since the public key is calculated as Y=(alpha^private-key)mod(chosen prime) and alpha is a primitive root of prime, when Y becomes public then private key can be calculated easily right? since there is a unique private key less than chosen prime that will satisfy the equation. I think I'm missing something here. Please help.
Asked
Active
Viewed 301 times
0
-
2Because that $x$ will be equal to $x \equiv t \pmod{chosen, prime}$. Simple math course. – kelalaka Sep 30 '20 at 20:59
-
Read the answer by poncho. – user5183360 Oct 02 '20 at 10:04
-
Yes sir! I read it don't worry. Look at your title again and my comment, too. dlog – kelalaka Oct 02 '20 at 10:52
1 Answers
2
since the public key is calculated as Y=(alpha^private-key)mod(chosen prime) and alpha is a primitive root of prime, when Y becomes public then private key can be calculated easily right?
One certainly hopes that it cannot be calculated easily, at least, for the 'chosen prime' that we pick.
since there is a unique private key less than chosen prime that will satisfy the equation.
There's a difference between showing that the equation has a solution, and demonstrating that solution. That the equation has a solution can be shown by relatively simple number theory; as for finding that solution, the best known algorithm [1] for solving it for unstructured [2] values of $p$ takes superpolynomial time, that is, it slows down (as larger values of $p$ are considered) faster than any polynomial. The largest unstructured $p$ for which there is a published solved random discrete log problem is circa 768 bits long; we currently use values of $p$ that are at least 2048 bits long (and sometimes longer).
BTW: we generally don't use values of $\alpha$ that is a primitive root; we prefer values that have a large prime order, as that leaks less data about the private value we picked.
[1]: on a conventional computer (such as what you are using to read this web site). There is a known algorithm that runs on a Quantum Computer which runs in polynomial time; however we currently don't have a Quantum Computer that's large enough and reliable enough to implement that algorithm).
[2]: it turns out to be an easily problem if $p-1$ doesn't have any large prime factors; we deliberately select the $p$ values we use in practice so that $p-1$ does have a large prime factor.
poncho
- 147,019
- 11
- 229
- 360
-
Thank You, i understood that though calculating the private key looks easy with small primes, it's unfeasible to calculate it for very large numbers. I hope i got it right. – user5183360 Oct 02 '20 at 10:03