[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: [email protected]*Subject*: Re: D-H key exchange - how does it work?*From*: Brian A. LaMacchia <[email protected]>*Date*: Fri, 20 May 94 13:16:03 -0400*Cc*: [email protected]*In-Reply-To*: Eric Hughes's message of Fri, 20 May 94 09:55:36 -0700,<[email protected]>*Reply-To*: [email protected]*Sender*: [email protected]

Date: Fri, 20 May 94 09:55:36 -0700 From: [email protected] (Eric Hughes) Sender: [email protected] Precedence: bulk I dunno. The paper by LaMacchia and Odlysko on how to break Diffie-Hellman quickly once you've done a lot of precomputation on a static modulus is sufficiently disturbing to me that I would prefer to be able to change modulii fairly frequently if possible. Quoting K. McCurley about the above mentioned work: "Their experience seems to suggest that it is possible to compute discrete logarithms in groups GF(p)^* with p \wavyequals 10^100." [in _The Discrete Logarithm Problem_, collected in _Cryptology and Computational Number Theory_] Right. Basically, what we found was that you needed the same amount of computation to factor a (k+10)-digit composite as to compute discrete logarithms in a field with k-digit modulus p. The discrete log problem is brittle---you do a lot of precomputation for a particular modulus p and then finding individual discrete logs in GF(p) is easy---so you need to think carefully about the lifetime of the information you're going to encrypt and choose the size of your modulus accordingly. --bal

**References**:**D-H key exchange - how does it work?***From:*[email protected] (Eric Hughes)

- Prev by Date:
**Re: D-H key exchange - how does it work?** - Next by Date:
**Re: Is crypto cash patented?** - Prev by thread:
**D-H key exchange - how does it work?** - Next by thread:
**Re: D-H key exchange - how does it work?** - Index(es):