and Bingsheng Zhang and Hong-Sheng Zhou and Xin Wang and Kui Ren},
      title = {On the Complexity of Cryptographic Groups and Generic Group Models},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1452},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1452}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.