Advertisement

Designs, Codes and Cryptography

, Volume 19, Issue 2–3, pp 147–171 | Cite as

The Diffie–Hellman Protocol

  • Ueli M. Maurer
  • Stefan Wolf
Article

Abstract

The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor one-way function, a public-key cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the so-called Diffie–Hellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.

Keywords

Data Structure Information Theory Digital Signature Discrete Geometry Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    L. M. Adleman and M. A. Huang, Primality testing and abelian varieties over finite fields, Lecture Notes in Mathematics, Vol. 1512, Springer-Verlag (1992).Google Scholar
  2. 2.
    L. Babai, On Lovasz' lattice reduction and the nearest lattice point problem, Combinatorica, Vol. 6 (1986) pp. 1–13.Google Scholar
  3. 3.
    E. Bach and J. Shallit, Factoring with cyclotomic polynomials, Math. Comp., Vol. 52 (1989) pp. 201–219.Google Scholar
  4. 4.
    D. Boneh, Studies in computational number theory with applications to cryptography, Ph. D. Thesis, Princeton Univ. (Nov. 1996).Google Scholar
  5. 5.
    D. Boneh and R. J. Lipton, Algorithms for black-box fields and their application to cryptography, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 283–297.Google Scholar
  6. 6.
    D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 129–142.Google Scholar
  7. 7.
    S. Brands, An efficient off-line electronic cash system based on the representation problem, Tech. Rep. CSR9323, CWI, Amsterdam (1993).Google Scholar
  8. 8.
    J. Buchmann and V. Müller, Computing the number of points of elliptic curves over finite fields, Proc. ISSAC '91, ACM Press (1991) pp. 179–182.Google Scholar
  9. 9.
    J. Buchmann and H. C. Williams, A key-exchange system based on imaginary quadratic fields, Journal of Cryptology, Vol. 1, No. 2 (1988) pp. 107–118.Google Scholar
  10. 10.
    R. Canetti, Towards realizing random oracles: hash functions that hide all partial information, Advances in Cryptology-CRYPTO '97, Lecture Notes in Computer Science, Springer-Verlag, 1294 (1997) pp. 455–469.Google Scholar
  11. 11.
    E. R. Canfield, P. Erdös, and C. Pomerance, On a problem of Oppenheim concerning "Factorisatio Numerorum", J. Number Theory, Vol. 17, (1983) pp. 1–28.Google Scholar
  12. 12.
    D. G. Cantor, Computing in the Jacobian of a hyperelliptic curve, Math. Comp., Vol. 48, No. 177 (1987) pp. 95–101.Google Scholar
  13. 13.
    M. A. Cherepnev, On the connection between discrete logarithms and the Diffie-Hellman problem, Discrete Math. Appl. (1996).Google Scholar
  14. 14.
    D. Coppersmith and I. Shparlinsky, On polynomial approximation and the parallel complexity of the discrete logarithm problem and breaking the Diffie-Hellman cryptosystem, preprint (Nov. 1996).Google Scholar
  15. 15.
    B. den Boer, Diffie-Hellman is as strong as discrete log for certain primes, Advances in Cryptology-CRYPTO '88, Lecture Notes in Computer Science, Springer-Verlag, 403 (1989) pp. 530–539.Google Scholar
  16. 16.
    W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22, No. 6 (1976) pp. 644–654.Google Scholar
  17. 17.
    T. El-Gamal, A public key cryptosystem and a signature scheme based on the discrete logarithm, IEEE Transactions on Information Theory, Vol. 31, No. 4 (1985) pp. 469–472.Google Scholar
  18. 18.
    W. Feller, An Introduction to Probability Theory and Its Applications, John Wiley & Sons (1968).Google Scholar
  19. 19.
    K. O. Geddes, S. R. Czapor, and G. Labhan, Algorithms for Computer Algebra, Kluwer Academic Publisher (1992).Google Scholar
  20. 20.
    S. Goldwasser and J. Kilian, Almost all primes can be quickly certified, Proc. of the 18th Annual ACM Symposium on the Theory of Computing (1986) pp. 316–329.Google Scholar
  21. 21.
    G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, University Press, Oxford (1979).Google Scholar
  22. 22.
    K. Ireland and M. Rosen, A Classical Introduction to Modern Number Theory, Springer-Verlag (1982).Google Scholar
  23. 23.
    N. Koblitz, Hyperelliptic cryptosystems, Journal of Cryptology, Vol. 1 (1989) pp. 139–150.Google Scholar
  24. 24.
    N. Koblitz, Elliptic curve cryptosystems, Math. Comp., Vol. 48 (1987) pp. 203–209.Google Scholar
  25. 25.
    S. Lang, Algebra, Addison-Wesley Publ. Comp. (1984).Google Scholar
  26. 26.
    G.-J. Lay and H. G. Zimmer, Constructing elliptic curves with given group order over large finite fields, Proc. of ANTS-I, Lecture Notes in Computer Science, Springer-Verlag, 877 (1994) pp. 250–263.Google Scholar
  27. 27.
    H. W. Lenstra, Jr., J. Pila, and C. Pomerance, A hyperelliptic smoothness test. I, Philosophical Transactions of the Royal Society, Series A, Vol. 345, No. 1676, London (1993) pp. 397–408.Google Scholar
  28. 28.
    H. W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Mathematics, Vol. 126 (1987) pp. 649–673.Google Scholar
  29. 29.
    A. Lenstra, H. W. Lenstra, Jr., and L. Lovasz, Factoring polynomials with rational coefficients, Mathematische Annalen, Vol. 261 (1982) pp. 515–534.Google Scholar
  30. 30.
    R. Lidl and H. Niederreiter, Introduction to Finite Fields and Their Application, Cambridge University Press (1986).Google Scholar
  31. 31.
    J. L. Massey, Advanced Technology Seminars Short Course Notes, Zürich (1993) pp. 6.66–6.68.Google Scholar
  32. 32.
    U. M. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, Advances in Cryptology-CRYPTO '94, Lecture Notes in Computer Science, Springer-Verlag, 839 (1994) pp. 271–281.Google Scholar
  33. 33.
    U. M. Maurer and S. Wolf, The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms, SIAM Journal on Computing, Vol. 28, No. 5 (1999) pp. 1689–1721.Google Scholar
  34. 34.
    U. M. Maurer and S. Wolf, Diffie-Hellman, decision Diffie-Hellman, and discrete logarithms, Proc. of the 1998 IEEE Symp. on Information Theory, Cambridge, U.S.A. (1998) p. 327.Google Scholar
  35. 35.
    U. M. Maurer and S. Wolf, Lower bounds on generic algorithms in groups, Proceedings of EUROCRYPT '98, Lecture Notes in Computer Science, Springer-Verlag, 1403 (1998) pp. 72–84.Google Scholar
  36. 36.
    U. M. Maurer and S. Wolf, Diffie-Hellman oracles, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 268–282.Google Scholar
  37. 37.
    U. M. Maurer and Y. Yacobi, Non-interactive public-key cryptography, Designs, Codes, and Cryptography, Vol. 9 (1996) pp. 305–316.Google Scholar
  38. 38.
    K. S. McCurley, A key distribution system equivalent to factoring, Journal of Cryptology, Vol. 1, No. 2 (1988) pp. 95–105.Google Scholar
  39. 39.
    K. S. McCurley, The discrete logarithm problem, Cryptology and Computational Number Theory (C. Pomerance, ed.), Proc. of Symp. in Applied Math., American Mathematical Society, 42 (1990) pp. 49–74.Google Scholar
  40. 40.
    A. J. Menezes, T. Okamoto, and S. A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, Vol. 39 (1993) pp. 1639–1646.Google Scholar
  41. 41.
    A. J. Menezes (Ed.), Applications of Finite Fields, Kluwer Academic Publishers (1992).Google Scholar
  42. 42.
    A. J. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers (1993).Google Scholar
  43. 43.
    V. Miller, Uses of elliptic curves in cryptography, Advances in Cryptology-CRYPTO '85, Lecture Notes in Computer Science, Springer-Verlag, 218 (1986) pp. 417–426.Google Scholar
  44. 44.
    M. Naor and O. Reingold, Number-theoretic constructions of efficient pseudo-random functions, preliminary version (1997).Google Scholar
  45. 45.
    P. C. van Oorschot and M. Wiener, On Diffie-Hellman key agreement with short exponents, Advances in Cryptology-EUROCRYPT '96, Lecture Notes in Computer Science, Springer-Verlag, 1070 (1996) pp. 332–343.Google Scholar
  46. 46.
    R. Peralta, A simple and fast probabilistic algorithm for computing square roots modulo a prime number, IEEE Transactions on Information Theory, Vol. 32, No. 6 (1986) pp. 846–847.Google Scholar
  47. 47.
    S. C. Pohlig and M. E. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory, Vol. 24, No. 1 (1978) pp. 106–110.Google Scholar
  48. 48.
    J. M. Pollard, Monte-Carlo methods for index computation mod p, Math. Comp., Vol. 32 (1978) pp. 918–924.Google Scholar
  49. 49.
    J. M. Pollard, Theorems on factorization and primality testing, Proceedings of the Cambridge Philosophical Society, Vol. 76 (1974) pp. 521–528.Google Scholar
  50. 50.
    R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, Vol. 21, No. 2 (1978) pp. 120–126.Google Scholar
  51. 51.
    H. Rück, A note on elliptic curves over finite fields, Math. Comp., Vol. 49 (1987) pp. 301–304.Google Scholar
  52. 52.
    K. Sakrai and H. Shizuya, Relationships among the computational powers of breaking discrete log cryptosystems, Advances in Cryptology-EUROCRYPT '95, Lecture Notes in Computer Science, Springer-Verlag, 921 (1995) pp. 341–355.Google Scholar
  53. 53.
    C. P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology-CRYPTO '89, Lecture Notes in Computer Science, Springer-Verlag, 435 (1990) pp. 239–252.Google Scholar
  54. 54.
    R. Schoof, Elliptic curves over finite fields and the computation of square roots mod p, Math. Comp., Vol. 44, No. 170 (1985) pp. 483–494.Google Scholar
  55. 55.
    V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology-EUROCRYPT '97, Lecture Notes in Computer Science, Springer-Verlag, 1233 (1997) pp. 256–266.Google Scholar
  56. 56.
    I. E. Shparlinsky, Computational Problems in Finite Fields, Kluwer Academic Publishers (1992).Google Scholar
  57. 57.
    S. A. Vanstone and R. J. Zuccherato, Elliptic curve cryptosystems using curves of smooth order over the ring Z n, IEEE Transactions on Information Theory (1997).Google Scholar
  58. 58.
    C. P. Waldvogel and J. L. Massey, The probability distribution of the Diffie-Hellman key, Advances in Cryptology-AUSCRYPT '92, Lecture Notes in Computer Science, Springer-Verlag, 718 (1993) pp. 492–504.Google Scholar
  59. 59.
    S. Wolf, Information-theoretically and computationally secure key agreement in cryptography, ETH dissertation No. 13138, Swiss Federal Institute of Technology (ETH Zurich), May 1999.Google Scholar
  60. 60.
    S. Wolf, Diffie-Hellman and discrete logarithms, Diploma Thesis, Department of Computer Science, ETH Zürich (March 1995).Google Scholar

Copyright information

© Kluwer Academic Publishers 2000

Authors and Affiliations

  • Ueli M. Maurer
    • 1
  • Stefan Wolf
    • 1
  1. 1.Computer Science DepartmentSwiss Federal Institute of Technology (ETH Zürich)ZürichSwitzerland

Personalised recommendations