Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms [chapter]

Ueli M. Maurer
Advances in Cryptology — CRYPTO '94  
Let G be an arbitrary cyclic group with generator g and order /GI with known factorization. G could be the subgroup generated by g within a larger group H . Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the Diffie-Hellman protocol for G and base g is equivalent to computing discrete logarithms in C: t,o t,he base g when a certain side information string S of length 2loglGI is given, where S depends only on [GI but not on the definition
more » ... G and appears t o be of no help for computing discrete logarithms in G. If every prime factor p of IGI is such that one of a list of expressions in p , including p -1 and p + 1, is smooth for an appropriate smoothness bound, then S can efficiently be constructed and therefore breaking the Diffie-Hellman protocol is equivalent to computing discrete logarithms.
doi:10.1007/3-540-48658-5_26 dblp:conf/crypto/Maurer94 fatcat:z3jzgv5a2rflpdoasmvl4xd2ii