This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Leo Reyzin. Notes for BU CAS CS 538. 1 7 Diffie-Hellman, ElGamal, and a Bit of History 7.1 Diffie-Hellman Key Exchange A great surge of academic interest in modern cryptography started with the work of Diffie, Hellman, and Merkle, and the publication of New Directions in Cryptography by Diffie and Hellman [DH76]. In this work, Diffie and Hellman proposed the idea of public-key encryption and digital signatures. Although they didnt have an implementation of public-key encryption, they did suggest something close, called key agreement. Here is the idea. Suppose there is a fixed prime p and generator g of Z * p known to everyone. Alice and Bob want to agree on a secret they can both use for some symmetric encryption scheme. To do so, Alice selects a random a Z * p and sends g a mod p to Bob. Bob similarly selects a random b Z * p and sends g b mod p to Alice. Now Alice can compute K = g ab by raising g b to the power a , and Bob similarly can compute K by raising g a to the power b . It is believed that g ab is hard to compute from just g , g a and g b . More formally, this is known as the Computational Diffie-Hellman Assumption. Assumption 1. For any poly-time algorithm A , there exists a negligible function such that, if you generate random k-bit prime p and its generator g , and select a random a,b Z * p , Pr[ A ( p,g,g a mod p,g b mod p ) = ( g ab mod p )] ( k ). Note that if p and g are not known to both parties in advance, Alice can simply send both to Bob together with g a . 7.2 A Bit More History In 1977, the RSA cryptosystem [RSA78] appeared in Scientific American, helping generate public interest in the subject. Until 1976, research in cryptography was mostly done in classified research labs, such as the National Security Agency in the United States, for military and intelligence purposes. Documents declassified by the UK in the late 1990s and now available on the web [Ell87] showed that public-key cryptography in general, and Diffie-Hellman and RSA specifically, were discovered in the classified community before their discovery in academia. Specifically, in 1970, James H. Ellis [Ell70] proposed the idea of public-key cryptography, which he termed non-secret encryption; in 1973, Clifford C. Cocks [Coc73] proposed RSA (although Cocks suggestedtermed non-secret encryption; in 1973, Clifford C....
View Full Document
- Spring '09