Trapdoor DDH groups from pairings and isogenies

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Colleges, School and Institutes

External organisations

  • Universitat Pompeu Fabra


Trapdoor DDH groups are an appealing cryptographic primitive introduced by Dent-Galbraith (ANTS 2006), where DDH instances are hard to solve unless provided with additional information (i.e., a trapdoor). In this paper, we introduce a new trapdoor DDH group construction using pairings and isogenies of supersingular elliptic curves, and present two instantiations of it. The construction solves all shortcomings of previous constructions as identified by Seurin (RSA 2013). We also present partial attacks on a previous construction due to Dent-Galbraith, and we provide a formal security definition of the related notion of "trapdoor pairings".


Original languageEnglish
Title of host publicationSelected Areas in Cryptography - SAC 2020
Publication statusAccepted/In press - 18 Sep 2020
EventSelected Areas in Cryptography - SAC 2020 - Virtual Event
Duration: 21 Oct 202023 Oct 2020

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceSelected Areas in Cryptography - SAC 2020
CityVirtual Event


  • elliptic curve cryptography, pairings, isogenies, trapdoor DDH