S. Wolf, Diffie-Hellman and discrete logarithms, Thesis, March 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....discrete log in the group of points of an elliptic curve is hard then the Diffie Hellman protocol in such groups is secure. The existence of such a reduction demonstrates yet another advantage of elliptic curve cryptosystems. These results complement the elegant results of Maurer and Wolf [23, 24, 37] who study the equivalence of Diffie Hellman and discrete log in the group ZZ p for various values of p. Finally in Section 5 we consider an equivalent of BBFP over fields of characteristic zero. We show that solving BBFP over the rationals is as hard as factoring integers. This negative ....

....that an oracle for Dlog g (z) enables one to compute DH g (x; y) in polynomial time. The hard question is whether the converse holds: given an oracle for computing DH g (x; y) can one compute Dlog g (z) in polynomial time (in log jGj) Surprisingly, there have been very few results on this problem [13, 23, 24, 37]. Maurer [23] obtained a beautiful result showing that given a polynomial number of advice bits that depend only on jGj one can compute Dlog g (x) in polynomial time given an oracle for DH g (x; y) Unfortunately, computing these advice bits takes exponential time. Maurer and Wolf [24] showed that ....

[Article contains additional citation context not shown here]

S. Wolf. Diffie-hellman and discrete logarithms. Master's thesis, ETH Zurich, 1995.

....divides jGj=p, or if a polynomial time algorithm for computing p th roots in G is available. The complexities stated in the theorem can be reduced by a time memory tradeoff. The use of elliptic curves and subgroups of extension fields as auxiliary groups is discussed in the next sections. In [21] it is shown that Jacobians of hyperelliptic curves are also suitable auxiliary groups. Proof. Let a = g s be a given element of G for which the discrete logarithm s should be computed using a DH oracle for G. We assume first that all the large prime factors of jGj are single. Let p be such a ....

....They lead to equivalent systems of equations which have triangular form, such that a method for solving univariate equations (as Berlekamp s algorithm) suffices to solve the whole system. For an introduction to Grobner bases see [7] and for a detailed description of the computations see [21]. The idea is to compute the polynomials (with implicitly represented coefficients) of a Grobner basis of the polynomial ideal generated by the polynomials of the equations. The algorithm for the Grobner basis computation, due to Buchberger, requires only algebraic polynomial arithmetic and can ....

[Article contains additional citation context not shown here]

S. Wolf, Diffie-Hellman and discrete logarithms, Thesis, March 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC