Towards a Classification of Noninteractive Computational Assumptions in

Towards a Classification of Non-interactive Computational Assumptions in Cyclic Groups Essam Ghadafi University of the West of England Jens Groth University College London

Prime order cyclic group •

Computational problems in cyclic groups •

Non-interactive computational assumptions Generic group model ? ? ? Computational Diffie-Hellman (CDH) Discrete logarithm (DL)

Non-interactive computational assumptions Generic group model Polynomial assumptions Fractional assumptions Computational Diffie-Hellman (CDH) Discrete logarithm problem (DL)

Non-interactive computational assumption •

• Ensures generic adversary cannot break assumption Adversary’s target

Hierarchy of target assumptions GDHE & SFrac Polynomial & Fractional Univariate simple target Simple target assumptions Target assumptions

Uber assumptions •

Target assumption hierarchy 3 -GDHE & 3 -SFrac 2 -GDHE & 2 -SFrac 1 -GDHE & 1 -SFrac CDH

Structural analysis 3 -GDHE 3 -SFrac 2 -GDHE 2 -SFrac 1 -GDHE 1 -SFrac CDH

Asymmetric bilinear groups •

2 -BGDHE & 2 -BSFrac 2 -BGap & 2 -BSFrac 1 -BGDHE & 1 -BSFrac 1 -BGap & 1 -BSFrac CDH

Open problems •

Conclusions • Cryptographers – Most non-interactive computational assumptions in use are implied by the GDHE & SFrac assumptions – All non-fractional assumptions are implied by GDHE, giving us a “canary in the coal mine” barrier • Cryptanalysts – The GDHE and SFrac assumptions are the easiest targets to attack – Do not try to break discrete log, attack the “canary in the coal mine” assumptions first