Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
نویسندگان
چکیده
The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2 parties. This gives rise to the generalized Diffie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently shown an efficient construction of pseudo-random functions and proved its security based on the GDH-Assumption. In this note, we prove that breaking this assumption modulo a so called Blum-integer would imply an efficient algorithm for factorization. Therefore, both the key-exchange protocol and the pseudo-random functions are secure as long as factoring Blum-integers is hard. Our reduction strengthen a previous “worst-case” reduction of Shmuely [6].
منابع مشابه
Generalized Diffie-Hellman Modulo a Composite is not Weaker than Factoring
The Diie-Hellman key-exchange protocol may naturally be extended to k > 2 parties. This gives rise to the generalized Diie-Hellman assumption (GDH-Assumption). Naor and Reingold have recently shown an eecient construction of pseudo-random functions and reduced the security of their construction to the GDH-Assumption. In this note, we prove that breaking this assumption modulo a composite would ...
متن کاملWeak Composite Diffie-Hellman
In1985, Shmuley proposed a theorem about intractability of Composite Diffie-Hellman. The theorem of Shmuley may be paraphrased as saying that if there exist a probabilistic polynomial time oracle machine which solves the Diffie-Hellman modulo an RSA-number with odd-order bases then there exist a probabilistic algorithm which factors the modulo. In the other hand Shmuely proved the theorem only ...
متن کاملA Note on the Complexity of Breaking Okamoto-Tanaka ID-Based Key Exchange Scheme
The rigorous security of Okamoto-Tanaka identity-based key exchange scheme has been open for a decade. In this paper, we show that (1) breaking the scheme is equivalent to breaking the Diffie-Hellman key exchange scheme over Zn, and (2) impersonation is easier than breaking. The second result is obtained by proving that breaking the RSA public-key cryptosystem reduces to breaking the Diffie-Hel...
متن کاملSecurity of an Identity-Based Cryptosystem and the Related Reductions
Recently an efficient solution to the discrete logarithm problem on elliptic curves over F, with p points ( p : prime), so-called anornalous curues, was independently discovered by Semaev [14], Smart [17], and Satoh and Araki [12]. Since the solution is very efficient, i.e., 0 ( l p l 3 ) , the Semaev-Smart-Satoh-Araki (SSSA) algorithm implies the possibility of realizing a trapdoor for the dis...
متن کاملCryptography in Real Quadratic Congruence Function Fields
The Diffie-Hellman key exchange protocol as well as the ElGamal signature scheme are based on exponentiation modulo p for some prime p. Thus the security of these schemes is strongly tied to the difficulty of computing discrete logarithms in the finite field Fp. The Diffie-Hellman protocol has been generalized to other finite groups arising in number theory, and even to the sets of reduced prin...
متن کامل