Proximity search (text): Difference between revisions

Revision as of 18:20, 12 October 2012

The computational Diffie–Hellman (CDH assumption) is the assumption that a certain computational problem within a cyclic group is hard.

Consider a cyclic group G of order q. The CDH assumption states that, given

(g, g^{a}, g^{b})

for a randomly chosen generator g and random

a, b \in {0, \dots, q - 1},

it is computationally intractable to compute the value

g^{a b} .

The security of many cryptosystems is based on the CDH assumption. Also, the confidentiality of ElGamal encryption is equivalent to the CDH assumption (though the semantic security of the scheme is based on the decisional Diffie–Hellman assumption).

The CDH assumption is related to the discrete logarithm assumption, which holds that computing the discrete logarithm of a value base a generator $g$ is hard. If taking discrete logs in $𝔾$ were easy, then the CDH assumption would be false: given

(g, g^{a}, g^{b}),

one could efficiently compute $g^{a b}$ in the following way:

compute $a$ by taking the discrete log of $g^{a}$ to base $g$ ;
compute $g^{a b}$ by exponentiation: $g^{a b} = (g^{b})^{a}$ ;

It is an open problem to determine whether the discrete log assumption is equivalent to CDH, though in certain special cases this can be shown to be the case.

The CDH assumption is also related to the decisional Diffie–Hellman assumption (DDH), which holds that it is hard to distinguish tuples of the form $(g, g^{a}, g^{b}, g^{a b})$ from random tuples. If computing $g^{a b}$ from $(g, g^{a}, g^{b})$ were easy, then one could detect DDH tuples trivially. It is believed that CDH is a weaker assumption than DDH: there are groups for which detecting DDH tuples is easy, but solving CDH problems is believed to be hard.

References

Variations of the Diffie–Hellman Problem (pdf file)
Towards the Equivalence of Breaking the Diffie–Hellman Protocol and Computing Discrete Logarithms (pdf file)

@@ Line 1: / Line 1: @@
-Podiatrist Lal from Saint-Jean-Chrysostome, has many hobbies and interests including bowls, new launch property singapore and smoking pipes. Discovered some incredible spots having spent 5 days at Lake Baikal.<br><br>My weblog :: [https://www.agryd.com/profile-823578/info/ new property launch singapore]
+The '''computational Diffie–Hellman (CDH assumption)''' is the assumption that a certain [[computational problem]] within a [[cyclic group]] is hard.
+Consider a cyclic group ''G'' of order&nbsp;''q''.  The CDH assumption states that, given
+:<math>(g,g^a,g^b) \, </math>
+for a randomly chosen generator ''g'' and random
+:<math>a,b \in \{0, \ldots, q-1\},\,</math>
+it is [[computationally intractable]] to compute the value
+:<math>g^{ab}. \,</math>
+The security of many [[cryptosystem]]s is based on the CDH assumption.  Also, the confidentiality of [[ElGamal encryption]] is equivalent to the CDH assumption (though the [[semantic security]] of the scheme is based on the [[decisional Diffie–Hellman assumption]]).
+The CDH assumption is related to the [[discrete logarithm assumption]], which holds that computing the [[discrete logarithm]] of a value base a generator <math>g</math> is hard. If taking discrete logs in <math>{\mathbb G}</math> were easy, then the CDH assumption would be false: given
+:<math>(g,g^a,g^b), \, </math>
+one could efficiently compute <math>g^{ab}</math> in the following way:
+* compute <math>a</math> by taking the discrete log of <math>g^a</math> to base <math>g</math>;
+* compute <math>g^{ab}</math> by exponentiation: <math>g^{ab} = (g^b)^a</math>;
+It is an open problem to determine whether the discrete log assumption is equivalent to CDH, though in certain special cases this can be shown to be the case.
+The CDH assumption is also related to the [[decisional Diffie–Hellman assumption]] (DDH), which holds that it is hard to distinguish tuples of the form <math>(g,g^a,g^b,g^{ab})</math> from random tuples.  If computing <math>g^{ab}</math> from <math>(g,g^a,g^b)</math> were easy, then one could detect DDH tuples trivially.  It is believed that CDH is a '''weaker''' assumption than DDH: there are groups for which detecting DDH tuples is easy, but solving CDH problems is believed to be hard.
+==See also==
+* [[Diffie–Hellman problem]]
+* [[Diffie–Hellman key exchange]]
+==References==
+#Variations of the Diffie–Hellman Problem ([http://www.i2r.a-star.edu.sg/icsd/publications/Baofeng_2003_Variations%20of%20Diffie%20Hellman%20problems.pdf pdf file])
+#Towards the Equivalence of Breaking the Diffie–Hellman Protocol and Computing Discrete Logarithms ([http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C94/271.PDF pdf file])
+{{DEFAULTSORT:Computational Diffie-Hellman assumption}}
+[[Category:Computational hardness assumptions]]

Proximity search (text): Difference between revisions

Revision as of 18:20, 12 October 2012

See also

References

Navigation menu

Search