Generalized Diffie-Hellman Modulo a Composite is not Weaker than Factoring
نویسندگان
چکیده
The Diie-Hellman key-exchange protocol may naturally be extended to k > 2 parties. This gives rise to the generalized Diie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently shown an eecient construction of pseudo-random functions and reduced the security of their construction to the GDH-Assumption. In this note, we prove that breaking this assumption modulo a composite would imply an eecient algorithm for factorization. Therefore, the security of both the key-exchange protocol and the pseudo-random functions can be reduced to factoring.
منابع مشابه
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2 parties. This gives rise to the generalized Diffie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently shown an efficient construction of pseudo-random functions and proved its security based on the GDH-Assumption. In this note, we prove that breaking this assumption modulo a so called Blum-integer woul...
متن کاملWeak Composite Diffie-Hellman
In1985, Shmuley proposed a theorem about intractability of Composite Diffie-Hellman. The theorem of Shmuley may be paraphrased as saying that if there exist a probabilistic polynomial time oracle machine which solves the Diffie-Hellman modulo an RSA-number with odd-order bases then there exist a probabilistic algorithm which factors the modulo. In the other hand Shmuely proved the theorem only ...
متن کاملCryptography in Real Quadratic Congruence Function Fields
The Diffie-Hellman key exchange protocol as well as the ElGamal signature scheme are based on exponentiation modulo p for some prime p. Thus the security of these schemes is strongly tied to the difficulty of computing discrete logarithms in the finite field Fp. The Diffie-Hellman protocol has been generalized to other finite groups arising in number theory, and even to the sets of reduced prin...
متن کاملA Provably Secure Elliptic Curve Scheme with Fast Encryption
We present a new elliptic curve cryptosystem with fast encryption and key generation, which is provably secure in the standard model. The scheme uses arithmetic modulo n, where n is an RSA modulus, and merges ideas from Paillier and Rabin related schemes. Despite the typical bit length of n, our encryption algorithm is faster than El Gamal elliptic curve cryptosystems. The one-wayness of the ne...
متن کاملA NEW PROTOCOL MODEL FOR VERIFICATION OF PAYMENT ORDER INFORMATION INTEGRITY IN ONLINE E-PAYMENT SYSTEM USING ELLIPTIC CURVE DIFFIE-HELLMAN KEY AGREEMENT PROTOCOL
Two parties that conduct a business transaction through the internet do not see each other personally nor do they exchange any document neither any money hand-to-hand currency. Electronic payment is a way by which the two parties transfer the money through the internet. Therefore integrity of payment and order information of online purchase is an important concern. With online purchase the cust...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Electronic Colloquium on Computational Complexity (ECCC)
دوره 4 شماره
صفحات -
تاریخ انتشار 1997