Diffie-Hellman problem
From Wikipedia, the free encyclopedia
The Diffie-Hellman problem (DHP) is the name of a specific problem in cryptography that was first proposed by Whitfield Diffie and Martin Hellman. The DHP is a problem that is assumed to be "difficult" to do, and some cryptography schemes are variants of the problem. If someone could find an easy solution to the DHP, then these encryption schemes would also break easily. Understanding the difficulty of the DHP is a very important concept in modern cryptography.
Contents |
[edit] Problem description
The Diffie-Hellman problem is posed as follows:
- Given an element g and the values of gx and gy, what is the value of gxy?
Formally, g is an element of some group (typically the multiplicative group of a finite field or an elliptic curve group) and x and y are integers chosen but unknown to the observer.
In other words, if an eavesdropper has access to the public keys of two people, Alice and Bob, can he perform the private key operation in a Diffie-Hellman key exchange. A fast means of solving the DHP would yield a method to break Diffie-Hellman key exchange and many of its variants, such as Elgamal encryption.
[edit] Its difficulty
In cryptography, for certain groups, it is assumed that the DHP is hard, and this is often called the Diffie-Hellman assumption. The problem has survived scrutiny for a few decades and no "easy" solution has yet been found.
As of 2006, the most efficient means known to solve the DHP is to solve the discrete logarithm problem (DLP), which is to find x given gx. In fact, significant progress (by den Boer, Maurer, Wolf, Boneh and Lipton) has been made towards showing that over many groups the DHP is almost as hard as the DLP. There is no proof to date that either the DHP (or the DLP) is a hard problem, except in generic groups (by Nechaev and Shoup).
[edit] Other variants
Many variants of the Diffie-Hellman problem have been considered. The most significant variant is the decisional Diffie-Hellman problem (DDHP), which is to distinguish gxy from gz given g, gx, and gy. Sometimes the DHP is called the computational Diffie-Hellman problem (CDHP) to more clearly distinguish it from the DDHP. Recently groups with pairings have become popular, and in these groups the DDHP is easy, yet the DHP is still assumed to be hard. For less signficant variants of the DHP see the references.
[edit] References
- B. den Boer, Diffie-Hellman is as strong as discrete log for certain primes in Advances in Cryptology - CRYPTO 88, Lecture Notes in Computer Science 403, Springer, p. 530, 1998.
- U. M. Maurer and S. Wolf, Diffie-Hellman oracle in Advances in Cryptology - CRYPTO 96, (N. Koblitz, ed.), Lecture Notes in Computer Science 1070, Springer, pp. 268-282, 1996.
- U. M. Maurer and S. Wolf, The Diffie-Hellman protocol, Designs, Codes, and Cryptography, 19, pp. 141-171, 2000.
- D. Boneh and R. J. Lipton, Algorithms for black-box fields and their application to cryptotography in Advances in Cryptology - CRYPTO 96, (N. Koblitz, ed.), Lecture Notes in Computer Science 1070, Springer, pp. 283-297, 1996.
- A. Muzereau, N. P. Smart and F. Vercauteran, The equivalence between the DHP and DLP for ellipti curves used in practical applications, LMS J. Comput. Math., 7, pp. 50-72, 2004. See [www.lms.ac.uk].
- D. R. L. Brown and R. P. Gallant, , The Static Diffie-Hellman Problem, IACR ePrint 2004/306.
- V. I. Nechaev, Complexity of a determinate algorithm for the discrete logarithm, Mathematical Notes, 55 (2), pp. 165-172, 1994.
- V. Shoup, Lower bounds for discrete logarithms and related problems in Advances in Cryptology - EUROCRYPT 97, (W. Fumy, ed.), Lecture Notes in Computer Science 1233, Springer, pp. 256-266, 1997.
- Feng Bao. Robert Deng, Huafei Zhu (2002). "Variations of Diffie-Hellman problem". ICICS. Retrieved on 2005-11-23.
- Dan Boneh (1998). "The Decision Diffie-Hellman Problem". ANTS-III: Proceedings of the Third International Symposium on Algorithmic Number Theory: 48-63. Retrieved on 2005-11-23.
- Emmanuel Bresson and Olivier Chevassut and David Pointcheval (2003). "The Group Diffie-Hellman Problems". SAC '02: Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography: 325-338. Retrieved on 2005-11-23.
- Eli Biham and Dan Boneh and Omer Reingold (1999). "Breaking generalized Diffie-Hellman modulo a composite is no easier than factoring". Information Processing Letters 70 (2): 83-87. Retrieved on 2005-11-23.
- Michael Steiner and Gene Tsudik and Michael Waidner (1996). "Diffie-Hellman Key Distribution Extended to Group Communication". ACM Conference on Computer and Communications Security: 31-37. Retrieved on 2005-11-23.
- Whitfield Diffie and Martin E. Hellman (November 1976). "New Directions in Cryptography". IEEE Transactions on Information Theory IT-22 (6): 644-654. Retrieved on 2005-11-23.