[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: D-H key exchange - how does it work?
Date: Fri, 20 May 94 09:55:36 -0700
From: [email protected] (Eric Hughes)
Sender: [email protected]
I dunno. The paper by LaMacchia and Odlysko on how to break
Diffie-Hellman quickly once you've done a lot of precomputation on a
static modulus is sufficiently disturbing to me that I would prefer to
be able to change modulii fairly frequently if possible.
Quoting K. McCurley about the above mentioned work: "Their experience
seems to suggest that it is possible to compute discrete logarithms in
groups GF(p)^* with p \wavyequals 10^100." [in _The Discrete Logarithm
Problem_, collected in _Cryptology and Computational Number Theory_]
Right. Basically, what we found was that you needed the same amount of
computation to factor a (k+10)-digit composite as to compute discrete
logarithms in a field with k-digit modulus p. The discrete log problem
is brittle---you do a lot of precomputation for a particular modulus p
and then finding individual discrete logs in GF(p) is easy---so you
need to think carefully about the lifetime of the information you're
going to encrypt and choose the size of your modulus accordingly.