[Cryptography] Crown Sterling debunked
Viktor Dukhovni
cryptography at dukhovni.org
Tue Sep 24 17:09:42 EDT 2019
On Tue, Sep 24, 2019 at 10:14:02AM -0400, Phillip Hallam-Baker wrote:
> > Technical nitpick though: perhaps you should speak of the "modular
> > integer and elliptic curve variants of Diffie-Hellman" instead of
> > "discrete log and elliptic curve" because both are discrete logs.
> >
>
> Are they?
Yes, in both you have an abelian group in which the problem is
recovering $x$ from $n$ and $x^n$, where $x^n$ is obtained from $x$
by applying the group operation between $n$ copies of $x$.
> But the ECDH problem is multiplication of a point by a scalar x.y.P ==
> y.x.P. How does a logarithm come into it? extracting the private key from a
> public key would be solving the point division problem surely (x = x.P/P) ?
In an abelian group, calling the group operation "addition" and
writing it as "+" is equivalent to callng it "multiplication" and
writing it as "*". Point addition on elliptic curves can equally
be considered point multiplication, with repeated addition of a
point with itself (scalar multiplication) then considered to be
exponentiation. It makes no difference.
Both the FFDH and ECDH problems are therefore discrete log problems
in abelian groups.
--
Viktor.
More information about the cryptography
mailing list