Leo Reyzin. Notes for BU CAS CS 538.
1
7
Di
ffi
eHellman, ElGamal, and a Bit of History
7.1
Di
ffi
eHellman Key Exchange
A great surge of academic interest in modern cryptography started with the work of Di
ffi
e, Hellman, and
Merkle, and the publication of “New Directions in Cryptography” by Di
ffi
e and Hellman [DH76]. In this
work, Di
ffi
e and Hellman proposed the idea of publickey encryption and digital signatures.
Although
they didn’t have an implementation of publickey encryption, they did suggest something close, called “key
agreement.”
Here is the idea. Suppose there is a fixed prime
p
and generator
g
of
Z
*
p
known to everyone. Alice and
Bob want to agree on a secret they can both use for some symmetric encryption scheme. To do so, Alice
selects a random
a
∈
Z
*
p
and sends
g
a
mod
p
to Bob.
Bob similarly selects a random
b
∈
Z
*
p
and sends
g
b
mod
p
to Alice. Now Alice can compute
K
=
g
ab
by raising
g
b
to the power
a
, and Bob similarly can
compute
K
by raising
g
a
to the power
b
. It is believed that
g
ab
is hard to compute from just
g
,
g
a
and
g
b
.
More formally, this is known as the Computational Di
ffi
eHellman Assumption.
Assumption 1.
For any polytime algorithm
A
, there exists a negligible function
η
such that, if you generate
random
k
bit prime
p
and its generator
g
, and select a random
a, b
∈
Z
*
p
, Pr[
A
(
p, g, g
a
mod
p, g
b
mod
p
) =
(
g
ab
mod
p
)]
≤
η
(
k
).
Note that if
p
and
g
are not known to both parties in advance, Alice can simply send both to Bob together
with
g
a
.
7.2
A Bit More History
In 1977, the RSA cryptosystem [RSA78] appeared in Scientific American, helping generate public interest
in the subject.
Until 1976, research in cryptography was mostly done in classified research labs, such as the National
Security Agency in the United States, for military and intelligence purposes. Documents declassified by the
UK in the late 1990s and now available on the web [Ell87] showed that publickey cryptography in general,
and Di
ffi
eHellman and RSA specifically, were discovered in the classified community before their discovery in
academia. Specifically, in 1970, James H. Ellis [Ell70] proposed the idea of publickey cryptography, which he
termed “nonsecret encryption”; in 1973, Cli
ff
ord C. Cocks [Coc73] proposed RSA (although Cocks suggested
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Spring '09
 Cryptography, Publickey cryptography, BU CAS CS, nonsecret encryption

Click to edit the document details