Abstract
We consider the following problem: Let s be a n-bit string with m ones and n – m zeros. Denote by C E t(s) the number of pairs, of equal bits which are within distance t apart, in the string s. What is the minimum value of C E t(·), when the minimum is taken over all n-bit strings which consists of m ones and n – m zeros?
We prove a (reasonably) tight lower bound for this combinatorial problem.
Implications, on the cryptographic security of the least significant bit of a message encrypted by the RSA scheme, follow. E.g. under the assumption that the RSA is unbreakable; there exist no probabilistic polynomial-time algorithm which guesses the least significant bit of a message (correctly) with probability at least 0.725, when given the encryption of the message using the RSA. This is the best result known concerning the security of RSA’s least significant bit.
Supported by a Waizmann Postdoctoral Fellowship
Chapter PDF
Similar content being viewed by others
Keywords
7. References
Ben-Or, M., Chor, B., and Shamir, A., “On the Cryptographic Security of Single RSA Bits”, 15th ACM Symp. on Theory of Computation, April 1983, pp. 421–430
Blum, M., and Micali, S., “How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits”, to appear in the SIAM Jour. on Computing
Chor, B., and Goldreich, O., “RSA least significant bits are \( \frac{1} {2} + \frac{1} {{poly(\log N)}}\) Secure, MIT/LCS/TM-260, May 1984
Diffie, W., and Hellman, M.E., “New Directions in Cryptography”, IEEE Trans. on Inform. Theory, Vol. IT-22, No. 6, November 1976, pp. 644–654
Goldreich, O., “On the Number of Close-and-Equal Pairs of Bits in a String (with Implications on the Security of RSA’s L.s.b.)”, MIT/LCS/TM-256, March 1984
Goldwasser, S., and Micali, S., “Probabilistic Encryption”, to appear in the JCSS special issue from the 14th STOC
Goldwasser, S., Micali, S., and Tong, P., “Why and How to Establish a Private Code on a Public Network”, Proc. of the 23rd IEEE Symp. on Foundation of Computer Science, November 1982, pp. 134–144
van Lint, J.H., Combinatorial Theory Seminar, Eindhoven University of Technology, Lecture Notes in Mathematics, Spring Verlag, 1974, pp. 90–91.
Rivest, R.L., Shamir, A., and Adleman, L., “A Method for Obtaining Digital Signature and Public Key Cryptosystems”, Comm. of the ACM, Vol.21, February 1978, pp. 120–126
Schnorr, C.P. and Alexi, W., “RSA Bits are 0.5 + ε Secure”, this proceedings
Vazirani, U.V., and Vazirani, V.V., “RSA’s l.s.b is.741 Secure”, presented in Crypto83, August 1983.
Vazirani, U.V., and Vazirani, V.V., “RSA Bits are.732 Secure”, preprint, November 1983.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1985 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Goldreich, O. (1985). On the Number of Close-and-Equal Pairs of Bits in a String (with Implications on the Security of RSA’s L.S.B) (Extended Abstract). In: Beth, T., Cot, N., Ingemarsson, I. (eds) Advances in Cryptology. EUROCRYPT 1984. Lecture Notes in Computer Science, vol 209. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39757-4_13
Download citation
DOI: https://doi.org/10.1007/3-540-39757-4_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-16076-2
Online ISBN: 978-3-540-39757-1
eBook Packages: Springer Book Archive