[Cryptography] Crown Sterling debunked
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Mon Sep 30 02:41:37 EDT 2019
On 9/24/19 11:09 PM, Viktor Dukhovni wrote:
> On Tue, Sep 24, 2019 at 10:14:02AM -0400, Phillip Hallam-Baker wrote:
>
>>> Technical nitpick though: perhaps you should speak of the "modular
>>> integer and elliptic curve variants of Diffie-Hellman" instead of
>>> "discrete log and elliptic curve" because both are discrete logs.
>>>
>>
>> Are they?
>
> Yes, in both you have an abelian group in which the problem is
> recovering $x$ from $n$ and $x^n$, where $x^n$ is obtained from $x$
> by applying the group operation between $n$ copies of $x$.
Another nitpick: The problem (as in "discrete-log problem") is rather to
recover $n$ from $x$ and $x^n$, isn't it? Recovering $x$ from $n$ and
$x^n$ would be called root-taking, IMO.
Fun,
Stephan
PS: My original post didn't make it through moderation because of
top-posting (sorry about that) and seeing that we're already in a
discussion where that post is being quoted, I'll refrain from reposting it.
More information about the cryptography
mailing list