Content deleted Content added
m v2.05b - Bot T20 CW#61 - Fix errors for CW project (Reference before punctuation) |
Link suggestions feature: 3 links added. |
||
| (2 intermediate revisions by 2 users not shown) | |||
Line 20:
If symmetric, pairings can be used to reduce a hard problem in one group to a different, usually easier problem in another group.
For example, in groups equipped with a [[Bilinear map|bilinear mapping]] such as the [[Weil pairing]] or [[Tate pairing]], generalizations of the [[Diffie–Hellman problem|computational Diffie–Hellman problem]] are believed to be infeasible while the simpler [[decisional Diffie–Hellman assumption|decisional Diffie–Hellman problem]] can be easily solved using the [[pairing function]]. The first group is sometimes referred to as a '''Gap Group''' because of the assumed difference in difficulty between these two problems in the group.<ref name=":0">{{Cite
Let <math>e</math> be a non-degenerate, efficiently computable, bilinear pairing. Let <math>g</math> be a generator of <math>G</math>. Consider an instance of the [[Computational Diffie–Hellman problem|CDH problem]], <math>g</math>,<math>g^x</math>, <math>g^y</math>. Intuitively, the pairing function <math>e</math> does not help us compute <math>g^{xy}</math>, the solution to the CDH problem. It is conjectured that this instance of the CDH problem is intractable. Given <math>g^z</math>, we may check to see if <math>g^z=g^{xy}</math> without knowledge of <math>x</math>, <math>y</math>, and <math>z</math>, by testing whether <math>e(g^x,g^y)=e(g,g^z)</math> holds.
Line 35:
== Cryptanalysis ==
In June 2012 the [[National Institute of Information and Communications Technology]] (NICT), [[Kyushu University]], and [[Fujitsu#Fujitsu Laboratories|Fujitsu Laboratories Limited]] improved the previous bound for successfully computing a [[discrete logarithm]] on a [[supersingular elliptic curve]] from 676 bits to 923 bits.<ref>{{cite web |work=Press release from NICT |date=June 18, 2012 |url=http://www.nict.go.jp/en/press/2012/06/18en-1.html |title=NICT, Kyushu University and Fujitsu Laboratories Achieve World Record Cryptanalysis of Next-Generation Cryptography }}</ref>
In 2016, the Extended Tower [[General number field sieve|Number Field Sieve]] algorithm<ref>{{Cite journal |last1=Kim |first1=Taechan |last2=Barbulescu |first2=Razvan |date=2015 |title=Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case |url=https://eprint.iacr.org/2015/1027 |journal=Cryptology ePrint Archive |language=en}}</ref> allowed to reduce the complexity of finding discrete logarithm in some resulting groups of pairings. There are several variants of the multiple and extended tower number field sieve algorithm expanding the applicability and improving the complexity of the algorithm. A unified description of all such algorithms with further improvements was published in 2019.<ref>{{cite journal |last1=Sarkar |first1=Palash |last2=Singh |first2=Shashank |year=2019 |title=A unified polynomial selection method for the (tower) number field sieve algorithm
==References==
| |||