52 Things: Number 34: Describe the Baby-Step/Giant-Step method for breaking DLPs
52 Things: Number 34: Describe the Baby-Step/Giant-Step method for breaking DLPs
52 Things: Number 34: Describe the Baby-Step/Giant-Step method for breaking DLPs
52件事:第34件:描述打破DLP的小步/大步方法
This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know' to do Cryptography: a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. In this blog, we discuss the Baby-Step/Giant-Step attack against DLPs.
这是一系列博客文章中的最新一篇,旨在解决“每个博士生都应该知道的52件事”做密码学:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。在这个博客中,我们讨论了针对DLP的小步/大步攻击。
Baby-Step/Giant-Step is an algorithm developed by Daniel Shanks that solves Discrete Logarithm Problem (DLP), of which its hardness founded many of our mordern security protocols.
小步/大步是Daniel Shanks开发的一种解决离散对数问题(DLP)的算法,其硬度建立了许多现代安全协议。
First, let's just briefly recall DLP.
首先,让我们简单回顾一下DLP。
Given a cyclic group G of order n, a generator g and an element of the group h, the DLP is to find x, such that
给定顺序为 n 的循环组 G 、生成器#2和组#3的元素,DLP将找到#4,使得
Now let's come back to Baby-Step/Giant-Step.
现在让我们回到小步/大步。
Since n is the group order, so we have 0≤x≤n. Therefore we can write x as
由于 n 是组顺序,所以我们有 0≤x≤n 。因此,我们可以将#2写为
where 0≤i,j≤n−−√. 其中 0≤i,j≤n−−√ 。
So the DLP equation can be rewritten as
因此DLP方程可以重写为
The problem is transformed into finding a pair of (i,j) that satisfies the new equation.
该问题被转化为找到一对满足新方程的 (i,j) 。
One way to do this is to precompute a table of {gi⌈n√⌉} over 0≤i≤n−−√ and g−1. For any given h, we iterate j for h(g−1)j until we find a match in our precomputed table, which essentially means
一种方法是预计算 0≤i≤n−−√ 和 g−1 上的 {gi⌈n√⌉} 表。对于任何给定的#3,我们对 h(g−1)j 迭代#4,直到在预计算的表中找到匹配项,这本质上意味着
Once a match is found, we can simply reconstruct x using
一旦找到匹配,我们可以简单地使用
The algorithem has both time and space complexity of O(n−−√). Fortunate for us, this is just not good enough to tear our cryptographic life apart.
该算法同时具有 O(n−−√) 的时间复杂度和空间复杂度。幸运的是,这还不足以撕裂我们的加密生活。
这是一系列博客文章中的最新一篇,旨在解决“每个博士生都应该知道的52件事”做密码学:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。在这个博客中,我们讨论了针对DLP的小步/大步攻击。
Baby-Step/Giant-Step is an algorithm developed by Daniel Shanks that solves Discrete Logarithm Problem (DLP), of which its hardness founded many of our mordern security protocols.
小步/大步是Daniel Shanks开发的一种解决离散对数问题(DLP)的算法,其硬度建立了许多现代安全协议。
First, let's just briefly recall DLP.
首先,让我们简单回顾一下DLP。
Given a cyclic group G of order n, a generator g and an element of the group h, the DLP is to find x, such that
给定顺序为 n 的循环组 G 、生成器#2和组#3的元素,DLP将找到#4,使得
h=gx
Now let's come back to Baby-Step/Giant-Step.
现在让我们回到小步/大步。
Since n is the group order, so we have 0≤x≤n. Therefore we can write x as
由于 n 是组顺序,所以我们有 0≤x≤n 。因此,我们可以将#2写为
x=i⌈n−−√⌉+j
where 0≤i,j≤n−−√. 其中 0≤i,j≤n−−√ 。
So the DLP equation can be rewritten as
因此DLP方程可以重写为
h=gi⌈n√⌉+jh(g−j)=gi⌈n√⌉
The problem is transformed into finding a pair of (i,j) that satisfies the new equation.
该问题被转化为找到一对满足新方程的 (i,j) 。
One way to do this is to precompute a table of {gi⌈n√⌉} over 0≤i≤n−−√ and g−1. For any given h, we iterate j for h(g−1)j until we find a match in our precomputed table, which essentially means
一种方法是预计算 0≤i≤n−−√ 和 g−1 上的 {gi⌈n√⌉} 表。对于任何给定的#3,我们对 h(g−1)j 迭代#4,直到在预计算的表中找到匹配项,这本质上意味着
gi⌈n√⌉=h(g−1)j=h(g−j)
Once a match is found, we can simply reconstruct x using
一旦找到匹配,我们可以简单地使用
x=i⌈n−−√⌉+j
The algorithem has both time and space complexity of O(n−−√). Fortunate for us, this is just not good enough to tear our cryptographic life apart.
该算法同时具有 O(n−−√) 的时间复杂度和空间复杂度。幸运的是,这还不足以撕裂我们的加密生活。
The Working Class Must Lead!
