| Summary: | Approved for public release; distribution is unlimited === Internet protocols such as Secure Shell and Internet Protocol Security rely on the assumption that finding discrete logarithms is hard. The protocols specify fixed groups for Diffie-Hellman key exchange that must be supported. Although the protocols allow flexibility in the choice of group, it is highly likely that the specific groups required by the standards will be used in most cases. There are security implications to using a fixed group, because solving any discrete logarithm within a group is comparatively easier after a group-specific precomputation has been completed. In this work, we more accurately model real-world cryptographic applications with fixed groups. We use an analysis of algorithms to place an upper bound on the complexity of solving discrete logarithms given a group-specific precomputation.
|
|---|
