+ Restatable definition

This commit is contained in:
Fabrice Mouhartem 2018-02-28 18:02:06 +01:00
parent 106498a095
commit 79cc6c5806
2 changed files with 5 additions and 13 deletions

View File

@ -128,12 +128,13 @@ To illustrate this, let us consider the two following assumptions:
The \textit{discrete logarithm assumption} is the intractability of this problem. The \textit{discrete logarithm assumption} is the intractability of this problem.
\end{definition} \end{definition}
\begin{definition}[Decisional Diffie-Hellman] \label{de:DDH} \index{Discrete Logarithm!Decisional Diffie-Hellman} \begin{restatable}[Decisional Diffie-Hellman]{definition}{defDDH}
\index{Discrete Logarithm!Decisional Diffie-Hellman} \label{de:DDH}
Let $\GG$ be a cyclic group of order $p$. The \emph{decisional Diffie-Hellman} ($\DDH$) problem is the following. Let $\GG$ be a cyclic group of order $p$. The \emph{decisional Diffie-Hellman} ($\DDH$) problem is the following.
Given the tuple $(g, g_1^{}, g_2^{}, g_3^{}) = (g, g^a_{}, g^b{}, g^c_{}) \in \GG^4_{}$, the goal is to decide whether $c = ab$ or $c$ is sampled uniformly in $\GG$. Given the tuple $(g, g_1^{}, g_2^{}, g_3^{}) = (g, g^a_{}, g^b{}, g^c_{}) \in \GG^4_{}$, the goal is to decide whether $c = ab$ or $c$ is sampled uniformly in $\GG$.
The \textit{\DDH assumption} is the intractability of the problem for any $\ppt$ algorithm. The \textit{\DDH assumption} is the intractability of the problem for any $\ppt$ algorithm.
\end{definition} \end{restatable}
The discrete logarithm assumption is implied by the decisional Diffie-Hellman assumption for instance. The discrete logarithm assumption is implied by the decisional Diffie-Hellman assumption for instance.
Indeed, if one is able to solve the discrete logarithm problem, then it suffices to compute the discrete logarithm of $g_1$, let us say $\alpha$, and then check whether $g_2^\alpha = g_3^{}$ or not. Indeed, if one is able to solve the discrete logarithm problem, then it suffices to compute the discrete logarithm of $g_1$, let us say $\alpha$, and then check whether $g_2^\alpha = g_3^{}$ or not.

View File

@ -23,18 +23,9 @@ In the following, we rely on the black-box definition of cryptographic pairings
For cryptographic purpose, pairings are usually defined over elliptic curves, hence $\GT$ is a multiplicative subgroup of the multiplicative group of a finite field. For cryptographic purpose, pairings are usually defined over elliptic curves, hence $\GT$ is a multiplicative subgroup of the multiplicative group of a finite field.
The most standard assumptions over pairings are derived from the equivalent of the Diffie-Hellman assumptions from cyclic groups, The most standard assumptions over pairings are derived from the equivalent of the Diffie-Hellman assumptions from cyclic groups,
described in Definition~\ref{de:DDH} and recalled here. described in \cref{de:DDH} and recalled here.
\begin{definition}[$\DDH$ (recall)] \index{Discrete Logarithm!Decisional Diffie-Hellman} \defDDH*
Let $\GG$ be a cyclic group of order $p$. The \emph{decisional Diffie-Hellman} ($\DDH$) problem is the following.
Given $(g, g^a, g^b, g^c) \in \GG^4$, the goal is to decide if $c = ab$ or if $c$ is sampled uniformly in $\GG$.
The DDH assumption is the intractability of the problem for any $\ppt$ algorithm.
% Let us now define the $\DDH$ language as
% $L_\DDH = \bigl\{ (g, g^a, g^b, g^{c}) \in \GG^4 \mid c = a \cdot b \bigr\}.$
% Thus the $\DDH$ problem is equivalently the question of whether $L_\DDH \in \mathsf{PP}$ or not.
\end{definition}
This hypothesis, from which the Diffie-Hellman key exchange relies its security on, is then used to defined the $\SXDH$ assumption. This hypothesis, from which the Diffie-Hellman key exchange relies its security on, is then used to defined the $\SXDH$ assumption.