**Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting**

Allison Lewko

**Types of Bilinear Groups**

Prime Order: Composite Order:

**Pros and Cons Composite Order Groups: Prime Order Groups:**

Smaller group order Orthogonal Subgroups Faster pairings Coprime Orders Simple assumptions Large group order Lack of extra structure Slow pairings

Goal Composite Order Groups Prime Order Groups

**Prior State of Affairs Ad Hoc Results General translation [F10] [OT10]**

[BGN05] [LOSTW10] [KSW08] [BSW06] [W09] Ad Hoc Results General translation [F10]

Challenge Prime Order Groups Composite Order Groups Proof construction

**What Features Do Proofs Need?**

Orthogonal Subgroups: Expand/Contract With Computational Assumptions Hidden Parameters: Public Parameters V|PP - random variable - has some entropy Internal View V Simulator Attacker

**Building Orthogonality in Prime Order**

Progress So Far ?

**Exploiting Coprimality**

Chinese Remainder Theorem attacker simulator

**Goal Replace coprimality, CRT Alternate mechanism**

for hiding parameters

**Tool: Dual Pairing Vector Spaces [OT08,09]**

**Orthogonal Subspaces with DPVS**

Orthogonality across bases, not within!

**Hidden Parameters with DPVS**

Can’t detect change! Not Everything! What can be determined about hidden vectors?

**Expanding/Contracting with DPVS**

**Demonstration: Boneh-Boyen IBE**

**Sketch of Proof Dual System Encryption Subspace Assumption Decryption**

Failure! Dual System Encryption

**Further Applications Lewko-Waters Unbounded HIBE**

Natural prime order construction Security from DLIN Simpler proof

**Summary Dual pairing vector spaces 1. orthogonality**

2. parameter hiding Subspace assumption 1. simulated subgroup decision 2. implied by DLIN General tools for translating dual system encryption proofs

**Thanks for your attention.**

Questions?

