Abstract
In EUROCRYPT 2006, Cheon proposed breakthrough algorithms for pairing-related problems such as the q-weak/strong Diffie-Hellman problem. Using that the exponents of an element in an abelian group G of prime order p form the ring Z/ pZ structure even if G is a generic group, Cheon’s algorithms reduce their complexity by Pohlig-Hellman like method over (Z/ pZ ) * or its extension. The algorithms are more efficient than solving the relative discrete logarithm problems in certain cases. This paper shows that Cheon’s algorithms are faster than the result obtained by the complexity analysis in Cheon’s paper, i.e. the algorithms can be done within \(O( \sqrt{p/d} + \sqrt{d} )\) group operations, where d is a positive divisor of p − 1 with d ≤ q or a positive divisor of p + 1 with 2d ≤ q, instead of \(O( \log p ( \sqrt{p/d} + \sqrt{d} ) )\) group operations shown by Cheon. This paper also shows an improvement of one of the algorithms for q-weak Diffie-Hellman problem. The improvement can be done within \(O( \epsilon \sqrt{p/d} )\) group operations, where ε = min ( 2/(1 − log p d), logp ). Moreover, this paper discusses how to choose the group order so that the algorithms are inefficient and also shows a condition for the group order and the probability that an order satisfies the condition.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)
Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.): EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)
Barreto, P.S.L.M., Lynn, B., Scott, M.: Efficient implementation of pairing-based cryptosystems. J. Cryptology 17, 321–334 (2004)
On the selection of pairing-friendly groups. In: Matsui, M., Zuccherato, R.J. (eds.): SAC 2003. LNCS, vol. 3006, pp. 17–25. Springer, Heidelberg (2004)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)
Brezing, F., Weng, A.: Elliptic curves suitable for pairing based cryptography. Design, Codes and Cryptography 37, 133–141 (2005)
Cheon, J.H.: Security analysis of strong Diffie-Hellman problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006)
Comuta, A., Kawazoe, M., Takahashi, T.: How to construct pairing-friendly curves for the embedding degree k = 2n, n is an odd prime, Cryptology ePrint Archive, Report 2006/427, IACR (2006)
Duquesne, S., Lange, T.: Pairing-based cryptography. In: Cohen, H., Frey, G., Doche, C. (eds.) Handbook of elliptic and hyperelliptic curve cryptography, pp. 573–590. Chapman & Hall/CRC, Sydney (2005)
Frey, G., Rück, H.-G.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Math. Comp. 62, 865–874 (1994)
Freeman, D.: Constructing pairing-friendly elliptic curves with embedding degree 10. In: Hess, F., Pauli, S., Pohst, M. (eds.) Algorithmic Number Theory. LNCS, vol. 4076, pp. 452–465. Springer, Heidelberg (2006)
Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves, Cryptology ePrint Archive, Report 2006/372, IACR (2006)
Galbraith, S.D.: Pairings, Advances in Elliptic Curves Cryptography. In: Blake, I., Seroussi, G., Smart, N. (eds.) LMS 317, Cambridge U. P, pp. 183–213 (2005)
Gentry, C.: Practical identity-based encription without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006)
Galbraith, S.D., McKee, J., Valença, P.: Ordinary abelian varieties having small embedding degree. In: Finite Fields and Their Applications (to appear, 2007)
Hardy, G.H., Wright, E.M.: An introduction to the theory of numbers, 5th edn. Oxford U. P., Oxford (1979)
Joux, A.: One round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) Algorithmic Number Theory. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000)
Kutsuma, T., Matsuo, K.: Remarks on Cheon’s algorithms for pairing-related problems. In: Proc. of SCIS 2007, no. 4A1-2, IEICE (2007)
Miyaji, A., Nakabayashi, M., Takano, S.: New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundamentals E84-A(5), 1234–1243 (2001)
Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite fields. In: Proc. of STOC, pp. 80–89 (1991)
Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Trans. Fundamentals E85-A(2), 481–484 (2002)
Okamoto, T.: Efficient blind and partially blind signatures without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006)
Ohgishi, K., Sakai, R., Kasahara, M.: Notes on ID-based key sharing systems over elliptic curve (in Japanese). Tech. Report ISEC99-57, IEICE (1999)
Paterson, K.G.: Cryptography from pairings. In: Blake, I., Seroussi, G., Smart, N. (eds.) Advances in Elliptic Curves Cryptography. LMS 317, pp. 215–251. Cambridge U. P., Cambridge (2005)
Pohlig, G.C., Hellman, M.E.: An improved algorithm for comuting logarithms over GF(p) and its cryptographic significance. IEEE Trans. on Info. Theory IT- 24, 106–110 (1978)
Pollard, J.M.: Monte Carlo methods for index computation (mod p). Math. Comp. 32, 918–924 (1978)
Quisquater, J.-J., Delescaille, J.-P.: How easy is collision search. New results and applications to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 408–413. Springer, Heidelberg (1990)
Scott, M., Barreto, P.S.L.M.: Generating more MNT elliptic curves. Designs, Codes and Cryptography 38, 209–217 (2006)
Shanks, D.: Class number, a theory of factrization, and genera. In: Proc. of Symp. Math. Soc., vol. 20, pp. 415–440 (1971)
Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)
Teske, E.: Speeding up pollard’s rho method for computing discrete logarithms. In: Buhler, J.P. (ed.) Algorithmic Number Theory. LNCS, vol. 1423, pp. 541–553. Springer, Heidelberg (1998)
Square-root algorithms for the discrete logarithm problem (A survey), Public-Key Cryptography and Computational Number Theory, pp. 283–301, Walter de Gruyter, Berlin-New York ( 2001)
Wei, V.K.: Tight reductions among strong Diffie-Hellman assumptions, Cryptology ePrint Archive, Report 2005/057, IACR (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kozaki, S., Kutsuma, T., Matsuo, K. (2007). Remarks on Cheon’s Algorithms for Pairing-Related Problems. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds) Pairing-Based Cryptography – Pairing 2007. Pairing 2007. Lecture Notes in Computer Science, vol 4575. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73489-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-73489-5_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73488-8
Online ISBN: 978-3-540-73489-5
eBook Packages: Computer ScienceComputer Science (R0)