Search Results

Documents authored by Jančová, Ľubica


Document
On the Distributed Discrete Logarithm Problem with Preprocessing

Authors: Pavel Hubáček, Ľubica Jančová, and Veronika Králová

Published in: LIPIcs, Volume 230, 3rd Conference on Information-Theoretic Cryptography (ITC 2022)


Abstract
Protocols solving the Distributed Discrete Logarithm (DDLog) problem are a core component of many recent constructions of group-based homomorphic secret sharing schemes. On a high-level, these protocols enable two parties to transform multiplicative shares of a secret into additive share locally without any communication. Due to their important applications, various generic optimized DDLog protocols were proposed in the literature, culminating in the asymptotically optimal generic protocol of Dinur, Keller, and Klein (J. Cryptol. 2020) solving DDLog in time T with error probability O(W/T²) when the magnitude of the secret is bounded by W. Given that DDLog is solved repeatedly with respect to a fixed group in its applications, a natural approach for improving the efficiency of DDLog protocols could be via leveraging some precomputed group-specific advice. To understand the limitations of this approach, we revisit the distributed discrete logarithm problem in the preprocessing model and study the possible time-space trade-offs for DDLog in the generic group model. As our main result, we show that, in a group of size N, any generic DDLog protocol for secrets of magnitude W with parties running in time T using precomputed group-specific advice of size S has success probability ε = O (T²/W + max{S,log W} ⋅ T²/N) . Thus, assuming N ≥ W log W, we get a lower bound ST² = Ω(ε N) on the time-space trade-off for DDLog protocols using large advice of size S = Ω(N/W). Interestingly, for DDLog protocols using small advice of size S = O(N/W), we get a lower bound T² = Ω(ε W) on the running time, which, in the constant-error regime, asymptotically matches the running time of the DDLog protocol without any advice of Dinur et al. (J. Cryptol. 2020). In other words, we show that generic DDLog protocols achieving constant success probability do not benefit from any advice of size S = O(N/W) in the online phase of the DDLog problem.

Cite as

Pavel Hubáček, Ľubica Jančová, and Veronika Králová. On the Distributed Discrete Logarithm Problem with Preprocessing. In 3rd Conference on Information-Theoretic Cryptography (ITC 2022). Leibniz International Proceedings in Informatics (LIPIcs), Volume 230, pp. 6:1-6:19, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)


Copy BibTex To Clipboard

@InProceedings{hubacek_et_al:LIPIcs.ITC.2022.6,
  author =	{Hub\'{a}\v{c}ek, Pavel and Jan\v{c}ov\'{a}, \v{L}ubica and Kr\'{a}lov\'{a}, Veronika},
  title =	{{On the Distributed Discrete Logarithm Problem with Preprocessing}},
  booktitle =	{3rd Conference on Information-Theoretic Cryptography (ITC 2022)},
  pages =	{6:1--6:19},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-238-9},
  ISSN =	{1868-8969},
  year =	{2022},
  volume =	{230},
  editor =	{Dachman-Soled, Dana},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.ITC.2022.6},
  URN =		{urn:nbn:de:0030-drops-164847},
  doi =		{10.4230/LIPIcs.ITC.2022.6},
  annote =	{Keywords: Distributed discrete logarithm problem, preprocessing, generic group model}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail