Obstacles to the torsion-subgroup attack on the decision Diffie-Hellman Problem
نویسندگان
چکیده
Cheng and Uchiyama show that if one is given an elliptic curve, depending on a prime p, that is defined over a number field and has certain properties, then one can solve the Decision Diffie-Hellman Problem (DDHP) in Fp in polynomial time. We show that it is unlikely that an elliptic curve with the desired properties exists.
منابع مشابه
On the existence of distortion maps on ordinary elliptic curves
An important problem in cryptography is the so called Decision Diffie-Hellman problem (henceforth abbreviated DDH). The problem is to distinguish triples of the form (g, g, g) from arbitrary triples from a cyclic group G = 〈g〉. It turns out that for (cyclic subgroups of) the group of m-torsion points on an elliptic curve over a finite field, the DDH problem admits an efficient solution if there...
متن کاملDiffie-Hellman type key exchange protocols based on isogenies
In this paper, we propose some Diffie-Hellman type key exchange protocols using isogenies of elliptic curves. The first method which uses the endomorphism ring of an ordinary elliptic curve $ E $, is a straightforward generalization of elliptic curve Diffie-Hellman key exchange. The method uses commutativity of the endomorphism ring $ End(E) $. Then using dual isogenies, we propose...
متن کاملThe Discrete Logarithm Problem on the p-torsion Subgroup of Elliptic Curves
An ongoing challenge in cryptography is to find groups in which the DLP is computationally infeasible, that is, for which the best known attack is exponential in log(N). Such a group can be used as the setting for many cryptographic protocols, from Diffie-Hellman key exchange to El Gamal encryption ([14], 159). The most prominent example, first proposed in 1985, is a subgroup of points of an el...
متن کاملA NEW PROTOCOL MODEL FOR VERIFICATION OF PAYMENT ORDER INFORMATION INTEGRITY IN ONLINE E-PAYMENT SYSTEM USING ELLIPTIC CURVE DIFFIE-HELLMAN KEY AGREEMENT PROTOCOL
Two parties that conduct a business transaction through the internet do not see each other personally nor do they exchange any document neither any money hand-to-hand currency. Electronic payment is a way by which the two parties transfer the money through the internet. Therefore integrity of payment and order information of online purchase is an important concern. With online purchase the cust...
متن کاملCryptanalysis of the multilinear map on the ideal lattices
We improve the zeroizing attack on the multilinear map of Garg, Gentry and Halevi (GGH). Our algorithm can solve the Graded Decisional Diffie-Hellman (GDDH) problem on the GGH scheme when the dimension n of the ideal lattice Z[X]/(X+1) is O(κλ) as suggested for the κ-linear GGH scheme. The zeroizing attack is to recover a basis of an ideal generated by a secret element g ∈ Z[X]/(X + 1) from the...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Math. Comput.
دوره 73 شماره
صفحات -
تاریخ انتشار 2004