The Relationship Between Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms

Both uniform and nonuniform results concerning the security of the Diffie--Hellman key-exchange protocol are proved. First, it is shown that in a cyclic group G of order |G|=\prod{p_i^{e_i}}$, where all the multiple prime factors of |G| are polynomial in log|G|, there exists an algorithm that reduces the computation of discrete logarithms in G to breaking the Diffie--Hellman protocol in G and has complexity $\sqrt{\max\{\nu(p_i)\}}\cdot(\log|G|)^{O(1)}$, where $\nu(p)$ stands for the minimum of the set of largest prime factors of all the numbers d in the interval $[p-2\sqrt{p}+1,p+2\sqrt{p}+1]$. Under the unproven but plausible assumption that $\nu(p)$ is polynomial in log p, this reduction implies that the Diffie--Hellman problem and the discrete logarithm problem are polynomial-time equivalent in G. Second, it is proved that the Diffie--Hellman problem and the discrete logarithm problem are equivalent in a uniform sense for groups whose orders belong to certain classes: there exists a polynomial-time reduction algorithm that works for all those groups. Moreover, it is shown that breaking the Diffie--Hellman protocol for a small but nonnegligible fraction of the instances is equally difficult as breaking it for all instances. Finally, efficient constructions of groups are described for which the algorithm reducing the discrete logarithm problem to the Diffie--Hellman problem is efficiently constructible.

[1]  E. T. An Introduction to the Theory of Numbers , 1946, Nature.

[2]  Ming-Deh A. Huang,et al.  Primality Testing and Abelian Varieties over Finite Fields , 1992 .

[3]  Horst G. Zimmer,et al.  Constructing elliptic curves with given group order over large finite fields , 1994, ANTS.

[4]  P. Erdös,et al.  On a problem of Oppenheim concerning “factorisatio numerorum” , 1983 .

[5]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[6]  Scott A. Vanstone,et al.  Elliptic curve cryptosystems using curves of smooth order over the ring Zn , 1997, IEEE Trans. Inf. Theory.

[7]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[8]  Ueli Maurer,et al.  Lower Bounds on Generic Algorithms in Groups , 1998, EUROCRYPT.

[9]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[10]  Dan Boneh,et al.  Studies in computational number theory with applications to cryptography , 1996 .

[11]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[12]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[13]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[14]  Ueli Maurer,et al.  A Non-interactive Public-Key Distribution System , 1996, Des. Codes Cryptogr..

[15]  Jeffrey Shallit,et al.  Factoring with cyclotomic polynomials , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[16]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[17]  Johannes A. Buchmann,et al.  Computing the number of points of elliptic curves over finite fields , 1991, ISSAC '91.

[18]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[19]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[20]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[21]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[22]  Joe Kilian,et al.  Almost all primes can be quickly certified , 1986, STOC '86.

[23]  Kouichi Sakurai,et al.  Relationships Among the Computational Powers of Breaking Discrete Log Cryptosystems , 1995, EUROCRYPT.

[24]  Ueli Maurer,et al.  Diffie-Hellman Oracles , 1996, CRYPTO.

[25]  R. Schoof Elliptic Curves Over Finite Fields and the Computation of Square Roots mod p , 1985 .

[26]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[27]  Bert den Boer Diffie-Hellman is as Strong as Discrete Log for Certain Primes , 1988, CRYPTO.

[28]  Keith O. Geddes,et al.  Algorithms for computer algebra , 1992 .

[29]  Hans-Georg Rück A note on elliptic curves over finite fields , 1987 .

[30]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[31]  U. Maurer,et al.  The Di e-Hellman Protocol , 1999 .

[32]  Stefan WolfInstitute,et al.  On the Complexity of Breaking the Diie-hellman Protocol , 1996 .

[33]  D. Cantor Computing in the Jacobian of a hyperelliptic curve , 1987 .

[34]  S. Brands An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[35]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[36]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[37]  R. Schoof,et al.  Elliptic curves over finite fi elds and the computation of the square roots modulo p , 1984 .

[38]  Harald Niederreiter,et al.  Introduction to finite fields and their applications: List of Symbols , 1986 .

[39]  Ueli Maurer,et al.  Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1994, CRYPTO.

[40]  M. A. Cherepnev On the connection between the discrete logarithms and the Diffie-Hellman problem , 1996 .

[41]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[42]  Claus-Peter Schnorr E cient Identi cation and Signatures for Smart-Cards , 1990, CRYPTO 1990.

[43]  Michael Rosen,et al.  A classical introduction to modern number theory , 1982, Graduate texts in mathematics.

[44]  U. Maurer,et al.  On the complexity of breaking the Diffie-Hellman protocol , 1996 .

[45]  Richard J. Lipton,et al.  Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[46]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.