The computational Diffie–Hellman (CDH assumption) is the assumption that a certain computational problem within a cyclic group is hard.
Consider a cyclic group G of order q. The CDH assumption states that, given
for a randomly-chosen generator g and random
it is computationally intractable to compute the value
The security of many cryptosystems is based on the CDH assumption, including notably the Diffie–Hellman key agreement scheme. Also, the confidentiality of ElGamal encryption is equivalent to the CDH assumption (though the semantic security of the scheme is based on the decisional Diffie–Hellman assumption).
The CDH assumption is related to the discrete logarithm assumption, which holds that computing the discrete logarithm of a value base a generator is hard. If taking discrete logs in were easy, then the CDH assumption would be false: given
one could efficiently compute in the following way:
It is an open problem to determine whether the discrete log assumption is equivalent to CDH, though in certain special cases this can be shown to be the case.
The CDH assumption is also related to the decisional Diffie–Hellman assumption (DDH), which holds that it is hard to distinguish tuples of the form from random tuples. If computing from were easy, then one could detect DDH tuples trivially. It is believed that CDH is a weaker assumption than DDH: there are groups for which detecting DDH tuples is easy, but solving CDH problems is believed to be hard.