Computational Diffie–Hellman assumption
The computational Diffie–Hellman (CDH assumption) is the assumption that a certain computational problem within a cyclic group is hard.
Consider a cyclic group G of order q. The CDH assumption states that, given
for a randomly chosen generator g and random
it is computationally intractable to compute the value
The security of many cryptosystems is based on the CDH assumption. Also, the confidentiality of ElGamal encryption is equivalent to the CDH assumption (though the semantic security of the scheme is based on the decisional Diffie–Hellman assumption).
The CDH assumption is related to the discrete logarithm assumption, which holds that computing the discrete logarithm of a value base a generator  is hard. If taking discrete logs in
 is hard. If taking discrete logs in  were easy, then the CDH assumption would be false: given
 were easy, then the CDH assumption would be false: given 
one could efficiently compute  in the following way:
 in the following way:
-  compute  by taking the discrete log of by taking the discrete log of to base to base ; ;
-  compute  by exponentiation: by exponentiation: ; ;
It is an open problem to determine whether the discrete log assumption is equivalent to CDH, though in certain special cases this can be shown to be the case.
The CDH assumption is also related to the decisional Diffie–Hellman assumption (DDH), which holds that it is hard to distinguish tuples of the form  from random tuples.  If computing
 from random tuples.  If computing  from
 from  were easy, then one could detect DDH tuples trivially.  It is believed that CDH is a weaker assumption than DDH: there are groups for which detecting DDH tuples is easy, but solving CDH problems is believed to be hard.
 were easy, then one could detect DDH tuples trivially.  It is believed that CDH is a weaker assumption than DDH: there are groups for which detecting DDH tuples is easy, but solving CDH problems is believed to be hard.
See also
References
- Bao, Feng; Deng, Robert H.; Zhu, Huafei (2003), Variations of the Diffie–Hellman Problem (PDF)
- Maurer, Ueli M. (1994), Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms
 
 

