Add definition for SDL

This commit is contained in:
Fabrice Mouhartem 2018-03-20 09:52:32 +01:00
parent 11caaaa25a
commit dfae5b0ea6

View File

@ -29,7 +29,7 @@ described in \cref{de:DDH} and recalled here.
This hypothesis, from which the Diffie-Hellman key exchange relies its security on, is then used to defined the $\SXDH$ assumption. This hypothesis, from which the Diffie-Hellman key exchange relies its security on, is then used to defined the $\SXDH$ assumption.
\begin{definition}[{$\SXDH$~\cite[As.~1]{BGdMM05}}] \index{Pairings!SXDH} \begin{definition}[{$\SXDH$~\cite[As.~1]{BGdMM05}}] \index{Pairings!SXDH} \label{de:SXDH}
The \emph{Symmetric eXternal Diffie-Hellman} ($\SXDH$) assumption holds if the $\DDH$ assumption holds both in $\GG$ and $\Gh$. The \emph{Symmetric eXternal Diffie-Hellman} ($\SXDH$) assumption holds if the $\DDH$ assumption holds both in $\GG$ and $\Gh$.
\end{definition} \end{definition}
@ -38,3 +38,15 @@ Moreover, this assumption is static, meaning that the size of the assumption is
This gives a stronger security guarantee for the security of schemes proven under this kind of assumptions. This gives a stronger security guarantee for the security of schemes proven under this kind of assumptions.
For instance, Cheon gave an attack against $q$-Strong Diffie-Hellmann problem for large values of $q$~\cite{Che06} (which usually represents the number of adversarial queries). For instance, Cheon gave an attack against $q$-Strong Diffie-Hellmann problem for large values of $q$~\cite{Che06} (which usually represents the number of adversarial queries).
In the aforementioned chapter, we also rely on the following assumption, which generalizes the Discrete Logarithm problem to asymmetric groups.
\begin{definition}[SDL]
\label{de:SDL} \index{Pairings!SDL}
In bilinear groups $(\GG,\hat{\GG},\GT^{})$ of prime order $p$, the \emph {Symmetric Discrete Logarithm} (SDL) problem consists in, given
$(g,\hat{g},g^a,\hat{g}^a) \in \GG \times \hat{\GG}$
where $a \sample \ZZ_p^{}$, computing $a \in \ZZ_p^{}$.
\end{definition}
This assumption is still a static and non-interactive assumption.