SAC2020 Invited Talk: Trustless groups of unknown order

Talk by Benjamin Smith, INRIA and École Polytechnique

Groups of unknown order have cryptographic applications including time-lock puzzles, verifiable delay functions, and accumulators. While a trusted authority might simply choose an RSA group and be done with it, in the trustless setting the problem of generating cryptographically secure unknown-order groups is much more subtle. We will explore this problem, comparing two concrete constructions - class groups of quadratic imaginary fields, and Jacobians of hyperelliptic curves - with a special focus on the surprisingly complicated issues of security levels and appropriate key sizes