{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

w-ntp - Chapter 10 Number-Theoretic Primitives Number...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 10 Number-Theoretic Primitives Number theory is a source of several computational problems that serve as primitives in the design of cryptographic schemes. Asymmetric cryptography in particular relies on these primitives. As with other beasts that we have been calling “primitives,” these computational problems exhibit some intractability features, but by themselves do not solve any cryptographic problem directly relevant to a user security goal. But appropriately applied, they become useful to this end. In order to later effectively exploit them it is useful to first spend some time understanding them. This understanding has two parts. The first is to provide precise definitions of the various problems and their measures of intractability. The second is to look at what is known or conjectured about the computational complexity of these problems. There are two main classes of primitives. The first class relates to the discrete logarithm problem over appropriate groups, and the second to the factoring of composite integers. We look at them in turn. This chapter assumes some knowledge of computational number theory as covered in the chapter on Computational Number Theory. 10.1 Discrete logarithm related problems Let G be a cyclic group and let g be a generator of G . Recall this means that G = { g 0 , g 1 , . . . , g m 1 } , where m = | G | is the order of G . The discrete logarithm function DLog G,g : G Z m takes input a group element a and returns the unique i Z m such that a = g i . There are several computational problems related to this function that are used as primitives. 10.1.1 Informal descriptions of the problems The computational problems we consider in this setting are summarized in Fig. 10.1. In all cases, we are considering an attacker that knows the group G and the generator g . It is given the quantities listed in the column labeled “given,” and is trying to compute the quantities, or answer the question, listed in the column labeled “figure out.” The most basic problem is the discrete logarithm (DL) problem. Informally stated, the at- tacker is given as input some group element X , and must compute DLog G,g ( X ). This problem is conjectured to be computationally intractable in suitable groups G .
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 NUMBER-THEORETIC PRIMITIVES Problem Given Figure out Discrete logarithm (DL) g x x Computational Diffie-Hellman (CDH) g x , g y g xy Decisional Diffie-Hellman (DDH) g x , g y , g z Is z xy (mod | G | )? Figure 10.1: An informal description of three discrete logarithm related problems over a cyclic group G with generator g . For each problem we indicate the input to the attacker, and what the attacker must figure out to “win.” The formal definitions are in the text. One might imagine “encrypting” a message x Z m by letting g x be the ciphertext. An adversary wanting to recover x is then faced with solving the discrete logarithm problem to do so.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}