The twin diffie-hellman problem and applications

David Cash, Eike Kiltz, Victor Shoup

Research output: Contribution to journalArticle

Abstract

We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem-this is a feature not enjoyed by the Diffie-Hellman problem, in general. Specifically, we show how to build a certain "trapdoor test" that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.

Original languageEnglish (US)
Pages (from-to)470-504
Number of pages35
JournalJournal of Cryptology
Volume22
Issue number4
DOIs
StatePublished - Oct 2009

Fingerprint

Diffie-Hellman
Cryptography
Encryption
Authenticated Key Exchange
Identity-based Encryption
Discrete Logarithm
Security Proof
Key Exchange
Random Oracle Model
Password
Standard Model
Query

ASJC Scopus subject areas

  • Applied Mathematics
  • Computer Science Applications
  • Software

Cite this

The twin diffie-hellman problem and applications. / Cash, David; Kiltz, Eike; Shoup, Victor.

In: Journal of Cryptology, Vol. 22, No. 4, 10.2009, p. 470-504.

Research output: Contribution to journalArticle

Cash, David ; Kiltz, Eike ; Shoup, Victor. / The twin diffie-hellman problem and applications. In: Journal of Cryptology. 2009 ; Vol. 22, No. 4. pp. 470-504.
@article{d4b50225464c4e759abd35e0748f1a0a,
title = "The twin diffie-hellman problem and applications",
abstract = "We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem-this is a feature not enjoyed by the Diffie-Hellman problem, in general. Specifically, we show how to build a certain {"}trapdoor test{"} that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.",
author = "David Cash and Eike Kiltz and Victor Shoup",
year = "2009",
month = "10",
doi = "10.1007/s00145-009-9041-6",
language = "English (US)",
volume = "22",
pages = "470--504",
journal = "Journal of Cryptology",
issn = "0933-2790",
publisher = "Springer New York",
number = "4",

}

TY - JOUR

T1 - The twin diffie-hellman problem and applications

AU - Cash, David

AU - Kiltz, Eike

AU - Shoup, Victor

PY - 2009/10

Y1 - 2009/10

N2 - We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem-this is a feature not enjoyed by the Diffie-Hellman problem, in general. Specifically, we show how to build a certain "trapdoor test" that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.

AB - We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem-this is a feature not enjoyed by the Diffie-Hellman problem, in general. Specifically, we show how to build a certain "trapdoor test" that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.

UR - http://www.scopus.com/inward/record.url?scp=68549123481&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=68549123481&partnerID=8YFLogxK

U2 - 10.1007/s00145-009-9041-6

DO - 10.1007/s00145-009-9041-6

M3 - Article

AN - SCOPUS:68549123481

VL - 22

SP - 470

EP - 504

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 4

ER -