Diffie–Hellman problem

The Diffie–Hellman problem (DHP) is a mathematical problem first proposed by Whitfield Diffie and Martin Hellman in the context of cryptography. The motivation for this problem is that many security systems use mathematical operations that are fast to compute, but hard to reverse. For example, they enable encrypting a message, but reversing the encryption is difficult. If solving the DHP were easy, these systems would be easily broken.

The Diffie–Hellman problem is stated informally as follows:

Formally, g is a generator of some group (typically the multiplicative group of a finite field or an elliptic curve group) and x and y are randomly chosen integers.

For example, in the Diffie-Hellman key exchange, an eavesdropper observes g^x and g^y exchanged as part of the protocol, and the two parties both compute the shared key g^xy. A fast means of solving the DHP would allow an eavesdropper to violate the privacy of the Diffie-Hellman key exchange and many of its variants, including ElGamal encryption.

In cryptography, for certain groups, it is assumed that the DHP is hard, and this is often called the Diffie–Hellman assumption. The problem has survived scrutiny for a few decades and no "easy" solution has yet been publicized.

As of 2006, the most efficient means known to solve the DHP is to solve the discrete logarithm problem (DLP), which is to find x given g and g^x. In fact, significant progress (by den Boer, Maurer, Wolf, Boneh and Lipton) has been made towards showing that over many groups the DHP is almost as hard as the DLP. There is no proof to date that either the DHP or the DLP is a hard problem, except in generic groups (by Nechaev and Shoup).

...
Wikipedia