{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T00:14:45Z","timestamp":1767917685200,"version":"3.49.0"},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"2-3","license":[{"start":{"date-parts":[[2000,3,1]],"date-time":"2000-03-01T00:00:00Z","timestamp":951868800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2000,3,1]],"date-time":"2000-03-01T00:00:00Z","timestamp":951868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Designs, Codes and Cryptography"],"published-print":{"date-parts":[[2000,3]]},"DOI":"10.1023\/a:1008302122286","type":"journal-article","created":{"date-parts":[[2002,12,22]],"date-time":"2002-12-22T09:41:38Z","timestamp":1040550098000},"page":"147-171","source":"Crossref","is-referenced-by-count":76,"title":["The Diffie\u2013Hellman Protocol"],"prefix":"10.1007","volume":"19","author":[{"given":"Ueli M.","family":"Maurer","sequence":"first","affiliation":[]},{"given":"Stefan","family":"Wolf","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"253938_CR1","doi-asserted-by":"crossref","unstructured":"L. M. Adleman and M. A. Huang, Primality testing and abelian varieties over finite fields, Lecture Notes in Mathematics, Vol. 1512, Springer-Verlag (1992).","DOI":"10.1007\/BFb0090185"},{"key":"253938_CR2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/BF02579403","volume":"6","author":"L. Babai","year":"1986","unstructured":"L. Babai, On Lovasz' lattice reduction and the nearest lattice point problem, Combinatorica, Vol. 6 (1986) pp. 1\u201313.","journal-title":"Combinatorica"},{"key":"253938_CR3","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1090\/S0025-5718-1989-0947467-1","volume":"52","author":"E. Bach","year":"1989","unstructured":"E. Bach and J. Shallit, Factoring with cyclotomic polynomials, Math. Comp., Vol. 52 (1989) pp. 201\u2013219.","journal-title":"Math. Comp."},{"key":"253938_CR4","unstructured":"D. Boneh, Studies in computational number theory with applications to cryptography, Ph. D. Thesis, Princeton Univ. (Nov. 1996)."},{"key":"253938_CR5","doi-asserted-by":"crossref","unstructured":"D. Boneh and R. J. Lipton, Algorithms for black-box fields and their application to cryptography, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 283\u2013297.","DOI":"10.1007\/3-540-68697-5_22"},{"key":"253938_CR6","doi-asserted-by":"crossref","unstructured":"D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 129\u2013142.","DOI":"10.1007\/3-540-68697-5_11"},{"key":"253938_CR7","series-title":"Tech. Rep. CSR9323","volume-title":"An efficient off-line electronic cash system based on the representation problem","author":"S. Brands","year":"1993","unstructured":"S. Brands, An efficient off-line electronic cash system based on the representation problem, Tech. Rep. CSR9323, CWI, Amsterdam (1993)."},{"key":"253938_CR8","doi-asserted-by":"crossref","unstructured":"J. Buchmann and V. M\u00fcller, Computing the number of points of elliptic curves over finite fields, Proc. ISSAC '91, ACM Press (1991) pp. 179\u2013182.","DOI":"10.1145\/120694.120718"},{"issue":"2","key":"253938_CR9","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1007\/BF02351719","volume":"1","author":"J. Buchmann","year":"1988","unstructured":"J. Buchmann and H. C. Williams, A key-exchange system based on imaginary quadratic fields, Journal of Cryptology, Vol. 1, No. 2 (1988) pp. 107\u2013118.","journal-title":"Journal of Cryptology"},{"key":"253938_CR10","doi-asserted-by":"crossref","unstructured":"R. Canetti, Towards realizing random oracles: hash functions that hide all partial information, Advances in Cryptology-CRYPTO '97, Lecture Notes in Computer Science, Springer-Verlag, 1294 (1997) pp. 455\u2013469.","DOI":"10.1007\/BFb0052255"},{"key":"253938_CR11","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/0022-314X(83)90002-1","volume":"17","author":"E. R. Canfield","year":"1983","unstructured":"E. R. Canfield, P. Erd\u00f6s, and C. Pomerance, On a problem of Oppenheim concerning \"Factorisatio Numerorum\", J. Number Theory, Vol. 17, (1983) pp. 1\u201328.","journal-title":"J. Number Theory"},{"issue":"177","key":"253938_CR12","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1090\/S0025-5718-1987-0866101-0","volume":"48","author":"D. G. Cantor","year":"1987","unstructured":"D. G. Cantor, Computing in the Jacobian of a hyperelliptic curve, Math. Comp., Vol. 48, No. 177 (1987) pp. 95\u2013101.","journal-title":"Math. Comp."},{"key":"253938_CR13","doi-asserted-by":"crossref","unstructured":"M. A. Cherepnev, On the connection between discrete logarithms and the Diffie-Hellman problem, Discrete Math. Appl. (1996).","DOI":"10.1515\/dma.1996.6.4.341"},{"key":"253938_CR14","unstructured":"D. Coppersmith and I. Shparlinsky, On polynomial approximation and the parallel complexity of the discrete logarithm problem and breaking the Diffie-Hellman cryptosystem, preprint (Nov. 1996)."},{"key":"253938_CR15","doi-asserted-by":"crossref","unstructured":"B. den Boer, Diffie-Hellman is as strong as discrete log for certain primes, Advances in Cryptology-CRYPTO '88, Lecture Notes in Computer Science, Springer-Verlag, 403 (1989) pp. 530\u2013539.","DOI":"10.1007\/0-387-34799-2_38"},{"issue":"6","key":"253938_CR16","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"22","author":"W. Diffie","year":"1976","unstructured":"W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, Vol. 22, No. 6 (1976) pp. 644\u2013654.","journal-title":"IEEE Transactions on Information Theory"},{"issue":"4","key":"253938_CR17","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1109\/TIT.1985.1057074","volume":"31","author":"T. El-Gamal","year":"1985","unstructured":"T. El-Gamal, A public key cryptosystem and a signature scheme based on the discrete logarithm, IEEE Transactions on Information Theory, Vol. 31, No. 4 (1985) pp. 469\u2013472.","journal-title":"IEEE Transactions on Information Theory"},{"key":"253938_CR18","unstructured":"W. Feller, An Introduction to Probability Theory and Its Applications, John Wiley & Sons (1968)."},{"key":"253938_CR19","doi-asserted-by":"crossref","unstructured":"K. O. Geddes, S. R. Czapor, and G. Labhan, Algorithms for Computer Algebra, Kluwer Academic Publisher (1992).","DOI":"10.1007\/b102438"},{"key":"253938_CR20","doi-asserted-by":"crossref","unstructured":"S. Goldwasser and J. Kilian, Almost all primes can be quickly certified, Proc. of the 18th Annual ACM Symposium on the Theory of Computing (1986) pp. 316\u2013329.","DOI":"10.1145\/12130.12162"},{"key":"253938_CR21","volume-title":"An Introduction to the Theory of Numbers","author":"G. H. Hardy","year":"1979","unstructured":"G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers, University Press, Oxford (1979)."},{"key":"253938_CR22","doi-asserted-by":"crossref","unstructured":"K. Ireland and M. Rosen, A Classical Introduction to Modern Number Theory, Springer-Verlag (1982).","DOI":"10.1007\/978-1-4757-1779-2"},{"key":"253938_CR23","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1007\/BF02252872","volume":"1","author":"N. Koblitz","year":"1989","unstructured":"N. Koblitz, Hyperelliptic cryptosystems, Journal of Cryptology, Vol. 1 (1989) pp. 139\u2013150.","journal-title":"Journal of Cryptology"},{"key":"253938_CR24","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1090\/S0025-5718-1987-0866109-5","volume":"48","author":"N. Koblitz","year":"1987","unstructured":"N. Koblitz, Elliptic curve cryptosystems, Math. Comp., Vol. 48 (1987) pp. 203\u2013209.","journal-title":"Math. Comp."},{"key":"253938_CR25","unstructured":"S. Lang, Algebra, Addison-Wesley Publ. Comp. (1984)."},{"key":"253938_CR26","doi-asserted-by":"crossref","unstructured":"G.-J. Lay and H. G. Zimmer, Constructing elliptic curves with given group order over large finite fields, Proc. of ANTS-I, Lecture Notes in Computer Science, Springer-Verlag, 877 (1994) pp. 250\u2013263.","DOI":"10.1007\/3-540-58691-1_64"},{"issue":"1676","key":"253938_CR27","first-page":"397","volume":"345","author":"H. W. Lenstra Jr.","year":"1993","unstructured":"H. W. Lenstra, Jr., J. Pila, and C. Pomerance, A hyperelliptic smoothness test. I, Philosophical Transactions of the Royal Society, Series A, Vol. 345, No. 1676, London (1993) pp. 397\u2013408.","journal-title":"Philosophical Transactions of the Royal Society, Series A"},{"key":"253938_CR28","doi-asserted-by":"crossref","first-page":"649","DOI":"10.2307\/1971363","volume":"126","author":"H. W. Lenstra Jr.","year":"1987","unstructured":"H. W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Mathematics, Vol. 126 (1987) pp. 649\u2013673.","journal-title":"Annals of Mathematics"},{"key":"253938_CR29","doi-asserted-by":"crossref","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"A. Lenstra","year":"1982","unstructured":"A. Lenstra, H. W. Lenstra, Jr., and L. Lovasz, Factoring polynomials with rational coefficients, Mathematische Annalen, Vol. 261 (1982) pp. 515\u2013534.","journal-title":"Mathematische Annalen"},{"key":"253938_CR30","unstructured":"R. Lidl and H. Niederreiter, Introduction to Finite Fields and Their Application, Cambridge University Press (1986)."},{"key":"253938_CR31","unstructured":"J. L. Massey, Advanced Technology Seminars Short Course Notes, Z\u00fcrich (1993) pp. 6.66\u20136.68."},{"key":"253938_CR32","doi-asserted-by":"crossref","unstructured":"U. M. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, Advances in Cryptology-CRYPTO '94, Lecture Notes in Computer Science, Springer-Verlag, 839 (1994) pp. 271\u2013281.","DOI":"10.1007\/3-540-48658-5_26"},{"issue":"5","key":"253938_CR33","doi-asserted-by":"crossref","first-page":"1689","DOI":"10.1137\/S0097539796302749","volume":"28","author":"U. M. Maurer","year":"1999","unstructured":"U. M. Maurer and S. Wolf, The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms, SIAM Journal on Computing, Vol. 28, No. 5 (1999) pp. 1689\u20131721.","journal-title":"SIAM Journal on Computing"},{"key":"253938_CR34","doi-asserted-by":"crossref","unstructured":"U. M. Maurer and S. Wolf, Diffie-Hellman, decision Diffie-Hellman, and discrete logarithms, Proc. of the 1998 IEEE Symp. on Information Theory, Cambridge, U.S.A. (1998) p. 327.","DOI":"10.1109\/ISIT.1998.708932"},{"key":"253938_CR35","doi-asserted-by":"crossref","unstructured":"U. M. Maurer and S. Wolf, Lower bounds on generic algorithms in groups, Proceedings of EUROCRYPT '98, Lecture Notes in Computer Science, Springer-Verlag, 1403 (1998) pp. 72\u201384.","DOI":"10.1007\/BFb0054118"},{"key":"253938_CR36","doi-asserted-by":"crossref","unstructured":"U. M. Maurer and S. Wolf, Diffie-Hellman oracles, Advances in Cryptology-CRYPTO '96, Lecture Notes in Computer Science, Springer-Verlag, 1109 (1996) pp. 268\u2013282.","DOI":"10.1007\/3-540-68697-5_21"},{"key":"253938_CR37","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1023\/A:1027332606155","volume":"9","author":"U. M. Maurer","year":"1996","unstructured":"U. M. Maurer and Y. Yacobi, Non-interactive public-key cryptography, Designs, Codes, and Cryptography, Vol. 9 (1996) pp. 305\u2013316.","journal-title":"Designs, Codes, and Cryptography"},{"issue":"2","key":"253938_CR38","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1007\/BF02351718","volume":"1","author":"K. S. McCurley","year":"1988","unstructured":"K. S. McCurley, A key distribution system equivalent to factoring, Journal of Cryptology, Vol. 1, No. 2 (1988) pp. 95\u2013105.","journal-title":"Journal of Cryptology"},{"key":"253938_CR39","doi-asserted-by":"crossref","unstructured":"K. S. McCurley, The discrete logarithm problem, Cryptology and Computational Number Theory (C. Pomerance, ed.), Proc. of Symp. in Applied Math., American Mathematical Society, 42 (1990) pp. 49\u201374.","DOI":"10.1090\/psapm\/042\/1095551"},{"key":"253938_CR40","doi-asserted-by":"crossref","first-page":"1639","DOI":"10.1109\/18.259647","volume":"39","author":"A. J. Menezes","year":"1993","unstructured":"A. J. Menezes, T. Okamoto, and S. A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, Vol. 39 (1993) pp. 1639\u20131646.","journal-title":"IEEE Transactions on Information Theory"},{"key":"253938_CR41","unstructured":"A. J. Menezes (Ed.), Applications of Finite Fields, Kluwer Academic Publishers (1992)."},{"key":"253938_CR42","doi-asserted-by":"crossref","unstructured":"A. J. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers (1993).","DOI":"10.1007\/978-1-4615-3198-2"},{"key":"253938_CR43","doi-asserted-by":"crossref","unstructured":"V. Miller, Uses of elliptic curves in cryptography, Advances in Cryptology-CRYPTO '85, Lecture Notes in Computer Science, Springer-Verlag, 218 (1986) pp. 417\u2013426.","DOI":"10.1007\/3-540-39799-X_31"},{"key":"253938_CR44","unstructured":"M. Naor and O. Reingold, Number-theoretic constructions of efficient pseudo-random functions, preliminary version (1997)."},{"key":"253938_CR45","doi-asserted-by":"crossref","unstructured":"P. C. van Oorschot and M. Wiener, On Diffie-Hellman key agreement with short exponents, Advances in Cryptology-EUROCRYPT '96, Lecture Notes in Computer Science, Springer-Verlag, 1070 (1996) pp. 332\u2013343.","DOI":"10.1007\/3-540-68339-9_29"},{"issue":"6","key":"253938_CR46","doi-asserted-by":"crossref","first-page":"846","DOI":"10.1109\/TIT.1986.1057236","volume":"32","author":"R. Peralta","year":"1986","unstructured":"R. Peralta, A simple and fast probabilistic algorithm for computing square roots modulo a prime number, IEEE Transactions on Information Theory, Vol. 32, No. 6 (1986) pp. 846\u2013847.","journal-title":"IEEE Transactions on Information Theory"},{"issue":"1","key":"253938_CR47","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1109\/TIT.1978.1055817","volume":"24","author":"S. C. Pohlig","year":"1978","unstructured":"S. C. Pohlig and M. E. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance, IEEE Transactions on Information Theory, Vol. 24, No. 1 (1978) pp. 106\u2013110.","journal-title":"IEEE Transactions on Information Theory"},{"key":"253938_CR48","first-page":"918","volume":"32","author":"J. M. Pollard","year":"1978","unstructured":"J. M. Pollard, Monte-Carlo methods for index computation mod p, Math. Comp., Vol. 32 (1978) pp. 918\u2013924.","journal-title":"Math. Comp."},{"key":"253938_CR49","doi-asserted-by":"crossref","first-page":"521","DOI":"10.1017\/S0305004100049252","volume":"76","author":"J. M. Pollard","year":"1974","unstructured":"J. M. Pollard, Theorems on factorization and primality testing, Proceedings of the Cambridge Philosophical Society, Vol. 76 (1974) pp. 521\u2013528.","journal-title":"Proceedings of the Cambridge Philosophical Society"},{"issue":"2","key":"253938_CR50","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R. L. Rivest","year":"1978","unstructured":"R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, Vol. 21, No. 2 (1978) pp. 120\u2013126.","journal-title":"Communications of the ACM"},{"key":"253938_CR51","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1090\/S0025-5718-1987-0890272-3","volume":"49","author":"H. R\u00fcck","year":"1987","unstructured":"H. R\u00fcck, A note on elliptic curves over finite fields, Math. Comp., Vol. 49 (1987) pp. 301\u2013304.","journal-title":"Math. Comp."},{"key":"253938_CR52","doi-asserted-by":"crossref","unstructured":"K. Sakrai and H. Shizuya, Relationships among the computational powers of breaking discrete log cryptosystems, Advances in Cryptology-EUROCRYPT '95, Lecture Notes in Computer Science, Springer-Verlag, 921 (1995) pp. 341\u2013355.","DOI":"10.1007\/3-540-49264-X_28"},{"key":"253938_CR53","doi-asserted-by":"crossref","unstructured":"C. P. Schnorr, Efficient identification and signatures for smart cards, Advances in Cryptology-CRYPTO '89, Lecture Notes in Computer Science, Springer-Verlag, 435 (1990) pp. 239\u2013252.","DOI":"10.1007\/0-387-34805-0_22"},{"issue":"170","key":"253938_CR54","first-page":"483","volume":"44","author":"R. Schoof","year":"1985","unstructured":"R. Schoof, Elliptic curves over finite fields and the computation of square roots mod p, Math. Comp., Vol. 44, No. 170 (1985) pp. 483\u2013494.","journal-title":"Math. Comp."},{"key":"253938_CR55","doi-asserted-by":"crossref","unstructured":"V. Shoup, Lower bounds for discrete logarithms and related problems, Advances in Cryptology-EUROCRYPT '97, Lecture Notes in Computer Science, Springer-Verlag, 1233 (1997) pp. 256\u2013266.","DOI":"10.1007\/3-540-69053-0_18"},{"key":"253938_CR56","doi-asserted-by":"crossref","unstructured":"I. E. Shparlinsky, Computational Problems in Finite Fields, Kluwer Academic Publishers (1992).","DOI":"10.1007\/978-94-011-1806-4"},{"key":"253938_CR57","doi-asserted-by":"crossref","unstructured":"S. A. Vanstone and R. J. Zuccherato, Elliptic curve cryptosystems using curves of smooth order over the ring Z\nn, IEEE Transactions on Information Theory (1997).","DOI":"10.1109\/18.605586"},{"key":"253938_CR58","doi-asserted-by":"crossref","unstructured":"C. P. Waldvogel and J. L. Massey, The probability distribution of the Diffie-Hellman key, Advances in Cryptology-AUSCRYPT '92, Lecture Notes in Computer Science, Springer-Verlag, 718 (1993) pp. 492\u2013504.","DOI":"10.1007\/3-540-57220-1_87"},{"key":"253938_CR59","unstructured":"S. Wolf, Information-theoretically and computationally secure key agreement in cryptography, ETH dissertation No. 13138, Swiss Federal Institute of Technology (ETH Zurich), May 1999."},{"key":"253938_CR60","unstructured":"S. Wolf, Diffie-Hellman and discrete logarithms, Diploma Thesis, Department of Computer Science, ETH Z\u00fcrich (March 1995)."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1023\/A:1008302122286.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1023\/A:1008302122286\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1023\/A:1008302122286.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,29]],"date-time":"2025-07-29T03:49:33Z","timestamp":1753760973000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1023\/A:1008302122286"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2000,3]]},"references-count":60,"journal-issue":{"issue":"2-3","published-print":{"date-parts":[[2000,3]]}},"alternative-id":["253938"],"URL":"https:\/\/doi.org\/10.1023\/a:1008302122286","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2000,3]]}}}