Which properties of a group are used in the steps of Diffie Hellman?
$begingroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
For example, Alice and Bob’s public keys appear to only use the closure property of a group and maybe identity (e.g. $k_{pubA}$ = $A^{k_{prA}}$ (mod p)?
When creating the shared key Alice and Bob appear to also use the associative property of a group $k_{AB}$ = $B^{k_{prA}}$ (mod p)?
So to perform both main steps of DHKE the multiplicative inverse property does not seem to be used at all?
diffie-hellman number-theory group-theory
asked 1 hour ago
JohnGaltJohnGalt
1575
$endgroup$
add a comment |
$begingroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
For example, Alice and Bob’s public keys appear to only use the closure property of a group and maybe identity (e.g. $k_{pubA}$ = $A^{k_{prA}}$ (mod p)?
When creating the shared key Alice and Bob appear to also use the associative property of a group $k_{AB}$ = $B^{k_{prA}}$ (mod p)?
So to perform both main steps of DHKE the multiplicative inverse property does not seem to be used at all?
diffie-hellman number-theory group-theory
asked 1 hour ago
JohnGaltJohnGalt
1575
$endgroup$
add a comment |
$begingroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
For example, Alice and Bob’s public keys appear to only use the closure property of a group and maybe identity (e.g. $k_{pubA}$ = $A^{k_{prA}}$ (mod p)?
When creating the shared key Alice and Bob appear to also use the associative property of a group $k_{AB}$ = $B^{k_{prA}}$ (mod p)?
So to perform both main steps of DHKE the multiplicative inverse property does not seem to be used at all?
diffie-hellman number-theory group-theory
asked 1 hour ago
JohnGaltJohnGalt
1575
$endgroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
For example, Alice and Bob’s public keys appear to only use the closure property of a group and maybe identity (e.g. $k_{pubA}$ = $A^{k_{prA}}$ (mod p)?
When creating the shared key Alice and Bob appear to also use the associative property of a group $k_{AB}$ = $B^{k_{prA}}$ (mod p)?
So to perform both main steps of DHKE the multiplicative inverse property does not seem to be used at all?
diffie-hellman number-theory group-theory
diffie-hellman number-theory group-theory
asked 1 hour ago
JohnGaltJohnGalt
1575
asked 1 hour ago
JohnGaltJohnGalt
1575
asked 1 hour ago
JohnGaltJohnGalt
1575
asked 1 hour ago
JohnGaltJohnGalt
1575
asked 1 hour ago
JohnGaltJohnGalt
1575
1575
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
Actually, you can implement a DH-style operation in any semigroup; you need closure, and you need associativity (so $A^3 = Atimes A times A = (A times A) times A = A times (A times A)$ is well defined), but other than that, you really don't need anything. You don't need an identity, you don't need the semigroup to be abelian (although the sub-semigroup generated by a single element will always be abelian), it doesn't have to be finite (although infinite semigroups would cause practical problems during implementation) and you don't need inverses (which, if you don't have an identity, aren't well-defined anyways).
We typically don't talk about doing DH in a semigroup mostly because (AFAIK) no one has found a semigroup (that's not also a group) that has any particular advantage over a true group.
Now, what's a more interesting (and considerably harder) question is "what properties do you need for DHKE to be secure?" We do have assumptions such as the CDH assumption ("given $g, g^a, g^b$, it's hard to compute $g^{ab}$), however we don't know what semigroup properties ensure that...
answered 1 hour ago
ponchoponcho
91.1k2142236
$endgroup$
$begingroup$
@fgrieu: thanks...
$endgroup$
– poncho
1 hour ago
$begingroup$
I appreciate the answer and am going to mark it as answered. Regarding, "what properties do you need for DHKE to be secure?" that was my intended question but that definitely wasn't clear. I'm glad, however, that they're two questions now, one with the minimum properties necessary for DHKE implementation (regardless of security) and this other question regarding the secure-ness are hardness I guess. Should I ask a separate question are could you expand on it here?
$endgroup$
– JohnGalt
51 mins ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66688%2fwhich-properties-of-a-group-are-used-in-the-steps-of-diffie-hellman%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
Actually, you can implement a DH-style operation in any semigroup; you need closure, and you need associativity (so $A^3 = Atimes A times A = (A times A) times A = A times (A times A)$ is well defined), but other than that, you really don't need anything. You don't need an identity, you don't need the semigroup to be abelian (although the sub-semigroup generated by a single element will always be abelian), it doesn't have to be finite (although infinite semigroups would cause practical problems during implementation) and you don't need inverses (which, if you don't have an identity, aren't well-defined anyways).
We typically don't talk about doing DH in a semigroup mostly because (AFAIK) no one has found a semigroup (that's not also a group) that has any particular advantage over a true group.
Now, what's a more interesting (and considerably harder) question is "what properties do you need for DHKE to be secure?" We do have assumptions such as the CDH assumption ("given $g, g^a, g^b$, it's hard to compute $g^{ab}$), however we don't know what semigroup properties ensure that...
answered 1 hour ago
ponchoponcho
91.1k2142236
$endgroup$
$begingroup$
@fgrieu: thanks...
$endgroup$
– poncho
1 hour ago
$begingroup$
I appreciate the answer and am going to mark it as answered. Regarding, "what properties do you need for DHKE to be secure?" that was my intended question but that definitely wasn't clear. I'm glad, however, that they're two questions now, one with the minimum properties necessary for DHKE implementation (regardless of security) and this other question regarding the secure-ness are hardness I guess. Should I ask a separate question are could you expand on it here?
$endgroup$
– JohnGalt
51 mins ago
add a comment |
$begingroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
Actually, you can implement a DH-style operation in any semigroup; you need closure, and you need associativity (so $A^3 = Atimes A times A = (A times A) times A = A times (A times A)$ is well defined), but other than that, you really don't need anything. You don't need an identity, you don't need the semigroup to be abelian (although the sub-semigroup generated by a single element will always be abelian), it doesn't have to be finite (although infinite semigroups would cause practical problems during implementation) and you don't need inverses (which, if you don't have an identity, aren't well-defined anyways).
We typically don't talk about doing DH in a semigroup mostly because (AFAIK) no one has found a semigroup (that's not also a group) that has any particular advantage over a true group.
Now, what's a more interesting (and considerably harder) question is "what properties do you need for DHKE to be secure?" We do have assumptions such as the CDH assumption ("given $g, g^a, g^b$, it's hard to compute $g^{ab}$), however we don't know what semigroup properties ensure that...
answered 1 hour ago
ponchoponcho
91.1k2142236
$endgroup$
$begingroup$
@fgrieu: thanks...
$endgroup$
– poncho
1 hour ago
$begingroup$
I appreciate the answer and am going to mark it as answered. Regarding, "what properties do you need for DHKE to be secure?" that was my intended question but that definitely wasn't clear. I'm glad, however, that they're two questions now, one with the minimum properties necessary for DHKE implementation (regardless of security) and this other question regarding the secure-ness are hardness I guess. Should I ask a separate question are could you expand on it here?
$endgroup$
– JohnGalt
51 mins ago
add a comment |
$begingroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
Actually, you can implement a DH-style operation in any semigroup; you need closure, and you need associativity (so $A^3 = Atimes A times A = (A times A) times A = A times (A times A)$ is well defined), but other than that, you really don't need anything. You don't need an identity, you don't need the semigroup to be abelian (although the sub-semigroup generated by a single element will always be abelian), it doesn't have to be finite (although infinite semigroups would cause practical problems during implementation) and you don't need inverses (which, if you don't have an identity, aren't well-defined anyways).
We typically don't talk about doing DH in a semigroup mostly because (AFAIK) no one has found a semigroup (that's not also a group) that has any particular advantage over a true group.
Now, what's a more interesting (and considerably harder) question is "what properties do you need for DHKE to be secure?" We do have assumptions such as the CDH assumption ("given $g, g^a, g^b$, it's hard to compute $g^{ab}$), however we don't know what semigroup properties ensure that...
answered 1 hour ago
ponchoponcho
91.1k2142236
$endgroup$
I’m trying to understand which properties of a group are used in DHKE at each step.
Actually, you can implement a DH-style operation in any semigroup; you need closure, and you need associativity (so $A^3 = Atimes A times A = (A times A) times A = A times (A times A)$ is well defined), but other than that, you really don't need anything. You don't need an identity, you don't need the semigroup to be abelian (although the sub-semigroup generated by a single element will always be abelian), it doesn't have to be finite (although infinite semigroups would cause practical problems during implementation) and you don't need inverses (which, if you don't have an identity, aren't well-defined anyways).
We typically don't talk about doing DH in a semigroup mostly because (AFAIK) no one has found a semigroup (that's not also a group) that has any particular advantage over a true group.
Now, what's a more interesting (and considerably harder) question is "what properties do you need for DHKE to be secure?" We do have assumptions such as the CDH assumption ("given $g, g^a, g^b$, it's hard to compute $g^{ab}$), however we don't know what semigroup properties ensure that...
answered 1 hour ago
ponchoponcho
91.1k2142236
edited 1 hour ago
answered 1 hour ago
ponchoponcho
91.1k2142236
answered 1 hour ago
ponchoponcho
91.1k2142236
answered 1 hour ago
ponchoponcho
91.1k2142236
91.1k2142236
$begingroup$
@fgrieu: thanks...
$endgroup$
– poncho
1 hour ago
$begingroup$
I appreciate the answer and am going to mark it as answered. Regarding, "what properties do you need for DHKE to be secure?" that was my intended question but that definitely wasn't clear. I'm glad, however, that they're two questions now, one with the minimum properties necessary for DHKE implementation (regardless of security) and this other question regarding the secure-ness are hardness I guess. Should I ask a separate question are could you expand on it here?
$endgroup$
– JohnGalt
51 mins ago
add a comment |
$begingroup$
@fgrieu: thanks...
$endgroup$
– poncho
1 hour ago
$begingroup$
I appreciate the answer and am going to mark it as answered. Regarding, "what properties do you need for DHKE to be secure?" that was my intended question but that definitely wasn't clear. I'm glad, however, that they're two questions now, one with the minimum properties necessary for DHKE implementation (regardless of security) and this other question regarding the secure-ness are hardness I guess. Should I ask a separate question are could you expand on it here?
$endgroup$
– JohnGalt
51 mins ago
$begingroup$
@fgrieu: thanks...
$endgroup$
– poncho
1 hour ago
$begingroup$
@fgrieu: thanks...
$endgroup$
– poncho
1 hour ago
$begingroup$
I appreciate the answer and am going to mark it as answered. Regarding, "what properties do you need for DHKE to be secure?" that was my intended question but that definitely wasn't clear. I'm glad, however, that they're two questions now, one with the minimum properties necessary for DHKE implementation (regardless of security) and this other question regarding the secure-ness are hardness I guess. Should I ask a separate question are could you expand on it here?
$endgroup$
– JohnGalt
51 mins ago
$begingroup$
I appreciate the answer and am going to mark it as answered. Regarding, "what properties do you need for DHKE to be secure?" that was my intended question but that definitely wasn't clear. I'm glad, however, that they're two questions now, one with the minimum properties necessary for DHKE implementation (regardless of security) and this other question regarding the secure-ness are hardness I guess. Should I ask a separate question are could you expand on it here?
$endgroup$
– JohnGalt
51 mins ago
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66688%2fwhich-properties-of-a-group-are-used-in-the-steps-of-diffie-hellman%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
