The Decision Diffie-Hellman problem

  • Dan Boneh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1423)


The Decision Diffie-Hellman assumption (ddh) is a gold mine. It enables one to construct efficient cryptographic systems with strong security properties. In this paper we survey the recent applications of DDH as well as known results regarding its security. We describe some open problems in this area.


Elliptic Curve Decryption Oracle Choose Ciphertext Attack Finite Cyclic Group Lattice Basis Reduction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Beilare, S. Goldwasser, “New paradigms for digital signatures and message authentication based on non-interactive zero-knowledge proofs” Crypto '89, pp. 194–211.Google Scholar
  2. 2.
    M. Bellare, S. Micali, “Non-interactive oblivious transfer and applications”, Crypto '89, pp. 547–557.Google Scholar
  3. 3.
    D. Boneh, R. Lipton, “Black box fields and their application to cryptography”, Proc. of Crypto '96, pp. 283–297.Google Scholar
  4. 4.
    D. Boneh, R. Venkatesan, “Hardness of computing most significant bits in secret keys of Diffie-Hellman and related schemes”, Proc. of Crypto '96, pp. 129–142.Google Scholar
  5. 5.
    S. Brands, “An efficient off-line electronic cash system based on the representation problem”, CWI Technical report, CS-R9323, 1993.Google Scholar
  6. 6.
    R. Canetti, “Towards realizing random oracles: hash functions that hide all partial information”, Proc. Crypto '97, pp. 455–469.Google Scholar
  7. 7.
    R. Canetti, J. Friedlander, I. Shparlinski, “On certain exponential sums and the distribution of Diffie-Hellman triples”, Manuscript.Google Scholar
  8. 8.
    D. Chaum, H. van Antwerpen, “Undeniable signatures”, Proc. Crypto '89, pp. 212–216.Google Scholar
  9. 9.
    H. Cohen, “A course in computational number theory”, Springer-Verlag.Google Scholar
  10. 10.
    D. Coppersmith, “Finding a Small Root of a Bivariate Integer Equation; Factoring with high bits known”, Proc. Eurocrypt '96, 1996.Google Scholar
  11. 11.
    R. Cramer, V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack”, manuscript.Google Scholar
  12. 12.
    W. Diffie, M. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976.zbMATHMathSciNetCrossRefGoogle Scholar
  13. 13.
    D. Dolev, C. Dwork, M. Naor, “Non-malleable cryptography”, Proc. STOC' 91, pp. 542–552.Google Scholar
  14. 14.
    O. Goldreich, S. Goldwasser, S. Micali, “On the cryptographic applications of random functions”, Crypto' 84, pp. 276–288.Google Scholar
  15. 15.
    O. Goldreich, S. Goldwasser, S. Micali, “How to construct random functions”, J. ACM, Vol. 33, 1986, pp. 792–807.MathSciNetCrossRefGoogle Scholar
  16. 16.
    O. Goldreich, L.A. Levin, “Hard core bits based on any one way function”, Proc. STOC '89.Google Scholar
  17. 17.
    S. Goldwasser, S. Micali, “Probabilistic encryption”, J. Computer and Syst. Sciences, Vol. 28, 1984, pp. 270–299.zbMATHMathSciNetCrossRefGoogle Scholar
  18. 18.
    J. Hastad, R. Impaglizzo, L. Levin, M. Luby, “Construction of pseudo random generators from one-way functions”, SIAM J. of Computing, to appear. Also see preliminary version in STOC 89.Google Scholar
  19. 19.
    A. Lenstra, H. Lenstra, L. Lovasz, “Factoring polynomial with rational coefficients”, Mathematiche Annalen, 261:515–534, 1982.zbMATHMathSciNetCrossRefGoogle Scholar
  20. 20.
    U. Maurer, “Towards proving the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms”, Proc. of Crypto '94, pp. 271–281.Google Scholar
  21. 21.
    U. Maurer, S. Wolf, “Diffie-Hellman oracles”, Proc. of Crypto '96, pp. 268–282.Google Scholar
  22. 22.
    M. Naor, O. Reingold, “Synthesizers and their application to the parallel construction of pseudo-random functions”, Proc. FOCS '95, pp. 170–181.Google Scholar
  23. 23.
    M. Naor, O. Reingold, “Number theoretic constructions of efficient pseudo random functions”, Proc. FOCS '97. pp. 458–467.Google Scholar
  24. 24.
    M. Naor, M. Yung, “Public key cryptosystems provable secure against chosen ciphertext attacks”, STOC '90, pp. 427–437Google Scholar
  25. 25.
    V. Nechaev, “Complexity of a determinate algorithm for the discrete logarithm”, Mathematical Notes, Vol. 55 (2), 1994, pp. 165–172.zbMATHMathSciNetCrossRefGoogle Scholar
  26. 26.
    C. Rackoff, D. Simon, “Non-interactive zero knowledge proof of knowledge and chosen ciphertext attack”, Crypto' 91, pp. 433–444.Google Scholar
  27. 27.
    C. Schnorr, “A hierarchy of polynomial time lattice basis reduction algorithms”, Theoretical Computer Science, Vol. 53, 1987, pp. 201–224.zbMATHMathSciNetCrossRefGoogle Scholar
  28. 28.
    J. Schwartz, “Fast probabilistic algorithms for verification of polynomial identities”, J. ACM, Vol. 27 (4), 1980, pp. 701–717.zbMATHCrossRefGoogle Scholar
  29. 29.
    V. Shoup, “Lower bounds for discrete logarithms and related problems”, Proc. Eurocrypt '97, pp. 256–266.Google Scholar
  30. 30.
    M. Stadler, “Publicly verifiable secret sharing”, Proc. Eurocrypt '96, pp. 190–199.Google Scholar
  31. 31.
    M. Steiner, G. Tsudik, M. Waidner, “Diffie-Hellman key distribution extended to group communication”, Proc. 3rd ACM Conference on Communications Security, 1996, pp. 31–37.Google Scholar
  32. 32.
    Y. Zheng, J. Seberry, “Practical approaches to attaining security against adaptively chosen ciphertext attacks”, Crypto '92, pp. 292–304.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Dan Boneh
    • 1
  1. 1.Computer Science DepartmentStanford UniversityStanford

Personalised recommendations