Oracle-Assisted Static Diffie-Hellman Is Easier Than Discrete Logarithms

  • Antoine Joux
  • Reynald Lercier
  • David Naccache
  • Emmanuel Thomé
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5921)


This paper extends Joux-Naccache-Thomé’s e-th root algorithm to the static Diffie-Hellman problem (sdhp).

The new algorithm can be adapted to diverse finite fields by customizing it with an nfs-like core or an ffs-like core.

In both cases, after a number of non-adaptive sdhp oracle queries, the attacker builds-up the ability to solve new sdhp instances unknown before the query phase.

While sub-exponential, the algorithm is still significantly faster than all currently known dlp and sdhp resolution methods.

We explore the applicability of the technique to various cryptosystems.The attacks were implemented in \({\mathbb F}_{2^{1025}}\) and also in \({\mathbb F}_{p}\), for a 516-bit p.


dlp sdhp ffs nfs 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brown, D., Gallant, R.: The static Diffie-Hellman problem, Cryptology ePrint Archive, Report 2004/306 (2004),
  2. 2.
    Chaum, D., van Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  3. 3.
    Dickman, K.: On the frequency of numbers containing prime factors of a certain relative magnitude. Ark. Mat. Astr. Fys. 22, 1–14 (1930)Google Scholar
  4. 4.
    El-Gamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  5. 5.
    Ford, W., Kaliski, B.: Server-assisted generation of a strong secret from a password. In: Nineth international workshop on enabling technologies - wet ice 2000. IEEE Press, Los Alamitos (2000)Google Scholar
  6. 6.
    IEEE p1363.2/d23, Draft standard for specifications for password-based public key cryptographic techniques, p. 24 (March 2006)Google Scholar
  7. 7.
    iso 11770-4, Information technology - security techniques - key management - part 4: Mechanisms based on weak secrets, iso (November 2004)Google Scholar
  8. 8.
    Joux, A., Lercier, R.: Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method, Mathematics of computation 242(72), 953–967 (2003)MathSciNetGoogle Scholar
  9. 9.
    Joux, A., Lercier, R.: The function field sieve in the medium prime case. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 254–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Joux, A., Lercier, R., Smart, N., Vercauteren, F.: The number field sieve in the medium prime case. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 326–344. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Joux, A., Naccache, D., Thomé, E.: When e-th Roots Become Easier Than Factoring. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 13–28. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Koblitz, N., Menezes, A.: Another look at non-standard discrete log and Diffie-Hellman problems, Cryptology ePrint Archive, Report 2007/442 (2007),
  13. 13.
    Lenstra, A., Lenstra, H., Manasse, M., Pollard, J.: The number field sieve. In: Lenstra, A., Lenstra, H. (eds.) The development of the number field sieve. LNM, vol. 1554, pp. 11–42. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  14. 14.
    Panario, D., Gourdon, X., Flajolet, P.: An analytic approach to smooth polynomials over finite fields. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 226–236. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Schirokauer, O.: Discrete logarithms and local units. Philos. Trans. Roy. Soc. London Ser. a 345(1676), 409–423 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Schirokauer, O.: Virtual logarithms. J. Algorithms 57(2), 140–147 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Wiedemann, D.: Solving sparse linear equations over finite fields. ieee Transactions on Information Theory it-32, 54–62 (1986)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Antoine Joux
    • 1
  • Reynald Lercier
    • 2
  • David Naccache
    • 3
  • Emmanuel Thomé
    • 4
  1. 1.DGA and Université de Versailles, UVSQ PRISMVersailles CEDEXFrance
  2. 2.DGA/CELAR, La Roche Marguerite, F-35174 Bruz, France and, IRMAR, Université de Rennes 1RennesFrance
  3. 3.École normale supérieure, Équipe de cryptographieParis CEDEX 05France
  4. 4.LORIA, CACAO – bâtiment AINRIA LorraineVilliers-lès-Nancy CEDEXFrance

Personalised recommendations