[Cryptography] Crown Sterling debunked

Viktor Dukhovni cryptography at dukhovni.org
Tue Sep 24 17:09:42 EDT 2019


On Tue, Sep 24, 2019 at 10:14:02AM -0400, Phillip Hallam-Baker wrote:

> > Technical nitpick though: perhaps you should speak of the "modular
> > integer and elliptic curve variants of Diffie-Hellman" instead of
> > "discrete log and elliptic curve" because both are discrete logs.
> >
> 
> Are they?

Yes, in both you have an abelian group in which the problem is
recovering $x$ from $n$ and $x^n$, where $x^n$ is obtained from $x$
by applying the group operation between $n$ copies of $x$.

> But the ECDH problem is multiplication of a point by a scalar x.y.P ==
> y.x.P. How does a logarithm come into it? extracting the private key from a
> public key would be solving the point division problem surely (x = x.P/P) ?

In an abelian group, calling the group operation "addition" and
writing it as "+" is equivalent to callng it "multiplication" and
writing it as "*".  Point addition on elliptic curves can equally
be considered point multiplication, with repeated addition of a
point with itself (scalar multiplication) then considered to be
exponentiation.  It makes no difference.

Both the FFDH and ECDH problems are therefore discrete log problems
in abelian groups.

-- 
	Viktor.


More information about the cryptography mailing list