The twin diffie-hellman problem and applications

David Cash, Eike Kiltz, Victor Shoup

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem - this is a feature not enjoyed by the ordinary Diffie-Hellman problem. In particular, we show how to build a certain "trapdoor test" which allows us to effectively answer such decision oracle queries, without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Pages127-145
Number of pages19
Volume4965 LNCS
DOIs
StatePublished - 2008
Event27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008 - Istanbul, Turkey
Duration: Apr 13 2008Apr 17 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4965 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008
CountryTurkey
CityIstanbul
Period4/13/084/17/08

Fingerprint

Diffie-Hellman
Cryptography
Encryption
Authenticated Key Exchange
Identity-based Encryption
Discrete Logarithm
Security Proof
Key Exchange
Random Oracle Model
Password
Standard Model
Query

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Cash, D., Kiltz, E., & Shoup, V. (2008). The twin diffie-hellman problem and applications. In Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (Vol. 4965 LNCS, pp. 127-145). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4965 LNCS). https://doi.org/10.1007/978-3-540-78967-3_8

The twin diffie-hellman problem and applications. / Cash, David; Kiltz, Eike; Shoup, Victor.

Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 4965 LNCS 2008. p. 127-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4965 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Cash, D, Kiltz, E & Shoup, V 2008, The twin diffie-hellman problem and applications. in Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. vol. 4965 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4965 LNCS, pp. 127-145, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008, Istanbul, Turkey, 4/13/08. https://doi.org/10.1007/978-3-540-78967-3_8
Cash D, Kiltz E, Shoup V. The twin diffie-hellman problem and applications. In Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 4965 LNCS. 2008. p. 127-145. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-78967-3_8
Cash, David ; Kiltz, Eike ; Shoup, Victor. / The twin diffie-hellman problem and applications. Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 4965 LNCS 2008. pp. 127-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{52883a47ba8f44f796320b45c248993d,
title = "The twin diffie-hellman problem and applications",
abstract = "We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem - this is a feature not enjoyed by the ordinary Diffie-Hellman problem. In particular, we show how to build a certain {"}trapdoor test{"} which allows us to effectively answer such decision oracle queries, without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.",
author = "David Cash and Eike Kiltz and Victor Shoup",
year = "2008",
doi = "10.1007/978-3-540-78967-3_8",
language = "English (US)",
isbn = "3540789669",
volume = "4965 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "127--145",
booktitle = "Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

}

TY - GEN

T1 - The twin diffie-hellman problem and applications

AU - Cash, David

AU - Kiltz, Eike

AU - Shoup, Victor

PY - 2008

Y1 - 2008

N2 - We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem - this is a feature not enjoyed by the ordinary Diffie-Hellman problem. In particular, we show how to build a certain "trapdoor test" which allows us to effectively answer such decision oracle queries, without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.

AB - We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem - this is a feature not enjoyed by the ordinary Diffie-Hellman problem. In particular, we show how to build a certain "trapdoor test" which allows us to effectively answer such decision oracle queries, without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman's non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.

UR - http://www.scopus.com/inward/record.url?scp=44449176564&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=44449176564&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-78967-3_8

DO - 10.1007/978-3-540-78967-3_8

M3 - Conference contribution

AN - SCOPUS:44449176564

SN - 3540789669

SN - 9783540789666

VL - 4965 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 127

EP - 145

BT - Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

ER -