Abstract
Let g be an element of prime order p in an abelian group and \(\alpha\in {{\mathbb Z}}_p\). We show that if g, g α, and \(g^{\alpha^d}\) are given for a positive divisor d of p–1, we can compute the secret α in \(O(\log p \cdot (\sqrt{p/d}+\sqrt d))\) group operations using \(O(\max\{\sqrt{p/d},\sqrt d\})\) memory. If \(g^{\alpha^i}\) (i=0,1,2,..., d) are provided for a positive divisor d of p+1, α can be computed in \(O(\log p \cdot (\sqrt{p/d}+d))\) group operations using \(O(\max\{\sqrt{p/d},\sqrt d\})\) memory. This implies that the strong Diffie-Hellman problem and its related problems have computational complexity reduced by \(O(\sqrt d)\) from that of the discrete logarithm problem for such primes.
Further we apply this algorithm to the schemes based on the Diffie-Hellman problem on an abelian group of prime order p. As a result, we reduce the complexity of recovering the secret key from \(O(\sqrt p)\) to \(O(\sqrt{p/d})\) for Boldyreva’s blind signature and the original ElGamal scheme when p–1 (resp. p+1) has a divisor d ≤p 1/2 (resp. d ≤p 1/3) and d signature or decryption queries are allowed.
Keywords
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-34547-3_36
Download to read the full chapter text
Chapter PDF
References
Abdalla, M., Bellare, M., Rogaway, P.: DHAES: An encryption scheme based on Diffie-Hellman problem. IEEE P1363a Submission (1998), available at: http://grouper.ieee.org/groups/1363/addendum.html
Boneh, D., Boyen, X.: Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)
Boneh, D., Boyen, X.: Short Signatures Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)
Boneh, D., Boyen, X., Goh, E.: Hierarchical Identity Based Encryption with Constant Size Ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)
Burmester, M., Desmedt, Y.: A Secure and Efficient Conference Key Distribution System (Extended Abstract). In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 275–286. Springer, Heidelberg (1995)
Boneh, D., Gentry, C., Waters, B.: Collution Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)
Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. ASIACRYPT 2001 17(4), 297–319 (2004); Extended abstract in proceedings of Asiacrypt 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)
den Boer, B.: Diffie-Hellman is as Strong as Discrete Log for Certain Primes. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 530–539. Springer, Heidelberg (1990)
Boldyreva, A.: Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)
Dodis, Y., Yampolskiy, A.: A Verifiable Random Function with Short Proofs and Keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)
Elgamal, T.: A Public Key Cryptosystem and a Signature Scheme based on Discrete Logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)
Gordon, J.: Strong Primes are Easy to Find. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 216–223. Springer, Heidelberg (1985)
Koblitz, N., Menezes, A.: Pairing-based Cryptography at High Security Levels. In: IMA Conference of Cryptography and Coding 2005, pp. 13–36 (2005)
Scott, M.: Multiprecision Integer and Rational Arithmetic C/C++ Library, available at: http://indigo.ie/~mscott/
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Mitsunari, S., Sakai, R., Kasahara, M.: A New Traitor Tracing. IEICE Trans. Fundamentals E85-A(2), 481–484 (2002)
Maurer, U., Wolf, S.: The Relationship Between Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms. SIAM J. Comput. 28(5), 1689–1721 (1999)
Recommended Elliptic Curves for Federal Government Use (1999), available at: http://csrc.nist.gov/CryptoToolkit/dss/ecdsa/NISTReCur.pdf
Pollard, J.: Monte Carlo Methods for Index Computation (\(\bmod p\)). Mathematics of Computation 32, 918–924 (1978)
Shoup, V.: Lower bounds for Discrete Logarithms and Related Problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)
Teske, E.: Speeding up Pollard’s Rho Method for Computing Discrete Logarithms. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 541–554. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheon, J.H. (2006). Security Analysis of the Strong Diffie-Hellman Problem. In: Vaudenay, S. (eds) Advances in Cryptology - EUROCRYPT 2006. EUROCRYPT 2006. Lecture Notes in Computer Science, vol 4004. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11761679_1
Download citation
DOI: https://doi.org/10.1007/11761679_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34546-6
Online ISBN: 978-3-540-34547-3
eBook Packages: Computer ScienceComputer Science (R0)