TY - JOUR
T1 - On a relation between knowledge-of-exponent assumptions and the DLog vs. CDH question
AU - Kraiem, Firas
AU - Isobe, Shuji
AU - Koizumi, Eisuke
AU - Shizuya, Hiroki
N1 - Funding Information:
This work was supported in part by JSPS KAKENHI Grant Numbers 19K03612 and 19K11956.
Publisher Copyright:
Copyright © 2021 The Institute of Electronics, Information and Communication Engineers
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Knowledge-of-exponent assumptions (KEAs) are a somewhat controversial but nevertheless commonly used type of cryptographic assumptions. While traditional cryptographic assumptions simply assert that certain tasks (like factoring integers or computing discrete logarithms) cannot be performed efficiently, KEAs assert that certain tasks can be performed efficiently, but only in certain ways. The controversy surrounding those assumptions is due to their non-falsifiability, which is due to the way this idea is formalised, and to the general idea that these assumptions are “strong”. Nevertheless, their relationship to existing assumptions has not received much attention thus far. In this paper, we show that the first KEA (KEA1), introduced by Damgård in 1991, implies that computing discrete logarithms is equivalent to solving the computational Diffie-Hellman (CDH) problem. Since showing this equivalence in the standard setting (i.e., without the assumption that KEA1 holds) is a longstanding open question, this indicates that KEA1 (and KEAs in general) are indeed quite strong assumptions.
AB - Knowledge-of-exponent assumptions (KEAs) are a somewhat controversial but nevertheless commonly used type of cryptographic assumptions. While traditional cryptographic assumptions simply assert that certain tasks (like factoring integers or computing discrete logarithms) cannot be performed efficiently, KEAs assert that certain tasks can be performed efficiently, but only in certain ways. The controversy surrounding those assumptions is due to their non-falsifiability, which is due to the way this idea is formalised, and to the general idea that these assumptions are “strong”. Nevertheless, their relationship to existing assumptions has not received much attention thus far. In this paper, we show that the first KEA (KEA1), introduced by Damgård in 1991, implies that computing discrete logarithms is equivalent to solving the computational Diffie-Hellman (CDH) problem. Since showing this equivalence in the standard setting (i.e., without the assumption that KEA1 holds) is a longstanding open question, this indicates that KEA1 (and KEAs in general) are indeed quite strong assumptions.
KW - Cryptographic assumptions
KW - Diffie-Hellman
KW - Discrete logarithm
KW - Knowledge-of-exponent
UR - http://www.scopus.com/inward/record.url?scp=85099182086&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099182086&partnerID=8YFLogxK
U2 - 10.1587/transfun.2020CIP0002
DO - 10.1587/transfun.2020CIP0002
M3 - Article
AN - SCOPUS:85099182086
SN - 0916-8508
SP - 20
EP - 24
JO - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
JF - IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
IS - 1
ER -