International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Complexity of Cryptographic Groups and Generic Group Models

Authors:
Keyu Ji , The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Cong Zhang , The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Taiyu Wang , The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Bingsheng Zhang , The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Hong-Sheng Zhou , Virginia Commonwealth University
Xin Wang , Ant Group
Kui Ren , The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Download:
Search ePrint
Search Google
Conference: ASIACRYPT 2024
Abstract: Ever since the seminal work of Diffie and Hellman, cryptographic (cyclic) groups have served as a fundamental building block for constructing cryptographic schemes and protocols. The security of these constructions can often be based on the hardness of (cyclic) group-based computational assumptions. Then, the generic group model (GGM) has been studied as an idealized model (Shoup, EuroCrypt 1997), which justifies the hardness of many (cyclic) group-based assumptions and shows the limits of some group-based cryptosystems. We stress that, the importance of the length of group encoding, either in a concrete group-based construction or assumption, or in the GGM, has not been studied. In this work, we initiate a systematic study on the complexity of cryptographic groups and generic group models, varying in different lengths of group encodings, and demonstrate evidences that ``the length matters''. More concretely, we have the following results: -- We show that there is no black-box/relativizing reduction from the CDH-secure groups (i.e., over such groups, the computational Diffie-Hellman assumption holds) with shorter encodings, to the CDH-secure groups with longer encodings, within the same security parameter. More specifically, given any arbitrary longer CDH-secure group, it is impossible to generically shorten the group encoding and obtain a shorter CDH-secure group within the same group order. -- We show that there is a strict hierarchy of the GGMs with different lengths of encodings. That is, in the framework of indifferentiability, the shorter GGM is strictly stronger than the longer ones, even in the presence of computationally bounded adversaries.
BibTeX
@inproceedings{asiacrypt-2024-34575,
  title={On the Complexity of Cryptographic Groups and Generic Group Models},
  publisher={Springer-Verlag},
  author={Keyu Ji and Cong Zhang and Taiyu Wang and Bingsheng Zhang and Hong-Sheng Zhou and Xin Wang and Kui Ren},
  year=2024
}