On the complexity of the discrete logarithm and Diffie-Hellman problems

The discrete logarithm problem plays a central role in cryptographic protocols and computational number theory. To establish the exact complexity, not only of the discrete logarithm problem but also of its relatives, the Diffie-Hellman (DH) problem and the decision DH problem, is of some importance. These problems can be set in a variety of groups, and in some of these they can assume different characteristics. This work considers the bit complexity of the DH and the decision DH problems. It was previously shown by Boneh and Venkatesan that it is as hard to compute O(rootn) of the most significant bits of the DH function, as it is to compute the whole function, implying that if the DH function is difficult then so is computing this number of bits of it. The main result of this paper is to show that if the decision DH problem is hard then computing the two most significant bits of the DH function is hard. To place the result in perspective a brief overview of relevant recent advances on related problems is given. (C) 2003 Elsevier Inc. All rights reserved.