TY - JOUR

T1 - On the bit security of the Diffie-Hellman key

AU - Blake, Ian F.

AU - Garefalakis, Theo

AU - Shparlinski, Igor E.

PY - 2006/1

Y1 - 2006/1

N2 - Let [InlineMediaObject not available: see fulltext.] p be a finite field of p elements, where p is prime. The bit security of the Diffie-Hellman function over subgroups of [InlineMediaObject not available: see fulltext.]*p and of an elliptic curve over [InlineMediaObject not available: see fulltext.] p, is considered. It is shown that if the Decision Diffie-Hellman problem is hard in these groups, then the two most significant bits of the Diffie-Hellman function are secure. Under the weaker assumption of the computational (rather than decisional) hardness of the Diffie-Hellman problems, only about (log p)1/2 bits are known to be secure.

AB - Let [InlineMediaObject not available: see fulltext.] p be a finite field of p elements, where p is prime. The bit security of the Diffie-Hellman function over subgroups of [InlineMediaObject not available: see fulltext.]*p and of an elliptic curve over [InlineMediaObject not available: see fulltext.] p, is considered. It is shown that if the Decision Diffie-Hellman problem is hard in these groups, then the two most significant bits of the Diffie-Hellman function are secure. Under the weaker assumption of the computational (rather than decisional) hardness of the Diffie-Hellman problems, only about (log p)1/2 bits are known to be secure.

UR - http://www.scopus.com/inward/record.url?scp=31444444896&partnerID=8YFLogxK

U2 - 10.1007/s00200-005-0184-x

DO - 10.1007/s00200-005-0184-x

M3 - Article

AN - SCOPUS:31444444896

VL - 16

SP - 397

EP - 404

JO - Applicable Algebra in Engineering, Communications and Computing

JF - Applicable Algebra in Engineering, Communications and Computing

SN - 0938-1279

IS - 6

ER -