On random walks for Pollard's Rho method
Mathematics of Computation
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Discrete Applied Mathematics
Full-domain subgroup hiding and constant-size group signatures
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
A verifiable random function with short proofs and keys
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Security analysis of the strong diffie-hellman problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Pairing-Friendly elliptic curves of prime order
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Remarks on Cheon's algorithms for pairing-related problems
Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
Handbook of Elliptic and Hyperelliptic Curve Cryptography, Second Edition
Handbook of Elliptic and Hyperelliptic Curve Cryptography, Second Edition
Solving DLP with auxiliary input over an elliptic curve used in TinyTate library
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Using equivalence classes to accelerate solving the discrete logarithm problem in a short interval
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Solving a DLP with auxiliary input with the ρ-algorithm
WISA'11 Proceedings of the 12th international conference on Information Security Applications
Solving a discrete logarithm problem with auxiliary input on a 160-bit elliptic curve
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Hi-index | 0.00 |
The Boneh-Boyen signature scheme is a pairing based short signature scheme which is provably secure in the standard model under the q -Strong Diffie-Hellman assumption. In this paper, we prove the converse of this statement, and show that forging Boneh-Boyen signatures is actually equivalent to solving the q -Strong Diffie-Hellman problem. Using this equivalence, we exhibit an algorithm which, on the vast majority of pairing-friendly curves, recovers Boneh-Boyen private keys in $O(p^{\frac{2}{5}+\varepsilon})$ time, using $O(p^{\frac{1}{5}+\varepsilon})$ signature queries. We present implementation results comparing the performance of our algorithm and traditional discrete logarithm algorithms such as Pollard's lambda algorithm and Pollard's rho algorithm. We also discuss some possible countermeasures and strategies for mitigating the impact of these findings.