Designs, Codes and Cryptography

, Volume 52, Issue 3, pp 381-390

First online:

The Diffie–Hellman problem and generalization of Verheul’s theorem

  • Dustin MoodyAffiliated withDepartment of Mathematics, University of Washington Email author 

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


Bilinear pairings on elliptic curves have been of much interest in cryptography recently. Most of the protocols involving pairings rely on the hardness of the bilinear Diffie–Hellman problem. In contrast to the discrete log (or Diffie–Hellman) problem in a finite field, the difficulty of this problem has not yet been much studied. In 2001, Verheul (Advances in Cryptology—EUROCRYPT 2001, LNCS 2045, pp. 195–210, 2001) proved that on a certain class of curves, the discrete log and Diffie–Hellman problems are unlikely to be provably equivalent to the same problems in a corresponding finite field unless both Diffie–Hellman problems are easy. In this paper we generalize Verheul’s theorem and discuss the implications on the security of pairing based systems.


Elliptic curves Pairings Public key cryptography Diffie–Hellman problem Distortion maps

Mathematics Subject Classifications (2000)

14H52 11G20 14G15 14Q05 11T71