This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Chapter 10 NumberTheoretic Primitives Number theory is a source of several computational problems that serve as primitives in the design of cryptographic schemes. Asymmetric cryptography in particular relies on these primitives. As with other beasts that we have been calling primitives, these computational problems exhibit some intractability features, but by themselves do not solve any cryptographic problem directly relevant to a user security goal. But appropriately applied, they become useful to this end. In order to later effectively exploit them it is useful to first spend some time understanding them. This understanding has two parts. The first is to provide precise definitions of the various problems and their measures of intractability. The second is to look at what is known or conjectured about the computational complexity of these problems. There are two main classes of primitives. The first class relates to the discrete logarithm problem over appropriate groups, and the second to the factoring of composite integers. We look at them in turn. This chapter assumes some knowledge of computational number theory as covered in the chapter on Computational Number Theory. 10.1 Discrete logarithm related problems Let G be a cyclic group and let g be a generator of G . Recall this means that G = { g ,g 1 ,... ,g m 1 } , where m =  G  is the order of G . The discrete logarithm function DLog G,g : G Z m takes input a group element a and returns the unique i Z m such that a = g i . There are several computational problems related to this function that are used as primitives. 10.1.1 Informal descriptions of the problems The computational problems we consider in this setting are summarized in Fig. 10.1. In all cases, we are considering an attacker that knows the group G and the generator g . It is given the quantities listed in the column labeled given, and is trying to compute the quantities, or answer the question, listed in the column labeled figure out. The most basic problem is the discrete logarithm (DL) problem. Informally stated, the at tacker is given as input some group element X , and must compute DLog G,g ( X ). This problem is conjectured to be computationally intractable in suitable groups G . 2 NUMBERTHEORETIC PRIMITIVES Problem Given Figure out Discrete logarithm (DL) g x x Computational DiffieHellman (CDH) g x ,g y g xy Decisional DiffieHellman (DDH) g x ,g y ,g z Is z xy (mod  G  )? Figure 10.1: An informal description of three discrete logarithm related problems over a cyclic group G with generator g . For each problem we indicate the input to the attacker, and what the attacker must figure out to win. The formal definitions are in the text....
View
Full
Document
This note was uploaded on 08/31/2011 for the course CSE 207 taught by Professor Daniele during the Winter '08 term at UCSD.
 Winter '08
 daniele

Click to edit the document details