Talk:Decisional Diffie–Hellman assumption

140: 80: 53: 22: 434:

Good observation. It looks like the text was copied from page 2 of Boneh's paper, which clearly is wrong, since the multiplicative group modulo pq doesn't even contain a cyclic subgroup of order (p-1)(q-1). The group of quadratic residues has order (p-1)(q-1)/4 since any element has to be a quadratic

220:

I'm pretty sure there is an error in the section on groups in which DDH is supposed to hold. It mentions a cyclic group of order (p-1)(q-1), where p,q are safe primes which is (I think) supposed to refer to (Z/nZ)* where n=pq. However, if n=pq then (Z/nZ)* will be isomorphic to (Z/pZ)* x (Z/qZ)*

435:

residue modulo p and modulo q. Furthermore, one would also have to assume that the factorization of the modulus is unknown and hence also the group order. Thus I think it makes sense to remove the claim unless we can find reference that more clearly defines the assumption than Boneh's paper.

450: 436: 130: 221:

and we'll of course have a subgroup isomorphic to V_4. Would the author of this content please clarify? Likely what was intended was the index 4 subgroup of quadratic residues mod p and mod q.

387: 488: 285: 154: 419:

from 2007 by User:Blokhead and there are no references, so it is possible that there are other mistakes. I am not qualified to check the accuracy of this section. --

410: 493: 478: 325: 305: 120: 498: 483: 96: 473: 149: 63: 454: 440: 87: 58: 420: 424: 33: 458: 444: 428: 230: 214: 39: 226: 449:

I have to withdraw a claim I made above. I'm unsure if the factorization of the modulus can be known.

21: 222: 95:

on Knowledge. If you would like to participate, please visit the project page, where you can join

337: 243: 392: 310: 290: 467: 92: 328: 211: 139: 79: 52: 15: 138: 174:

Decisional Diffie-Hellman (DDH) assumption: Given primes

416: 395: 340: 313: 293: 246: 91:, a collaborative effort to improve the coverage of 404: 381: 319: 299: 279: 240:The article mentioned "The cyclic group of order 334:I corrected this to "The cyclic group of order 190:be a generator of $ \mathbb{Z}_p^*$ of order 8: 202:is computationally indistinguishable from 47: 489:High-importance Computer science articles 394: 371: 339: 312: 292: 245: 194:. Then for sufficiently large values of 451:2A02:1205:C6BB:6880:390A:2016:3538:E4FF 437:2A02:1205:C6BB:6880:390A:2016:3538:E4FF 49: 19: 494:WikiProject Computer science articles 479:High-importance Cryptography articles 7: 85:This article is within the scope of 38:It is of interest to the following 415:The whole section was added in a 105:Knowledge:WikiProject Cryptography 14: 499:WikiProject Cryptography articles 484:B-Class Computer science articles 108:Template:WikiProject Cryptography 78: 51: 20: 125:This article has been rated as 368: 356: 353: 341: 274: 262: 259: 247: 1: 474:B-Class Cryptography articles 389:of quadratic residues modulo 171:I find the following useful: 147:This article is supported by 99:and see a list of open tasks. 382:{\displaystyle (p-1)(q-1)/2} 231:00:04, 8 February 2010 (UTC) 215:15:24, 31 January 2007 (UTC) 150:WikiProject Computer science 515: 280:{\displaystyle (p-1)(q-1)} 459:14:44, 13 July 2013 (UTC) 445:14:30, 13 July 2013 (UTC) 429:09:29, 13 July 2013 (UTC) 146: 124: 73: 46: 421:Rowdyparks and sallyport 88:WikiProject Cryptography 406: 383: 321: 301: 281: 143: 28:This article is rated 407: 384: 322: 302: 282: 142: 111:Cryptography articles 393: 338: 311: 291: 244: 405:{\displaystyle pq} 402: 379: 317: 297: 277: 144: 34:content assessment 320:{\displaystyle q} 300:{\displaystyle p} 169: 168: 165: 164: 161: 160: 506: 411: 409: 408: 403: 388: 386: 385: 380: 375: 326: 324: 323: 318: 306: 304: 303: 298: 286: 284: 283: 278: 236:Incorrect claims 200:(g,g^a,g^b,b^ab) 131:importance scale 113: 112: 109: 106: 103: 82: 75: 74: 69: 66: 64:Computer science 55: 48: 31: 25: 24: 16: 514: 513: 509: 508: 507: 505: 504: 503: 464: 463: 391: 390: 336: 335: 309: 308: 289: 288: 242: 241: 238: 204:(g,g^a,g^b,b^c) 155:High-importance 127:High-importance 110: 107: 104: 101: 100: 68:High‑importance 67: 61: 32:on Knowledge's 29: 12: 11: 5: 512: 510: 502: 501: 496: 491: 486: 481: 476: 466: 465: 462: 461: 447: 401: 398: 378: 374: 370: 367: 364: 361: 358: 355: 352: 349: 346: 343: 316: 296: 276: 273: 270: 267: 264: 261: 258: 255: 252: 249: 237: 234: 219: 167: 166: 163: 162: 159: 158: 145: 135: 134: 123: 117: 116: 114: 97:the discussion 83: 71: 70: 56: 44: 43: 37: 26: 13: 10: 9: 6: 4: 3: 2: 511: 500: 497: 495: 492: 490: 487: 485: 482: 480: 477: 475: 472: 471: 469: 460: 456: 452: 448: 446: 442: 438: 433: 432: 431: 430: 426: 422: 418: 413: 399: 396: 376: 372: 365: 362: 359: 350: 347: 344: 332: 330: 314: 294: 271: 268: 265: 256: 253: 250: 235: 233: 232: 228: 224: 217: 216: 213: 209: 205: 201: 197: 193: 189: 185: 181: 177: 172: 156: 153:(assessed as 152: 151: 141: 137: 136: 132: 128: 122: 119: 118: 115: 98: 94: 90: 89: 84: 81: 77: 76: 72: 65: 60: 57: 54: 50: 45: 41: 35: 27: 23: 18: 17: 414: 333: 239: 218: 208:a,b,c \in_R 207: 203: 199: 195: 191: 187: 183: 179: 175: 173: 170: 148: 126: 102:Cryptography 93:Cryptography 86: 59:Cryptography 40:WikiProjects 417:single edit 329:safe primes 468:Categories 198:the tuple 178:such that 287:", where 182:divides 223:Wes1138 129:on the 30:B-class 206:where 186:. Let 36:scale. 212:Bah23 455:talk 441:talk 425:talk 327:are 307:and 227:talk 121:High 412:". 210:.-- 196:p,q 184:p-1 176:p,q 470:: 457:) 443:) 427:) 363:− 348:− 331:. 269:− 254:− 229:) 157:). 62:: 453:( 439:( 423:( 400:q 397:p 377:2 373:/ 369:) 366:1 360:q 357:( 354:) 351:1 345:p 342:( 315:q 295:p 275:) 272:1 266:q 263:( 260:) 257:1 251:p 248:( 225:( 192:q 188:g 180:q 133:. 42::

Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.

Index