密码算法与协议2密钥交换协议解析
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Also, Gn = <g>, where g is any generator (i.e., an element of order n) of Gn; thus, the elements of Gn are enumerated as 1, g, g2, g3, . . . , gn-1. Often, we write G as a shorthand for Gn.
given generator g and random group element gx.
Assumption 2.2 The (Computational) Diffie-Hellman (DH)
assumption for group G states that it is hard to compute gxy given generator g and random group elements gx, gy.
2020/10/13
7
Discrete Log and Diffie-Hellman Assumptions
The following three assumptions are commonly used in cryptographic sLeabharlann Baiduhemes based on a discrete log setting.
Assumption 2.1 The Discrete Logarithm (DL) assumption for group G states that it is hard to compute x
case running time function is of the form O(nk), where n is the input size and k is a constant.
A probabilistic polynomial-time algorithm is similarly
defined.
A probabilistic algorithm is such a computational procedure
that may fail without an output, the probability of failure can be controlled to adequately small.
Assumption 2.3 The Decision Diffie-Hellman (DDH)
assumption for group G states that it is hard to decide
whether zxy mod n given generator g and random group
The size of the input is the total number of bits needed to
represent the input in ordinary binary notation using an appropriate encoding scheme.
A polynomial-time algorithm is an algorithm whose worst-
Note that ord(y) | n.
2020/10/13
2
2020/10/13
3
Mathematical Preliminaries
Probability
Throughout, we will use basic notions from probability theory, such
Usually, but not necessarily, the group order n is prime. Recall that any group of prime order is cyclic, and that any finite cyclic group is abelian.
elements gx, gy, gz.
2020/10/13
6
Probabilistic Polynomial Time (p.p.t.)
Algorithm
An (deterministic) algorithm is a well-defined
computational procedure that takes a variable input and halts with an output.
Chapter 2.
Key Exchange Protocols
2020/10/13
1
Mathematical Preliminaries
Groups
Throughout, Gn denotes a cyclic group of finite order n, written multiplicatively.
The discrete log of an element y G is defined as the least
nonnegative integer x satisfying y = gx. We write x = logg y. For y G, we let ord(y) denote its order.
as sample space, events, probability distributions, and random variables. We will only be concerned with discrete random variables. Specifically, we use the following notion of statistical distance.
Definition
Note
2020/10/13
4
Mathematical Preliminaries
The statistical distance is a metric in the following sense:
2020/10/13
5
Discrete Log and Die-Hellman Assumptions
given generator g and random group element gx.
Assumption 2.2 The (Computational) Diffie-Hellman (DH)
assumption for group G states that it is hard to compute gxy given generator g and random group elements gx, gy.
2020/10/13
7
Discrete Log and Diffie-Hellman Assumptions
The following three assumptions are commonly used in cryptographic sLeabharlann Baiduhemes based on a discrete log setting.
Assumption 2.1 The Discrete Logarithm (DL) assumption for group G states that it is hard to compute x
case running time function is of the form O(nk), where n is the input size and k is a constant.
A probabilistic polynomial-time algorithm is similarly
defined.
A probabilistic algorithm is such a computational procedure
that may fail without an output, the probability of failure can be controlled to adequately small.
Assumption 2.3 The Decision Diffie-Hellman (DDH)
assumption for group G states that it is hard to decide
whether zxy mod n given generator g and random group
The size of the input is the total number of bits needed to
represent the input in ordinary binary notation using an appropriate encoding scheme.
A polynomial-time algorithm is an algorithm whose worst-
Note that ord(y) | n.
2020/10/13
2
2020/10/13
3
Mathematical Preliminaries
Probability
Throughout, we will use basic notions from probability theory, such
Usually, but not necessarily, the group order n is prime. Recall that any group of prime order is cyclic, and that any finite cyclic group is abelian.
elements gx, gy, gz.
2020/10/13
6
Probabilistic Polynomial Time (p.p.t.)
Algorithm
An (deterministic) algorithm is a well-defined
computational procedure that takes a variable input and halts with an output.
Chapter 2.
Key Exchange Protocols
2020/10/13
1
Mathematical Preliminaries
Groups
Throughout, Gn denotes a cyclic group of finite order n, written multiplicatively.
The discrete log of an element y G is defined as the least
nonnegative integer x satisfying y = gx. We write x = logg y. For y G, we let ord(y) denote its order.
as sample space, events, probability distributions, and random variables. We will only be concerned with discrete random variables. Specifically, we use the following notion of statistical distance.
Definition
Note
2020/10/13
4
Mathematical Preliminaries
The statistical distance is a metric in the following sense:
2020/10/13
5
Discrete Log and Die-Hellman Assumptions