Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms
Ueli Maurer
Let $G$ be an arbitrary cyclic group with generator $g$ and order $|G|$ with known factorization. $G$ could be the subgroup generated by $g$ within a larger group $H$. Based on an assumption about the existence of smooth numbers in short intervals, we prove that breaking the Diffie-Hellman protocol for $G$ and base $g$ is equivalent to computing discrete logarithms in $G$ to the base $g$ when a certain side information string $S$ of length $2\log|G|$ is given, where $S$ depends only on $|G|$ but not on the definition of $G$ and appears to be of no help for computing discrete logarithms in $G$. If every prime factor $p$ of $|G|$ is such that one of a list of expressions in $p$, including $p-1$ and $p+1$, is smooth for an appropriate smoothness bound, then $S$ can efficiently be constructed and therefore breaking the Diffie-Hellman protocol is equivalent to computing discrete logarithms.
BibTeX Citation
@inproceedings{Maurer94, author = {Ueli Maurer}, title = {Towards the Equivalence of Breaking the {D}iffie-{H}ellman Protocol and Computing Discrete Logarithms}, editor = {Yvo Desmedt}, booktitle = {Advances in Cryptology --- CRYPTO~'94}, pages = 271--281, series = {Lecture Notes in Computer Science}, volume = 839, year = 1994, month = 8, publisher = {Springer-Verlag}, }