Designs, Codes and Cryptography

, Volume 52, Issue 3, pp 381–390

The Diffie–Hellman problem and generalization of Verheul’s theorem


DOI: 10.1007/s10623-009-9287-x

Cite this article as:
Moody, D. Des. Codes Cryptogr. (2009) 52: 381. doi:10.1007/s10623-009-9287-x


Bilinear pairings on elliptic curves have been of much interest in cryptography recently. Most of the protocols involving pairings rely on the hardness of the bilinear Diffie–Hellman problem. In contrast to the discrete log (or Diffie–Hellman) problem in a finite field, the difficulty of this problem has not yet been much studied. In 2001, Verheul (Advances in Cryptology—EUROCRYPT 2001, LNCS 2045, pp. 195–210, 2001) proved that on a certain class of curves, the discrete log and Diffie–Hellman problems are unlikely to be provably equivalent to the same problems in a corresponding finite field unless both Diffie–Hellman problems are easy. In this paper we generalize Verheul’s theorem and discuss the implications on the security of pairing based systems.


Elliptic curves Pairings Public key cryptography Diffie–Hellman problem Distortion maps 

Mathematics Subject Classifications (2000)

14H52 11G20 14G15 14Q05 11T71 

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  1. 1.Department of MathematicsUniversity of WashingtonSeattleUSA