- Diffie-Hellman problem
The Diffie-Hellman problem (DHP) is the name of a specific problem in
cryptography which was first proposed byWhitfield Diffie andMartin Hellman . The DHP is a problem that is assumed to be difficult to do, hence the security of many cryptographic protocols reduces to the DHP. If someone were to discover an easy solution to the DHP, these cryptographic protocols would also be easily broken. Understanding the difficulty of the DHP is a very important concept in modern cryptography.Problem description
The Diffie-Hellman problem is posed as follows: : Given an element "g" and the values of "gx" and "gy", what is the value of "gxy"?
Formally, "g" is an element of some group (typically the
multiplicative group of afinite field or anelliptic curve group) and "x" and "y" are randomly chosen integers.For example, in the
Diffie-Hellman key exchange , an eavesdropper observes "gx" and "gy" exchanged as part of the protocol, and the two parties both compute the shared key "gxy". A fast means of solving the DHP would allow an eavesdropper to violate the privacy of theDiffie-Hellman key exchange and many of its variants, includingElGamal encryption .Its difficulty
In
cryptography , for certain groups, it is "assumed" that the DHP is hard, and this is often called the "Diffie-Hellman assumption". The problem has survived scrutiny for a few decades and no "easy" solution has yet been publicized.As of 2006, the most efficient means known to solve the DHP is to solve the
discrete logarithm problem (DLP), which is to find "x" given "g""x". In fact, significant progress (by den Boer, Maurer, Wolf, Boneh and Lipton) has been made towards showing that over many groups the DHP is almost as hard as the DLP. There is no proof to date that either the DHP (or the DLP) is a hard problem, except in generic groups (by Nechaev and Shoup).Other variants
Many variants of the Diffie-Hellman problem have been considered. The most significant variant is the decisional Diffie-Hellman problem (DDHP), which is to distinguish "g""xy" from a random group element, given "g", "g""x", and "g""y". Sometimes the DHP is called the computational Diffie-Hellman problem (CDHP) to more clearly distinguish it from the DDHP. Recently groups with pairings have become popular, and in these groups the DDHP is easy, yet the DHP is still assumed to be hard. For less significant variants of the DHP see the references.
References
* B. den Boer, "Diffie-Hellman is as strong as discrete log for certain primes" in Advances in Cryptology -CRYPTO 88, Lecture Notes in Computer Science 403, Springer, p. 530, 1998.
* U. M. Maurer and S. Wolf, "Diffie-Hellman oracle" in Advances in Cryptology - CRYPTO 96, (N. Koblitz, ed.), Lecture Notes in Computer Science 1070, Springer, pp. 268-282, 1996.
* cite journal
title = The Diffie-Hellman Protocol
author = Ueli M. Maurer and Stefan Wolf
journal = Designs, Codes, and Cryptography
year = 2000
month = March
editor =
publisher = Springer-Verlag
url = http://www.springerlink.com/content/r74n758123752440/
volume = 19
issue = 2-3
pages = 141-171
accessdate = 2008-09-28
* D. Boneh and R. J. Lipton, "Algorithms for black-box fields and their application to cryptotography" in Advances in Cryptology - CRYPTO 96, (N. Koblitz, ed.), Lecture Notes in Computer Science 1070, Springer, pp. 283-297, 1996.
* A. Muzereau, N. P. Smart and F. Vercauteran, "The equivalence between the DHP and DLP for ellipti curves used in practical applications", LMS J. Comput. Math., 7, pp. 50-72, 2004. See [www.lms.ac.uk] .
* D. R. L. Brown and R. P. Gallant, , [http://eprint.iacr.org/2004/306 "The Static Diffie-Hellman Problem"] , IACR ePrint 2004/306.
* V. I. Nechaev, "Complexity of a determinate algorithm for the discrete logarithm", Mathematical Notes, 55 (2), pp. 165-172, 1994.
* V. Shoup, "Lower bounds for discrete logarithms and related problems" in Advances in Cryptology -EUROCRYPT 97, (W. Fumy, ed.), Lecture Notes in Computer Science 1233, Springer, pp. 256-266, 1997.
* cite journal
title = Variations of Diffie-Hellman problem
author = Feng Bao. Robert Deng, Huafei Zhu
journal = ICICS
year =2002
month =
editor =
publisher = Springer-Verlag
url = http://www.i2r.a-star.edu.sg/icsd/publications/Baofeng_2003_Variations%20of%20Diffie%20Hellman%20problems.pdf
volume =
issue =
pages =
accessdate = 2005-11-23
* cite journal
title = The Decision Diffie-Hellman Problem
author = Dan Boneh
journal = ANTS-III: Proceedings of the Third International Symposium on Algorithmic Number Theory
year = 1998
month =
editor =
publisher = Springer-Verlag
url = http://theory.stanford.edu/~dabo/papers/DDH.ps.gz
volume =
issue =
pages = 48–63
accessdate = 2005-11-23
* cite journal
title = The Group Diffie-Hellman Problems
author = Emmanuel Bresson and Olivier Chevassut and David Pointcheval
journal = SAC '02: Revised Papers from the 9th Annual International Workshop onSelected Areas in Cryptography
year = 2003
month =
editor =
publisher = Springer-Verlag
url = http://www.di.ens.fr/~bresson/papers/BreChePoi02b.pdf
volume =
issue =
pages = 325–338
accessdate = 2005-11-23
* cite journal
title = Breaking generalized Diffie-Hellman modulo a composite is no easier than factoring
author = Eli Biham and Dan Boneh and Omer Reingold
journal =Information Processing Letters
year = 1999
month =
editor =
publisher = Elsevier North-Holland
url = http://www.wisdom.weizmann.ac.il/~reingold/publications/CGDH.PS
volume = 70
issue = 2
pages = 83–87
accessdate = 2005-11-23 |
doi = 10.1016/S0020-0190(99)00047-2
* cite journal
title = Diffie-Hellman Key Distribution Extended to Group Communication
author = Michael Steiner and Gene Tsudik and Michael Waidner
journal = ACM Conference on Computer and Communications Security
year = 1996
month =
editor =
publisher =
url = http://citeseer.ist.psu.edu/steiner96diffiehellman.html
volume =
issue =
pages = 31–37
accessdate = 2005-11-23
* cite journal
title = New Directions in Cryptography
author = Whitfield Diffie and Martin E. Hellman
journal = IEEE Transactions on Information Theory
year = 1976
month = November
editor =
publisher =
url = http://citeseer.ist.psu.edu/diffie76new.html
volume = IT-22
issue = 6
pages = 644–654
accessdate = 2005-11-23
Wikimedia Foundation. 2010.