2010 | OriginalPaper | Chapter
On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields
Author : Robert Granger
Published in: Advances in Cryptology - ASIACRYPT 2010
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
We show that for any elliptic curve
$E(\mathbb{F}_{q^n})$
, if an adversary has access to a Static Diffie-Hellman Problem (Static DHP) oracle, then by making
$O(q^{1-\frac{1}{n+1}})$
Static DHP oracle queries during an initial learning phase, for fixed
n
> 1 and
q
→ ∞ the adversary can solve
any
further instance of the Static DHP in
heuristic
time
$\tilde{O}(q^{1-\frac{1}{n+1}})$
. Our proposal also solves the
Delayed Target DHP
as defined by Freeman, and naturally extends to provide algorithms for solving the
Delayed Target DLP
, the
One-More DHP
and
One-More DLP
, as studied by Koblitz and Menezes in the context of Jacobians of hyperelliptic curves of small genus. We also argue that for
any
group in which index calculus can be effectively applied, the above problems have a natural relationship, and will
always
be easier than the DLP. While practical only for very small
n
, our algorithm reduces the security provided by the elliptic curves defined over
$\mathbb{F}_{p^2}$
and
$\mathbb{F}_{p^4}$
proposed by Galbraith, Lin and Scott at EUROCRYPT 2009, should they be used in any protocol where a user can be made to act as a proxy Static DHP oracle, or if used in protocols whose security is related to any of the above problems.