[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Diffie-Hellman in GF(2^n)?

To: [email protected]
Subject: Re: Diffie-Hellman in GF(2^n)?
From: David A Wagner <[email protected]>
Date: Sun, 12 Nov 1995 14:43:53 -0800 (PST)
Cc: [email protected]
Sender: [email protected]

In article <[email protected]> you write:
> Most Diffie-Hellman implementations currently use the multiplicative group
> of prime fields.  However, the multiplicative group of finite fields of
> characteristic 2 (GF(2^n)) can also be used and should be easier to
> implement.  Is there any reason why they should not be used?  Does anyone
> know the asymptotic running time of the best algorithm for calculating
> discrete logarithms in GF(2^n)? 

I remember that the discrete log problem is quite a bit easier
in GF(2^n), but I don't remember how much easier.   Let me try
to look it up...

A. Odlyzko has a paper recommending that people should not use
GF(2^n) for discrete log applications; in it he states that you
will need at the minimum n > 800, and probably n > 1500.  (And
you also need to choose n carefully.)  A quote from the abstract:

``Hence the fields GF(2^n) out to be avoided in all cryptographic
applications.''

I don't know enough about number theory to judge for myself;
but you can read the (long) paper yourself at

	ftp://netlib.att.com/netlib/att/math/odlyzko/discrete.logs.ps.Z

I hope this helps!

Follow-Ups:
- Re: Diffie-Hellman in GF(2^n)?
  - From: Wei Dai <[email protected]>

Prev by Date: Re: the revolution of microcurrency
Next by Date: WebSTAR security challenge. Make $10,000 breaking in a site.
Prev by thread: Re: Diffie-Hellman in GF(2^n)?
Next by thread: Re: Diffie-Hellman in GF(2^n)?
Index(es):
- Date
- Thread