On the complexity of the discrete logarithm and Diffie-Hellman problems (Q1827563): Difference between revisions

From MaRDI portal
Import240304020342 (talk | contribs)
Set profile property.
ReferenceBot (talk | contribs)
Changed an Item
 
(One intermediate revision by one other user not shown)
Property / full work available at URL
 
Property / full work available at URL: https://doi.org/10.1016/j.jco.2004.01.002 / rank
 
Normal rank
Property / OpenAlex ID
 
Property / OpenAlex ID: W2020427895 / rank
 
Normal rank
Property / cites work
 
Property / cites work: A sieve algorithm for the shortest lattice vector problem / rank
 
Normal rank
Property / cites work
 
Property / cites work: Breaking generalized Diffie-Hellman modulo a composite is no easier than factoring / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4265362 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q3840150 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Algorithms for Black-Box Fields and their Application to Cryptography / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4783727 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q5501847 / rank
 
Normal rank
Property / cites work
 
Property / cites work: A key-exchange system based on imaginary quadratic fields / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q3495438 / rank
 
Normal rank
Property / cites work
 
Property / cites work: On Certain Exponential Sums and the Distribution of Diffie-Hellman Triples / rank
 
Normal rank
Property / cites work
 
Property / cites work: On the statistical properties of Diffie-Hellman distributions / rank
 
Normal rank
Property / cites work
 
Property / cites work: On the connection between the discrete logarithms and the Diffie-Hellman problem / rank
 
Normal rank
Property / cites work
 
Property / cites work: New directions in cryptography / rank
 
Normal rank
Property / cites work
 
Property / cites work: A general framework for subexponential discrete logarithm algorithms / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q2764529 / rank
 
Normal rank
Property / cites work
 
Property / cites work: The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems / rank
 
Normal rank
Property / cites work
 
Property / cites work: A Remark Concerning m-Divisibility and the Discrete Logarithm in the Divisor Class Group of Curves / rank
 
Normal rank
Property / cites work
 
Property / cites work: On the Distribution of Diffie--Hellman Triples with Sparse Exponents / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q3044320 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q3374896 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4263442 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q2708626 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups / rank
 
Normal rank
Property / cites work
 
Property / cites work: Algebraic aspects of cryptography. With an appendix on hyperelliptic curves by Alfred J. Menezes, Yi-Hong Wu, and Robert J. Zuccherato / rank
 
Normal rank
Property / cites work
 
Property / cites work: Linear complexity of the discrete logarithm / rank
 
Normal rank
Property / cites work
 
Property / cites work: Polynomial representations of the Diffie-Hellman mapping / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4940702 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Diffie-Hellman Oracles / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4249629 / rank
 
Normal rank
Property / cites work
 
Property / cites work: The Relationship Between Breaking the Diffie--Hellman Protocol and Computing Discrete Logarithms / rank
 
Normal rank
Property / cites work
 
Property / cites work: The Diffie-Hellman protocol / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q3141896 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Reducing elliptic curve logarithms to logarithms in a finite field / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4856179 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Complexity of a determinate algorithm for the discrete logarithm / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q2724585 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Real and imaginary quadratic representations of hyperelliptic function fields / rank
 
Normal rank
Property / cites work
 
Property / cites work: A simple and fast probabilistic algorithm for computing square roots modulo a prime number (Corresp.) / rank
 
Normal rank
Property / cites work
 
Property / cites work: Monte Carlo Methods for Index Computation (mod p) / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q4409128 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q2764527 / rank
 
Normal rank
Property / cites work
 
Property / cites work: Cryptography in quadratic function fields / rank
 
Normal rank
Property / cites work
 
Property / cites work: Counting points on elliptic curves over finite fields / rank
 
Normal rank
Property / cites work
 
Property / cites work: On the distribution of the Diffie-Hellman pairs / rank
 
Normal rank
Property / cites work
 
Property / cites work: Security of most significant bits of \(g^{x^{2}}\). / rank
 
Normal rank
Property / cites work
 
Property / cites work: Q2765016 / rank
 
Normal rank

Latest revision as of 18:23, 6 June 2024

scientific article
Language Label Description Also known as
English
On the complexity of the discrete logarithm and Diffie-Hellman problems
scientific article

    Statements

    On the complexity of the discrete logarithm and Diffie-Hellman problems (English)
    0 references
    0 references
    0 references
    6 August 2004
    0 references
    The discrete logarithm problem (DLP): given an element \(a\) in a cyclic group \(G=\langle g\rangle\) of order \(n\) find the unique integer \(x\),\,\, \(0\leq x \leq n-1\) such that \(a = g^x\), is widely believed to be a computationally hard problem. It was proposed as a one-way function for use in public-key cryptography in the foundational paper of \textit{W. Diffie} and \textit{M. E. Hellman} [IEEE Trans. Inf. Theory 22, 644--654 (1976; Zbl 0435.94018)]. In that paper Diffie and Hellman also give a key exchange method related to DLP: two users randomly choose integers \(a,b\in (1,n)\)\,\, and they exchange \(g^a,g^b\). Each of them is then able to compute the common value \(g^{ab}\). The computation of \(g^{ab}\)\, given only \(g^a,g^b\) is called the Diffie-Hellman problem (DHP). Of course if one can solve DLP one can also solve DHP. A connected problem is the decision DHP (DDHP): given \(g^a,g^b,g^c\)\, decide if \(ab\equiv c \bmod n\). In general, DDHP is no harder than DHP and this is no harder than DLP. The object of the present paper is the study of some aspects of these relationships. In Section 2 the authors give an overview of the state of the art of these three and other related problems. Section 3 deals with the computational complexity of these problems in generic cyclic groups. An algorithm is called generic if it works for arbitrary groups, in contrast to algorithms that make use of some particular presentation of the group elements, as is the case in the well-known index-calculus method, which provides an algorithm of subexponential complexity for the DLP in multiplicative groups of finite fields and in Jacobians of hyperelliptic curves of large genus. Section 5 is the core of the paper. The authors first remember a previous result of \textit{D. Boneh} and \textit{R. Venkatesan} [Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Proc. CRYPTO `96, Lect. Notes Comput. Sci. 1109, 129--142 (1996)] that shows that it is as hard to compute the \(O(\sqrt n)\) most significant bits of the DHP as it is to compute the whole function. They prove then that if the DDHP is supposed to be hard then computing the two most significant bits of the DHP is also hard. The last section of the paper discusses the open question as to whether there exists a deterministic reduction of DDHP to the problem of computing the two most significant bits of DHP. A large list of references is also provided at the end of the paper.
    0 references
    cryptography
    0 references
    discrete logarithm problem
    0 references
    Diffie-Hellman problems
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references

    Identifiers

    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references