VOOZH about

URL: https://link.springer.com/chapter/10.1007/3-540-68339-9_29?error=cookies_not_supported&code=4b0d5130-3051-4034-ab42-4b1da3d43d35

⇱ On Diffie-Hellman Key Agreement with Short Exponents | Springer Nature Link

Skip to main content

On Diffie-Hellman Key Agreement with Short Exponents

  • Conference paper
  • First Online:

Abstract

The difficulty of computing discrete logarithms known to be “short” is examined, motivated by recent practical interest in using Diffie-Hellman key agreement with short exponents (e.g. over Z p with 160-bit exponents and 1024-bit primes p). A new divide-and-conquer algorithm for discrete logarithms is presented, combining Pollard’s lambda method with a partial Pohlig-Hellman decomposition. For random Diffie-Hellman primes p, examination reveals this partial decomposition itself allows recovery of short exponents in many cases, while the new technique dramatically extends the range. Use of subgroups of large prime order precludes the attack at essentially no cost, and is the recommended solution. Using safe primes also precludes this particular attack and allows improved exponentiation performance, although parameter generation costs are dramatically higher.

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

References

  1. A. Aziz, “Simple Key Management for Internet Protocols (SKIP)”, Internet Draft (work in progress), draft-ietf-ipsec-skip-04.txt, November 1995.

  2. A. Bosselaers, R. Govaerts, J. Vandewalle, “Comparison of three modular reduction functions”, Crypto’93, Springer-Verlag LNCS 773, pp.175–176.

  3. W. Diffie, M. Hellman, “New directions in cryptography”, IEEE IT-22 (1976) pp.644–654.

  4. J. Hastad, “On using RSA with low exponent in a public-key network”, Crypto’85. Springer-Verlag LNCS 218, pp.403–408.

  5. R. Heiman, “A note on discrete logarithms with special structure”, Eurocrypt’92, Springer-Verlag LNCS 658, pp.454–457.

  6. P. Karn, W.A. Simpson, “The Photuris session key management protocol”. Internet Draft (work in progress), draft-ietf-ipsec-photuris-06.txt, October 1995.

  7. D.E. Knuth, The Art of Computer Programming, vol.2: Seminumerical Algorithms, 2nd edition, Addison-Wesley, 1981.

  8. D.E. Knuth, The Art of Computer Programming, vol.3: Sorting and Searching, Addison-Wesley, 1973.

  9. B.A. LaMacchia, A.M. Odlyzko, “Computation of discrete logarithms in prime fields”, Designs, Codes and Cryptography, vol.1 no.1 (May 1991), pp.47–62.

  10. K.S. McCurley, “The discrete logarithm problem”, pp.49–74 in: Cryptology and Computational Number Theory — Proc. Symp. Applied Math., vol. 42 (1990). AMS.

  11. A.K. Lenstra, M.S. Manasse, “Factoring by electronic mail”, Eurocrypt’89. Springer-Verlag LNCS 434, pp.355–371.

  12. U.M. Maurer, “Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms”. Crypto’94, Springer-Verlag LNCS 839. pp.271–281.

  13. U.M. Maurer, “Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Parameters”, J. Cryptology, vol.8 no.3 (1995), 123–156.

  14. S.C. Pohlig, M.E. Hellman, “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance”, IEEE Trans. Information Theory, vol. IT-24, no.1 (Jan. 1978), pp.106–110.

  15. J.M. Pollard, “Monte Carlo methods for index computation (mod p)”, Math. Comp., vol.32 no.143 (July 1978) pp.918–924.

  16. R.L. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital signatures and public key cryptosystems”, C.ACM, vol.21 no.2 (Feb. 1978), pp.120–126.

  17. R. Rueppel, P.C. van Oorschot, “Modern key agreement techniques”, Computer Communications, vol.17 no.7 (July 1994), pp.458–465.

  18. C.P. Schnorr, “Efficient signature generation by smart cards”, J. Cryptology vol.4 (1991), pp.161–174.

  19. U.S. Department of Commerce / N.I.S.T., Digital Signature Standard, FIPS 186, National Technical Information Service, Springfield, Virginia, May 1994.

  20. P.C. van Oorschot, M.J. Wiener, “Parallel collision search with application to hash functions and discrete logarithms”, Proc. 2nd ACM Conference on Computer and Communications Security (Nov. 1994), Fairfax, VA, pp.210–218.

  21. M.J. Wiener, “Cryptanalysis of short RSA secret exponents”, IEEE Trans. on Info. Theory, vol.36 no.3 (May 1990), pp.553–558.

  22. Y. Yacobi, “Discrete-log with compressible exponents”, Crypto’90, Springer-Verlag LNCS 537, pp.639–643.

Download references

Author information

Authors and Affiliations

  1. Bell-Northern Research, Box 3511, Station C, Ottawa, Ontario, K1Y 4H7, Canada

    Paul C. van Oorschot & Michael J. Wiener

Authors
  1. Paul C. van Oorschot
  2. Michael J. Wiener

Editor information

Editors and Affiliations

  1. Department of Computer Science, Swiss Federal Institute of Technology (ETH), CH-8092, Zürich, Switzerland

    Ueli Maurer

About this paper

Cite this paper

van Oorschot, P.C., Wiener, M.J. (1996). On Diffie-Hellman Key Agreement with Short Exponents. In: Maurer, U. (eds) Advances in Cryptology — EUROCRYPT ’96. EUROCRYPT 1996. Lecture Notes in Computer Science, vol 1070. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68339-9_29

Download citation

  • DOI: https://doi.org/10.1007/3-540-68339-9_29

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-61186-8

  • Online ISBN: 978-3-540-68339-1

  • eBook Packages: Springer Book Archive

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Publish with us

Policies and ethics