The Twin Diffie–Hellman Problem and Applications

Authors:
David Cash;Eike Kiltz;Victor Shoup
Affiliations:
Georgia Institute of Technology, College of Computing, 30332, Atlanta, GA, USA;CWI, Cryptology & Information Security Group, Amsterdam, The Netherlands;New York University, Courant Institute, Dept. of Computer Science, 251 Mercer Street, 10012, New York, NY, USA
Venue:
Journal of Cryptology
Year:
2009

Citing 0
Cited 8

Efficient chosen-ciphertext security via extractable hash proofs

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Strongly secure two-pass attribute-based authenticated key exchange

Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Public key encryption schemes with bounded CCA security and optimal ciphertext length based on the CDH assumption

ISC'10 Proceedings of the 13th international conference on Information security
Random oracle reducibility

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
TMQV: a strongly eCK-secure Diffie-Hellman protocol without gap assumption

ProvSec'11 Proceedings of the 5th international conference on Provable security
Public key encryption against related key attacks

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Restricted identification scheme and diffie-hellman linking problem

INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Publicly verifiable ciphertexts

Journal of Computer Security - Advances in Security for Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a new computational problem called the twin Diffie–Hellman problem. This problem is closely related to the usual (computational) Diffie–Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie–Hellman problem. Moreover, the twin Diffie–Hellman problem is at least as hard as the ordinary Diffie–Hellman problem. However, we are able to show that the twin Diffie–Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem—this is a feature not enjoyed by the Diffie–Hellman problem, in general. Specifically, we show how to build a certain “trapdoor test” that allows us to effectively answer decision oracle queries for the twin Diffie–Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie–Hellman problem is hard. We present several other applications as well, including a new variant of Diffie and Hellman’s non-interactive key exchange protocol; a new variant of Cramer–Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh–Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.