Re: Multiplicative Homomorphic Mapping

Aldar C-F. Chan wrote:

I am not sure if I understand the difficulty of this problem well enough.
Given g^x for unknown x, I don't see why finding h^x has to be as
difficult as finding x.  At the very least, given an algorithm doing so,
it appears that the DL problem cannot be solved.

I am not sure if the following could be possible counterexample:

Suppose G is a supersingular elliptic over F_p with a non-degenerate
pairing to F_p^l, let P in G be a subgroup of order q (call it S_1), then
the pairing e(P,P) is a generator of a subgroup in F_p^l (call it S_2)
of the same order.

Given xP in S_1, we can find e(P,P)^x = e(xP,P).

Hmm. I agree that the Weil pairing gives you a computable homomorphism, where you don't need to use the DL. However,
it seems to me that something is a little bit wrong. Isn't
the Weil pairing anti-symmetric (or rather the DL of the pairing to make it additive), and, consequently e(P,P)=1 for all P. IIRC the way this pairing is used to attack the DLP on an elliptic curve (there's no need to assume that it is supersingular, is there?) is to use a fixed point Q outside the group generated by P. Granted on a supersingular curve
(over a binary field at least) you can choose Q to have the
same order as P... Sorry, I'm a bit rusty there :)


This is a very special instance and what I want to find is other more general
instances.

Good luck! I'm way out of my depth here, but it wouldn't surprise, if a similar pairing existed on the torsion subgroups of higher dimensional abelian varieties. After all, the Weil pairing on ECs has many of the features of
the cup product on first cohomology.

Cheers,

Jyrki

.

Relevant Pages

  • Re: Multiplicative Homomorphic Mapping
    ... the pairing eis a generator of a subgroup in F_p^l ... This is a very special instance and what I want to find is other more ...
    (sci.math)
  • Re: Weil pairing - elliptic curve - simple example
    ... I understand a some of the definition and properties of theWeil ... the Weil pairing then have some nice bilinear properties ... specific points, calculate the weil pairing. ... calculating the divisor too. ...
    (sci.math)
  • Re: Weil pairing - elliptic curve - simple example
    ... I understand a some of the definition and properties of theWeil ... the Weil pairing then have some nice bilinear properties ... specific points, calculate the weil pairing. ... calculating the divisor too. ...
    (sci.math)
  • Re: Multiplicative Homomorphic Mapping
    ... I agree that the Weil pairing gives you a computable homomorphism, ... is a generator if P is a generator. ... > on an elliptic curve (there's no need to assume that it is supersingular, ... needed pairing exists in supersingular curve, ...
    (sci.math)