You need to make sure it indeed generates a subgroup of appropriate size and that's about it, especially you should avoid the neutral element or other elements with small order. The generator of the subgroup of the group is actually fairly irrelevant. There isn't much to the exponents with diffie-hellman except that you want to avoid predictable exponents, because then the other party or an adversary could predict your exponent and calculate the shared secret from that. So what you want is a group where the DLP is assumed to be hard and for this you need to adapt the group or change parameters (like the prime or curve parameters).* The exponents Usually the group parameters are what needs to be adjusted over time the most due to computational advances and the advances in cryptanalysis of the discrete logarithm problem (DLP). This group may be $\mathbb Z_p^*$ or may be the points on your favorite elliptic curve usually. With Diffie-Hellman in its most general description, there are three different types of objects involved:ĭiffie-Hellman operates in a group.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |