I am looking into implementing Pohlig-Hellman exponentiation cipher and I would like to know how secure that algorithm is? I am guessing it's security relates greatly to the prime number used in it. Does anyone have some reference that might be helpful in determining the minimal prime number one should use in order to ensure the algorithm is safe enough for various applications?
Asked
Active
Viewed 1,922 times
6
1 Answers
10
You need a large random prime modulus where the discrete log is hard. Read about how to choose a prime so the discrete log is hard. Also, you want $p-1$ to have as few small factors as possible. Therefore, the short version is, I suggest you choose a large random 2048-bit prime $p$ such that $(p-1)/2$ is prime.
However, Pohlig-Hellman has some serious issues. It has very poor performance, compared to other symmetric-key ciphers. Also, it has no randomization, so it is not semantically-secure (it is not IND-CPA secure) in its standard form. I don't know of anyone who uses the Pohlig-Hellman cipher in practice, in its standard form; it is more of theoretical interest than practical interest.
What exactly do you want to do with the Pohlig-Hellman cipher? What exactly is your application? Why do you want to use the Pohlig-Hellman cipher? There might be better solutions.
D.W.
- 36,982
- 13
- 107
- 196