An Algebraic Framework for Diffie–Hellman Assumptions

We put forward a new algebraic framework to generalize and analyze Diffie–Hellman like decisional assumptions which allows us to argue about security and applications by considering only algebraic properties. Our 𝒟_ℓ ,k- Assumption states that it is hard to decide whether a vector in 𝔾^ℓ is linearly dependent of the columns of some matrix in 𝔾^ℓ× k sampled according to distribution 𝒟_ℓ ,k . It covers known assumptions such as , 2- (Linear Assumption) and k- (the k -Linear Assumption). Using our algebraic viewpoint, we can relate the generic hardness of our assumptions in m -linear groups to the irreducibility of certain polynomials which describe the output of 𝒟_ℓ ,k . We use the hardness results to find new distributions for which the 𝒟_ℓ ,k- Assumption holds generically in m -linear groups. In particular, our new assumptions 2- and 2- are generically hard in bilinear groups and, compared to 2- , have shorter description size, which is a relevant parameter for efficiency in many applications. These results support using our new assumptions as natural replacements for the 2- assumption which was already used in a large number of applications. To illustrate the conceptual advantages of our algebraic framework, we construct several fundamental primitives based on any Assumption. In particular, we can give many instantiations of a primitive in a compact way, including public-key encryption, hash proof systems, pseudo-random functions, and Groth–Sahai NIZK and NIWI proofs. As an independent contribution, we give more efficient NIZK and NIWI proofs for membership in a subgroup of 𝔾^ℓ . The results imply very significant efficiency improvements for a large number of schemes.