# Re: multiplicative group question

**From:** Khan (*khanhvn_at_yahoo.com*)

**Date:** 07/20/05

**Next message:**Gregory G Rose: "Re: Does this change the randomness?"**Previous message:**Bodo Moeller: "Re: general question how to choose parameters"**Maybe in reply to:**David Wagner: "Re: multiplicative group question"**Messages sorted by:**[ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 20 Jul 2005 11:24:43 -0700

Thanks. The reason I asked that question is that such a (semi)group G

could be useful for Identity-Based (IBC) key distribution. The method

is very simple:

- Let s in G be a system secret known only by a trusted authority (TA).

- Entity A is given its private key = s^A

- To communicate w/ B, A calculates the pair-wise shared key = (s^A)^B.

B does the same (s^B)^A = s^(AB).

The properties (1) and (2) of G will prevent finding s from s^A and

finding s^C from s^A, s^B...

Such a method (if it works) is much simpler than currently known IBC

methods (e.g. Elliptic curves + Weil pairing):

I was thinking about G being the set Cm of complex modular numbers

(i.e. a complex number whose real & img parts are in Zm.) It can be

showed that Cm is a semigroup: multiplication in Cm is associative

(with identity I=1+0i), but multiplicative inverse does not always

exist.

Unfortunately, Scott Fluhrer pointed out that the subgroup generated by

any s in Cm is always a group (inverse does exist).

So the quest for the holy grail continues :)

**Next message:**Gregory G Rose: "Re: Does this change the randomness?"**Previous message:**Bodo Moeller: "Re: general question how to choose parameters"**Maybe in reply to:**David Wagner: "Re: multiplicative group question"**Messages sorted by:**[ date ] [ thread ] [ subject ] [ author ] [ attachment ]