fmouhart/thesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Index

Browse Source
This commit is contained in:
Fabrice Mouhartem
2018-02-02 16:09:02 +01:00
parent 664fa6ccd8
commit d6adc217eb
2 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
sec-pairings.tex
View File

@ -5,13 +5,13 @@
Pairing-based cryptography was introduced by Antoine Joux~\cite{Jou00} to generalize Diffie-Hellman key exchange to three users in one round.
Since then, many constructions have been proposed for cryptographic constructions, such as identity-based encryption~\cite{BF01,Wat05} or group signature~\cite{ACJT00,BBS04}.
Multiple constructions and parameter sets coexist for pairings.
Real-world implementation are based on elliptic curves~\cite{BN06, KSS08}, but recent advances in cryptanalysis makes it hard to evaluate the security level of pairing-based cryptography~\cite{KB16,BD17}.
Real-world implementation are based on elliptic curves~\cite{BN06, KSS08}, but recent advances in cryptanalysis makes it hard to evaluate the security level of pairing-based cryptography~\cite{KB16,MSS17,BD18}.
In the following, we rely on the black-box definition of cryptographic pairings as bilinear maps, and on the assumed hardness of a classical assumption over pairings, namely $\SXDH$.
%\subsection{Bilinear maps}
\begin{definition}[Pairings~\cite{BSS05}] \label{de:pairings}
\begin{definition}[Pairings~\cite{BSS05}] \label{de:pairings} \index{Pairings}
A pairing is a map $e: \GG \times \Gh \to \GT$ over cyclic groups of order $p$ that verifies the following properties for any $g \in \GG, \hat{g} \in \Gh$:
\begin{enumerate}[\quad (i)]
\item bilinearity: for any $a, b \in \Zp$, we have $e(g^a, \hat{g}^b) = e(g^b, \hat{g}^a) = e(g, \hat{g})^{ab}$.
@ -22,17 +22,24 @@ In the following, we rely on the black-box definition of cryptographic pairings
For cryptographic purpose, pairings are usually defined over elliptic curves, hence $\GT$ is a multiplicative subgroup of the multiplicative group of a finite field.
Most standard assumptions over pairings are derived from the equivalent of the Diffie-Hellman assumptions from cyclic groups.
Most standard assumptions over pairings are derived from the equivalent of the Diffie-Hellman assumptions from cyclic groups,
%defined in Definition~\ref{de:DDH}.
defined as follows.
\begin{definition}[$\DDH$] \label{de:DDH}
\begin{definition}[$\DDH$] \label{de:DDH} \index{Discrete Logarithm!Decisional Diffie-Hellman}
Let $\GG$ be a cyclic group of order $p$. The \emph{decisional Diffie-Hellman} ($\DDH$) problem is the following.
Given $(g, g^a, g^b, g^c) \in \GG^4$, the goal is to decide if $c = ab$ or if $c$ is sampled uniformly in $\GG$.
The DDH assumption is the intractability of the problem for any $\PPT$ algorithm.
The DDH assumption is the intractability of the problem for any $\ppt$ algorithm.
Let us now define the $\DDH$ language as
$L_\DDH = \bigl\{ (g, g^a, g^b, g^{c}) \in \GG^4 \mid c = a \cdot b \bigr\}.$
Thus the $\DDH$ problem is equivalently the question of whether $L_\DDH \in \mathsf{PP}$ or not.
\end{definition}
This hypothesis, from which the Diffie-Hellman key exchange relies its security on, is then used to defined the $\SXDH$ assumption.
\begin{definition}[{$\SXDH$~\cite[As.~1]{BGdMM05}}]
\begin{definition}[{$\SXDH$~\cite[As.~1]{BGdMM05}}] \index{Pairings!Symmetric external Diffie-Hellman (SXDH)}
The \emph{Symmetric eXternal Diffie-Hellman} ($\SXDH$) assumption holds if the $\DDH$ assumption holds both in $\GG$ and $\Gh$.
\end{definition}