Abstract
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor one-way function, a public-key cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the so-called Diffie–Hellman protocol, allowing two parties who share no secret information initially, to generate a mutual secret key. This paper summarizes the present knowledge on the security of this protocol.
Similar content being viewed by others
References
L. M. Adleman and M. A. Huang, Primality testing and abelian varieties over finite fields, Lecture Notes in Mathematics, Vol. 1512, Springer-Verlag (1992).
L. Babai, On Lovasz' lattice reduction and the nearest lattice point problem, Combinatorica, Vol. 6 (1986) pp. 1–13.
E. Bach and J. Shallit, Factoring with cyclotomic polynomials, Math. Comp., Vol. 52 (1989) pp. 201–219.
D. Boneh, Studies in computational number theory with applications to cryptography, Ph. D. Thesis, Princeton Univ. (Nov. 1996).
D. Boneh and R. J. Lipton, Algorithms for black-box fields and their application to cryptography, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 283–297.
D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 129–142.
S. Brands, An efficient off-line electronic cash system based on the representation problem, Tech. Rep. CSR9323, CWI, Amsterdam (1993).
J. Buchmann and V. Müller, Computing the number of points of elliptic curves over finite fields, Proc. ISSAC '91, ACM Press (1991) pp. 179–182.
J. Buchmann and H. C. Williams, A key-exchange system based on imaginary quadratic fields, Journal of Cryptology, Vol. 1, No. 2 (1988) pp. 107–118.
R. Canetti, Towards realizing random oracles: hash functions that hide all partial information, Advances in Cryptology-CRYPTO '97, Lecture Notes in Computer Science, Springer-Verlag, 1294 (1997) pp. 455–469.
E. R. Canfield, P. Erdös, and C. Pomerance, On a problem of Oppenheim concerning "Factorisatio Numerorum", J. Number Theory, Vol. 17, (1983) pp. 1–28.
D. G. Cantor, Computing in the Jacobian of a hyperelliptic curve, Math. Comp., Vol. 48, No. 177 (1987) pp. 95–101.
M. A. Cherepnev, On the connection between discrete logarithms and the Diffie-Hellman problem, Discrete Math. Appl. (1996).
D. Coppersmith and I. Shparlinsky, On polynomial approximation and the parallel complexity of the discrete logarithm problem and breaking the Diffie-Hellman cryptosystem, preprint (Nov. 1996).
B. den Boer, Diffie-Hellman is as strong as discrete log for certain primes, Advances in Cryptology-CRYPTO '88, Lecture Notes in Computer Science, Springer-Verlag, 403 (1989) pp. 530–539.
W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22, No. 6 (1976) pp. 644–654.
T. El-Gamal, A public key cryptosystem and a signature scheme based on the discrete logarithm, IEEE Transactions on Information Theory, Vol. 31, No. 4 (1985) pp. 469–472.
W. Feller, An Introduction to Probability Theory and Its Applications, John Wiley & Sons (1968).
K. O. Geddes, S. R. Czapor, and G. Labhan, Algorithms for Computer Algebra, Kluwer Academic Publisher (1992).
S. Goldwasser and J. Kilian, Almost all primes can be quickly certified, Proc. of the 18th Annual ACM Symposium on the Theory of Computing (1986) pp. 316–329.
G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, University Press, Oxford (1979).
K. Ireland and M. Rosen, A Classical Introduction to Modern Number Theory, Springer-Verlag (1982).
N. Koblitz, Hyperelliptic cryptosystems, Journal of Cryptology, Vol. 1 (1989) pp. 139–150.
N. Koblitz, Elliptic curve cryptosystems, Math. Comp., Vol. 48 (1987) pp. 203–209.
S. Lang, Algebra, Addison-Wesley Publ. Comp. (1984).
G.-J. Lay and H. G. Zimmer, Constructing elliptic curves with given group order over large finite fields, Proc. of ANTS-I, Lecture Notes in Computer Science, Springer-Verlag, 877 (1994) pp. 250–263.
H. W. Lenstra, Jr., J. Pila, and C. Pomerance, A hyperelliptic smoothness test. I, Philosophical Transactions of the Royal Society, Series A, Vol. 345, No. 1676, London (1993) pp. 397–408.
H. W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Mathematics, Vol. 126 (1987) pp. 649–673.
A. Lenstra, H. W. Lenstra, Jr., and L. Lovasz, Factoring polynomials with rational coefficients, Mathematische Annalen, Vol. 261 (1982) pp. 515–534.
R. Lidl and H. Niederreiter, Introduction to Finite Fields and Their Application, Cambridge University Press (1986).
J. L. Massey, Advanced Technology Seminars Short Course Notes, Zürich (1993) pp. 6.66–6.68.
U. M. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, Advances in Cryptology-CRYPTO '94, Lecture Notes in Computer Science, Springer-Verlag, 839 (1994) pp. 271–281.
U. M. Maurer and S. Wolf, The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms, SIAM Journal on Computing, Vol. 28, No. 5 (1999) pp. 1689–1721.
U. M. Maurer and S. Wolf, Diffie-Hellman, decision Diffie-Hellman, and discrete logarithms, Proc. of the 1998 IEEE Symp. on Information Theory, Cambridge, U.S.A. (1998) p. 327.
U. M. Maurer and S. Wolf, Lower bounds on generic algorithms in groups, Proceedings of EUROCRYPT '98, Lecture Notes in Computer Science, Springer-Verlag, 1403 (1998) pp. 72–84.
U. M. Maurer and S. Wolf, Diffie-Hellman oracles, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 268–282.
U. M. Maurer and Y. Yacobi, Non-interactive public-key cryptography, Designs, Codes, and Cryptography, Vol. 9 (1996) pp. 305–316.
K. S. McCurley, A key distribution system equivalent to factoring, Journal of Cryptology, Vol. 1, No. 2 (1988) pp. 95–105.
K. S. McCurley, The discrete logarithm problem, Cryptology and Computational Number Theory (C. Pomerance, ed.), Proc. of Symp. in Applied Math., American Mathematical Society, 42 (1990) pp. 49–74.
A. J. Menezes, T. Okamoto, and S. A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, Vol. 39 (1993) pp. 1639–1646.
A. J. Menezes (Ed.), Applications of Finite Fields, Kluwer Academic Publishers (1992).
A. J. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers (1993).
V. Miller, Uses of elliptic curves in cryptography, Advances in Cryptology-CRYPTO '85, Lecture Notes in Computer Science, Springer-Verlag, 218 (1986) pp. 417–426.
M. Naor and O. Reingold, Number-theoretic constructions of efficient pseudo-random functions, preliminary version (1997).
P. C. van Oorschot and M. Wiener, On Diffie-Hellman key agreement with short exponents, Advances in Cryptology-EUROCRYPT '96, Lecture Notes in Computer Science, Springer-Verlag, 1070 (1996) pp. 332–343.
R. Peralta, A simple and fast probabilistic algorithm for computing square roots modulo a prime number, IEEE Transactions on Information Theory, Vol. 32, No. 6 (1986) pp. 846–847.
S. C. Pohlig and M. E. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory, Vol. 24, No. 1 (1978) pp. 106–110.
J. M. Pollard, Monte-Carlo methods for index computation mod p, Math. Comp., Vol. 32 (1978) pp. 918–924.
J. M. Pollard, Theorems on factorization and primality testing, Proceedings of the Cambridge Philosophical Society, Vol. 76 (1974) pp. 521–528.
R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, Vol. 21, No. 2 (1978) pp. 120–126.
H. Rück, A note on elliptic curves over finite fields, Math. Comp., Vol. 49 (1987) pp. 301–304.
K. Sakrai and H. Shizuya, Relationships among the computational powers of breaking discrete log cryptosystems, Advances in Cryptology-EUROCRYPT '95, Lecture Notes in Computer Science, Springer-Verlag, 921 (1995) pp. 341–355.
C. P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology-CRYPTO '89, Lecture Notes in Computer Science, Springer-Verlag, 435 (1990) pp. 239–252.
R. Schoof, Elliptic curves over finite fields and the computation of square roots mod p, Math. Comp., Vol. 44, No. 170 (1985) pp. 483–494.
V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology-EUROCRYPT '97, Lecture Notes in Computer Science, Springer-Verlag, 1233 (1997) pp. 256–266.
I. E. Shparlinsky, Computational Problems in Finite Fields, Kluwer Academic Publishers (1992).
S. A. Vanstone and R. J. Zuccherato, Elliptic curve cryptosystems using curves of smooth order over the ring Z n, IEEE Transactions on Information Theory (1997).
C. P. Waldvogel and J. L. Massey, The probability distribution of the Diffie-Hellman key, Advances in Cryptology-AUSCRYPT '92, Lecture Notes in Computer Science, Springer-Verlag, 718 (1993) pp. 492–504.
S. Wolf, Information-theoretically and computationally secure key agreement in cryptography, ETH dissertation No. 13138, Swiss Federal Institute of Technology (ETH Zurich), May 1999.
S. Wolf, Diffie-Hellman and discrete logarithms, Diploma Thesis, Department of Computer Science, ETH Zürich (March 1995).
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Maurer, U.M., Wolf, S. The Diffie–Hellman Protocol. Designs, Codes and Cryptography 19, 147–171 (2000). https://doi.org/10.1023/A:1008302122286
Issue Date:
DOI: https://doi.org/10.1023/A:1008302122286