Diffie-Hellman 128 bit
Anton Stiglic
astiglic at okiok.com
Mon Mar 17 14:24:42 EST 2003
----- Original Message -----
From: "NOP" <nop at trapped-under-ice.com>
To: "Derek Atkins" <derek at ihtfp.com>
Cc: <cryptography at wasabisystems.com>
Sent: Friday, March 14, 2003 9:32 PM
Subject: Re: Diffie-Hellman 128 bit
> Well, I'm attacking a protocol, I know the rules of DH parameters, and the
> issue here is I'm trying to solve x, brute forcing that in the 128 bit
range
> can be difficult, and x doesn't have to be a prime. (a = g^x mod P). Their
> primes are 128 bit primes, as well as their pubkeys, I've done some tests
on
> their prime, and all perform under this method of (p-1)/2 = prime. This
> eliminates the pohlig-hellman discrete logarithm attack, but I'm trying to
> learn the Gaussian integer method.
Sorry, I mentioned using NFS in my previous reply, which is probably not
the way you want to go about this (since it's not as efficient for small
values
and more complicated to code).
Index-Calculus with Gaussian integers is indeed a good way.
You can look at the paper from LaMacchia and Odlyzko
http://citeseer.nj.nec.com/lamacchia91computation.html
which Derek and maybe someone else pointed out..
They easily calculated discret logs modulo a 192-bit integer.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list