On the static DiffieHellman problem on elliptic curves over extension fields, available at http://eprint.iacr.org/2010/177
Abstract. We show that for any elliptic curve E(Fqn), if an adversary has access to a Static DiffieHellman Problem (Static DHP) oracle, then by making O(q1− 1 n+1) Static DHP oracle queries during an initial learning phase, for fixed n> 1 and q → ∞ the adversary can solve any further instance o ...
Abstract

Cited by 6 (0 self)
Abstract. We show that for any elliptic curve E(Fqn), if an adversary has access to a Static DiffieHellman Problem (Static DHP) oracle, then by making O(q1− 1 n+1) Static DHP oracle queries during an initial learning phase, for fixed n> 1 and q → ∞ the adversary can solve any further instance
DiffieHellman Oracles
 ADVANCES IN CRYPTOLOGY  CRYPTO '96 , LECTURE NOTES IN COMPUTER SCIENCE
, 1996
This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive ...
Abstract

Cited by 46 (3 self)
This paper consists of three parts. First, various types of DiffieHellman oracles for a cyclic group G and subgroups of G are defined and their equivalence is proved. In particular, the security of using a subgroup of G instead of G in the DiffieHellman protocol is investigated. Second, we derive
The DiffieHellman Protocol
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1999
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman protoco ...
Abstract

Cited by 29 (0 self)
The 1976 seminal paper of Diffie and Hellman is a landmark in the history of cryptography. They introduced the fundamental concepts of a trapdoor oneway function, a publickey cryptosystem, and a digital signature scheme. Moreover, they presented a protocol, the socalled DiffieHellman
DiffieHellman Key Exchange
Abstract Oblivious Transfer (OT) is the fundamental building block of cryptographic protocols. In this paper we describe the simplest and most efficient protocol for 1outof2 OT to date, which is obtained by tweaking the DiffieHellman keyexchange protocol. The protocol achieves UCsecurity again ...
Abstract
Abstract Oblivious Transfer (OT) is the fundamental building block of cryptographic protocols. In this paper we describe the simplest and most efficient protocol for 1outof2 OT to date, which is obtained by tweaking the DiffieHellman keyexchange protocol. The protocol achieves UC
Curve25519: new DiffieHellman speed records
 In Public Key Cryptography (PKC), SpringerVerlag LNCS 3958
, 2006
Abstract. This paper explains the design and implementation of a highsecurity ellipticcurveDiffieHellman function achieving recordsetting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and stateoftheart timingattack protection) ...
Abstract

Cited by 111 (24 self)
Abstract. This paper explains the design and implementation of a highsecurity ellipticcurveDiffieHellman function achieving recordsetting speeds: e.g., 832457 Pentium III cycles (with several side benefits: free key compression, free key validation, and stateoftheart timingattack protection
Separating Decision DiffieHellman from DiffieHellman in cryptographic groups
, 2001
In many cases, the security of a cryptographic scheme based on DiffieHellman does in fact rely on the hardness of... ...
Abstract

Cited by 74 (0 self)
In many cases, the security of a cryptographic scheme based on DiffieHellman does in fact rely on the hardness of...
Authenticated DiffieHellman Key Agreement Protocols
, 1998
This paper surveys recent work on the design and analysis of key agreement protocols that are based on the intractability of the DiffieHellman problem. The focus is on protocols that have been standardized, or are in the process of being standardized, by organizations such as ANSI, IEEE, ISO/IEC, a ...
Abstract

Cited by 82 (1 self)
This paper surveys recent work on the design and analysis of key agreement protocols that are based on the intractability of the DiffieHellman problem. The focus is on protocols that have been standardized, or are in the process of being standardized, by organizations such as ANSI, IEEE, ISO
On the bit security of the DiffieHellman key
 In Appl. Algebra in Engin., Commun. and Computing
, 2006
Let IFp be a finite field of p elements, where p is prime. The bit security of the DiffieHellman function over subgroups of IF ∗ p and of an elliptic curve over IFp, is considered. It is shown that if the Decision DiffieHellman problem is hard in these groups, then the two most significant bits of ...
Abstract

Cited by 1 (0 self)
Let IFp be a finite field of p elements, where p is prime. The bit security of the DiffieHellman function over subgroups of IF ∗ p and of an elliptic curve over IFp, is considered. It is shown that if the Decision DiffieHellman problem is hard in these groups, then the two most significant bits
Elliptic curve discrete logarithm problem over small degree extension fields. Application to the static Diffie–Hellman problem on E(Fq5)
, 2010
In 2008 and 2009, Gaudry and Diem proposed an index calculus method for the resolution of the discrete logarithm on the group of points of an elliptic curve defined over a small degree extension field Fqn. In this paper, we study a variation of this index calculus method, improving the overall asym ...
Abstract

Cited by 14 (2 self)
Gröbner basis algorithm F4, which significantly speeds up the relation computation and might be of independent interest. As an application, we show how this index calculus leads to a practical example of an oracleassisted resolution of the elliptic curve static DiffieHellman problem over a finite field
On the Complexity of Breaking the DiffieHellman Protocol
 Computer Science Department
, 1996
It is shown that for a class of finite groups, breaking the DiffieHellman protocol is polynomialtime equivalent to computing discrete logarithms. Let G be a cyclic group with generator g and order jGj whose prime factorization is known. When for each large prime factor p of jGj an auxiliary group ...
Abstract

Cited by 6 (3 self)
H p defined over GF (p) with smooth order is given, then breaking the DiffieHellman protocol for G and computing discrete logarithms in G are polynomialtime equivalent. Possible auxiliary groups H p are elliptic curves over GF (p) or over an extension field of GF (p), certain subgroups
