## Black-Box Extension Fields and the Inexistence of Field-Homomorphic One-Way Permutations

Citations: | 6 - 0 self |

### BibTeX

@MISC{Maurer_black-boxextension,

author = {Ueli Maurer and Dominik Raub},

title = {Black-Box Extension Fields and the Inexistence of Field-Homomorphic One-Way Permutations},

year = {}

}

### OpenURL

### Abstract

The black-box field (BBF) extraction problem is, for a given field�, to determine a secret field element hidden in a black-box which allows to add and multiply values in�in the box and which reports only equalities of elements in the box. This problem is of cryptographic interest for two reasons. First, for ���Ôit corresponds to the generic reduction of the discrete logarithm problem to the computational Diffie-Hellman problem in a group of prime orderÔ. Second, an efficient solution to the BBF problem proves the inexistence of certain field-homomorphic encryption schemes whose realization is an interesting open problems in algebra-based cryptography. BBFs are also of independent interest in computational algebra. In the previous literature, BBFs had only been considered for the prime field case. In this paper we consider a generalization of the extraction problem to BBFs that are extension fields. More precisely we discuss the representation problem defined as follows: For given generators��������algebraically generating a BBF and an additional elementÜ, all hidden in a black-box, expressÜalgebraically in terms of ��������. We give an efficient algorithm for this representation problem and related problems for fields with small characteristic (e.g.���Òfor someÒ). We also consider extension fields of large characteristic and show how to reduce the representation problem to the extraction problem for the underlying prime field. These results imply the inexistence of field-homomorphic (as opposed to only group-homomorphic, like RSA) one-way permutations for fields of small characteristic.

### Citations

2904 | New Directions in Cryptography
- Diffie, Hellman
- 1976
(Show Context)
Citation Context ...onal DiffieHellman problem in any group of prime orderÔ(see [Mau94]). So an efficient algorithm for the extraction problem for�Ôprovides a security proof for the Diffie-Hellman key agreement protocol =-=[DH76]-=- in any group of orderÔfor which the discrete logarithm problem is hard. 2 Boneh and Lipton [BL96] gave a second reason why the extraction problem is of interest in cryptography, namely to prove the i... |

78 |
Algorithms for black-box fields and their application to cryptography
- Boneh, Lipton
- 1996
(Show Context)
Citation Context ...ver, the existence of the help-string, which is actually the description of an elliptic curve of smooth order over�Ô, depends on a plausible but unproven number-theoretic conjecture. Boneh and Lipton =-=[BL96]-=- proposed a similar but uniform algorithm for the extraction problem in�Ô, but its running time is subexponential and the analysis also relies on a related unproven number-theoretic conjecture. 1.3 Bl... |

76 | Non-interactive Cryptocomputing for NC1 - Sander, Young, et al. - 1999 |

69 | Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms
- Maurer
- 1994
(Show Context)
Citation Context ...t only allows addition but also multiplication of values moduloÔ, then this corresponds to a black-box field (BBF). An efficient (non-uniform) algorithm for the extraction problem in�Ôwas proposed in =-=[Mau94]-=- (see also [MW99]), where non-uniform means that the algorithm depends onÔor, equivalently, obtains a helpstring that depends onÔ. Moreover, the existence of the help-string, which is actually the des... |

68 |
Finite fields, volume 20 of Encyclopedia of Mathematics and its Applications
- Lidl, Niederreiter
- 1997
(Show Context)
Citation Context ...no knowledge of the plaintext field. 4sØÖ�Ô���Ô������s����Ô��� For every�dividing�, there is a subfield�Ô�of�Ô�. The trace functionØÖ�Ô���Ô���Ô���Ô�, defined as is a surjective and�Ô�-linear function =-=[LN97]-=-. 2.2 The Black-box Model We make use of the abstract model of computation from [Mau05]: A black-box field��is characterized by a black-box�which can store an (unbounded number of) values from some fi... |

56 | An unconditionally secure additive and multiplicative privacy homomorphism, lEEE Trans. Inorm. theory - Domingo-Ferrer - 1996 |

49 |
bounds for discrete logarithms and related problems
- Lower
- 1997
(Show Context)
Citation Context ...st, generic algorithms can be used no matter how the structure is represented, and second, this model allows for significant lower bound proofs for certain computational problems. For instance, Shoup =-=[Sho97]-=- proved a lower bound on the complexity of any generic algorithm for computing discrete logarithms in a finite cyclic group. Representation-independent algorithms on a given algebraic structureËare be... |

43 | Processing encrypted data - Ahituv, Lapid, et al. - 1987 |

40 | A polynomial-time theory of black-box groups. I - Babai, Beals - 1999 |

39 | The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms
- Maurer, Wolf
- 1999
(Show Context)
Citation Context ...tion but also multiplication of values moduloÔ, then this corresponds to a black-box field (BBF). An efficient (non-uniform) algorithm for the extraction problem in�Ôwas proposed in [Mau94] (see also =-=[MW99]-=-), where non-uniform means that the algorithm depends onÔor, equivalently, obtains a helpstring that depends onÔ. Moreover, the existence of the help-string, which is actually the description of an el... |

19 |
Finding isomorphisms between finite fields
- Lenstra
- 1991
(Show Context)
Citation Context ...����������� �forÃ. Hence the isomorphism� can simply and efficiently be computed by basis representation. Corollary 3. Let��be a BBF of characteristicÔandÃsome explicitly given field (in the sense of =-=[Len91]-=-) such thatÃ����. Then the isomorphism problem for��andÃcan be efficiently reduced to the representation problem for�Ô. Proof. We show that it is efficiently possible to find a fieldÃ����that is expli... |

16 |
Abstract models of computation in cryptography
- Maurer
- 2005
(Show Context)
Citation Context ...ere is a subfield�Ô�of�Ô�. The trace functionØÖ�Ô���Ô���Ô���Ô�, defined as is a surjective and�Ô�-linear function [LN97]. 2.2 The Black-box Model We make use of the abstract model of computation from =-=[Mau05]-=-: A black-box field��is characterized by a black-box�which can store an (unbounded number of) values from some finite field�Ô�of known characteristicÔbut not necessarily known extension degree in inte... |

7 | Factoring polynomials over special finite fields; Finite Fields and Their Applications 7(2001 - Bach, Gathen, et al. |

2 | Algorithmic Number Theory, volume 1 of Foundations of Computing - Bach, Shallit - 1996 |

1 | Non-interactive CryptoComputing forÆ�.In - Sander, Young, et al. - 1999 |