Abstract:
|
Comunicació presentada a: CRYPTO 2013 The 33rd Annual Cryptology Conference, celebrada del 18 al 22 d'agost de 2013 a Santa Bàrbara, Califòrnia, Estats Units d'Amèrica. |
Abstract:
|
We put forward a new algebraic framework to generalize and analyze Di_e-Hellman like Decisional
Assumptions which allows us to argue about security and applications by considering only algebraic
properties. Our D`;k-MDDH assumption states that it is hard to decide whether a vector in G` is
linearly dependent of the columns of some matrix in G`_k sampled according to distribution D`;k. It
covers known assumptions such as DDH, 2-Lin (linear assumption), and k-Lin (the k-linear assumption).
Using our algebraic viewpoint, we can relate the generic hardness of our assumptions in m-linear groups
to the irreducibility of certain polynomials which describe the output of D`;k. We use the hardness results
to _nd new distributions for which the D`;k-MDDH-Assumption holds generically in m-linear groups. In
particular, our new assumption 2-SCasc is generically hard in bilinear groups and, compared to 2-Lin, has
shorter description size, which is a relevant parameter for e_ciency in many applications. These results
support using our new assumption as a natural replacement for the 2-Lin Assumption which was already
used in a large number of applications.
To illustrate the conceptual advantages of our algebraic framework, we construct several fundamental
primitives based on any MDDH-Assumption. In particular, we can give many instantiations of a primitive
in a compact way, including public-key encryption, hash-proof systems, pseudo-random functions, and
Groth-Sahai NIZK and NIWI proofs. As an independent contribution we give more e_cient NIZK proofs
for membership in a subgroup of G`, for validity of ciphertexts and for equality of plaintexts. The results
imply very signi_cant e_ciency improvements for a large number of schemes, most notably Naor-Yung
type of constructions. |