Announcements:Announcements:1.1. Term project groups and topics formedTerm project groups and topics formed

2.2. HW6 due tomorrow.HW6 due tomorrow.

Questions? Questions?

This week:This week: Discrete Logs, Diffie-Hellman, ElGamalDiscrete Logs, Diffie-Hellman, ElGamal Hash FunctionsHash Functions

DTTF/NB479: DszquphsbqizDTTF/NB479: Dszquphsbqiz Day 25Day 25

Discrete LogsDiscrete Logs

)(Lx

Find x

We denote this as

Why is this hard?

Given )(mod px

Pollig-HellmanPollig-Hellman

Useful when (p-1) has only small prime Useful when (p-1) has only small prime factorsfactors

Did long derivationDid long derivation

Introduced problem 2Introduced problem 2xx=12 (mod 19)=12 (mod 19) Finish for Homework 6.Finish for Homework 6.

Baby Step, Giant StepBaby Step, Giant StepLike the meet-in-the-middle attack on Double-DESLike the meet-in-the-middle attack on Double-DES

Eve chooses Eve chooses , say , say

She makes 2 tables:She makes 2 tables:

and looks for a match. and looks for a match. Why should there be one? Write x in base N.Why should there be one? Write x in base N.

Requires ~p comparisons, Requires ~p comparisons, but only pbut only p1/21/2 exponentiations exponentiations and space. Works for medium-size primes.and space. Works for medium-size primes.

12 pN

Nkforp

NjforpNk

j

0)(mod

0)(mod

11 pN

Some things we won’t cover in Some things we won’t cover in class about Discrete Logsclass about Discrete Logs

7.2.3 Index Calculus: like sieve method of 7.2.3 Index Calculus: like sieve method of factoring primesfactoring primes The equation on p. 207 might help with some of The equation on p. 207 might help with some of

homework 7.homework 7.

Discrete logs mod 4 and bit commitmentDiscrete logs mod 4 and bit commitment We skip to make time for some applications of We skip to make time for some applications of

discrete logsdiscrete logs Although the football game prediction analogy is Although the football game prediction analogy is

interesting…interesting…

)1(mod)(

)(mod

ppLak

pp

ii

ai

k i