On the bit security of the Diffie-Hellman key

Ian F. Blake, Theo Garefalakis, Igor E. Shparlinski*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)


Let [InlineMediaObject not available: see fulltext.] p be a finite field of p elements, where p is prime. The bit security of the Diffie-Hellman function over subgroups of [InlineMediaObject not available: see fulltext.]*p and of an elliptic curve over [InlineMediaObject not available: see fulltext.] p, is considered. It is shown that if the Decision Diffie-Hellman problem is hard in these groups, then the two most significant bits of the Diffie-Hellman function are secure. Under the weaker assumption of the computational (rather than decisional) hardness of the Diffie-Hellman problems, only about (log p)1/2 bits are known to be secure.

Original languageEnglish
Pages (from-to)397-404
Number of pages8
JournalApplicable Algebra in Engineering, Communications and Computing
Issue number6
Publication statusPublished - Jan 2006


Dive into the research topics of 'On the bit security of the Diffie-Hellman key'. Together they form a unique fingerprint.

Cite this