On the decisional Diffie-Hellman problem for class group actions on oriented elliptic curves

TL;DR

This paper introduces a new method using the Weil pairing to evaluate characters of imaginary quadratic orders, effectively breaking the decisional Diffie-Hellman problem for many oriented elliptic curves and improving related cryptographic reductions.

Contribution

It presents a simpler, faster approach based on the Weil pairing for evaluating characters, breaking the decisional Diffie-Hellman problem for a broad class of oriented elliptic curves.

Findings

Breaks decisional Diffie-Hellman for most oriented elliptic curves with even-order class groups

Simplifies and accelerates evaluation of assigned characters using Weil pairing

Enhances the effectiveness of Wesolowski's reduction in cryptographic problems

Abstract

We show how the Weil pairing can be used to evaluate the assigned characters of an imaginary quadratic order $\mathcal{O}$ in an unknown ideal class $[\mathfrak{a}] \in \mathrm{Cl}(\mathcal{O})$ that connects two given $\mathcal{O}$-oriented elliptic curves $(E, \iota)$ and $(E', \iota') = [\mathfrak{a}](E, \iota)$. When specialized to ordinary elliptic curves over finite fields, our method is conceptually simpler and often somewhat faster than a recent approach due to Castryck, Sot\'akov\'a and Vercauteren, who rely on the Tate pairing instead. The main implication of our work is that it breaks the decisional Diffie-Hellman problem for practically all oriented elliptic curves that are acted upon by an even-order class group. It can also be used to better handle the worst cases in Wesolowski's recent reduction from the vectorization problem for oriented elliptic curves to the endomorphism ring problem, leading to a method that always works in sub-exponential time.