Misplaced Pages

Diffie–Hellman problem

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
(Redirected from Diffie-Hellman protocol)
This article's lead section contains information that is not included elsewhere in the article. If the information is appropriate for the lead of the article, this information should also be included in the body of the article. (June 2023) (Learn how and when to remove this message)
This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (October 2017) (Learn how and when to remove this message)

The Diffie–Hellman problem (DHP) is a mathematical problem first proposed by Whitfield Diffie and Martin Hellman in the context of cryptography and serves as the theoretical basis of the Diffie–Hellman key exchange and its derivatives. The motivation for this problem is that many security systems use one-way functions: mathematical operations that are fast to compute, but hard to reverse. For example, they enable encrypting a message, but reversing the encryption is difficult. If solving the DHP were easy, these systems would be easily broken.

Problem description

The Diffie–Hellman problem is stated informally as follows:

Given an element g {\displaystyle g} and the values of g x {\displaystyle g^{x}} and g y {\displaystyle g^{y}} , what is the value of g x y {\displaystyle g^{xy}} ?

Formally, g {\displaystyle g} is a generator of some group (typically the multiplicative group of a finite field or an elliptic curve group) and x {\displaystyle x} and y {\displaystyle y} are randomly chosen integers.

For example, in the Diffie–Hellman key exchange, an eavesdropper observes g x {\displaystyle g^{x}} and g y {\displaystyle g^{y}} exchanged as part of the protocol, and the two parties both compute the shared key g x y {\displaystyle g^{xy}} . A fast means of solving the DHP would allow an eavesdropper to violate the privacy of the Diffie–Hellman key exchange and many of its variants, including ElGamal encryption.

Computational complexity

In cryptography, for certain groups, it is assumed that the DHP is hard, and this is often called the Diffie–Hellman assumption. The problem has survived scrutiny for a few decades and no "easy" solution has yet been publicized.

As of 2006, the most efficient means known to solve the DHP is to solve the discrete logarithm problem (DLP), which is to find x given g and g. In fact, significant progress (by den Boer, Maurer, Wolf, Boneh and Lipton) has been made towards showing that over many groups the DHP is almost as hard as the DLP. There is no proof to date that either the DHP or the DLP is a hard problem, except in generic groups (by Nechaev and Shoup). A proof that either problem is hard implies that P ≠ NP.

Other variants

Many variants of the Diffie–Hellman problem have been considered. The most significant variant is the decisional Diffie–Hellman problem (DDHP), which is to distinguish g from a random group element, given g, g, and g. Sometimes the DHP is called the computational Diffie–Hellman problem (CDHP) to more clearly distinguish it from the DDHP. Recently groups with pairings have become popular, and in these groups the DDHP is easy, yet the CDHP is still assumed to be hard. For less significant variants of the DHP see the references.

See also

References

  1. Diffie, W.; Hellman, M. (1976-11-01). "New directions in cryptography". IEEE Transactions on Information Theory. 22 (6): 644–654. doi:10.1109/TIT.1976.1055638. ISSN 0018-9448 – via IEEE.
Computational hardness assumptions
Number theoretic
Group theoretic
Pairings
Lattices
Non-cryptographic
Categories: