Abstract
Let G1 be a cyclic multiplicative group of order n. It is known that the computational Diffie–Hellman (CDH) problem is random self-reducible in G1 if φ(n) is known. That is, given g, gx ∈ G1 for some generator g and oracle access to a “Diffie-Hellman Problem solver” for g, it is possible to compute g1/x ∈ G1 in polynomial time (with which we can then solve the CDH problem w.r.t. any other generator). On the other hand, it is not clear if such a reduction exists when φ(n) is unknown. We exploit this “gap” to construct a novel cryptographic primitive, which we call an Oracle-based Group with Infeasible Inversion (O-GII). O-GIIs have applications in multiparty protocols. We demonstrate this by presenting a novel multi-party key agreement protocol that does not require interaction between the parties. Instead, the protocol requires each party to query a remote stateless device. Our method relies on the observation that it is considerably more expensive to interact with every party connected via an unreliable network, than it is to query one of several identical stateless devices, some of which may be located in a more reliable sub-network.
© de Gruyter 2009
This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
