Two-Source Randomness Extractors for Elliptic Curves for Authenticated Key Exchange

  • Abdoul Aziz CissEmail author
  • Djiby Sow
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10194)


This paper studies the task of two-sources randomness extractors for elliptic curves defined over finite fields K, where K can be a prime or a binary field. In fact, we introduce new constructions of functions over elliptic curves which take in input two random points from two different subgroups. In other words, for a given elliptic curve E defined over a finite field \(\mathbb {F}_q\) and two random points \(P \in \mathcal {P}\) and \(Q\in \mathcal {Q}\), where \(\mathcal {P}\) and \(\mathcal {Q}\) are two subgroups of \(E(\mathbb {F}_q)\), our function extracts the least significant bits of the abscissa of the point \(P\oplus Q\) when q is a large prime, and the k-first \(\mathbb {F}_p\) coefficients of the abscissa of the point \(P\oplus Q\) when \(q = p^n\), where p is a prime greater than 5. We show that the extracted bits are close to uniform.

Our construction extends some interesting randomness extractors for elliptic curves, namely those defined in [7, 9, 10], when \(\mathcal {P} = \mathcal {Q}\). The proposed constructions can be used in any cryptographic schemes which require extraction of random bits from two sources over elliptic curves, namely in key exchange protocol, design of strong pseudo-random number generators, etc.


Elliptic curves Randomness extractor Key derivation Bilinear sums 



The authors acknowledge support from the Simons Foundation through the Pole of Research in Mathematics and their Applications to Information Security in Subsaharan Africa (PRMAIS) and the LIRIMA-MACISA project.


  1. 1.
    Ahmadi, O., Shparlinski, I.E.: Exponential Sums over Points of Elliptic Curves. arXiv preprint arXiv:1302.4210 (2013)
  2. 2.
    Ankney, R., Honson, D., Matyas, M.: The Unified Model. Contribution to X9F1, October 1995Google Scholar
  3. 3.
    ANSI X9.42, Agreement of Symmetric Algorithm Keys using Diffie-Hellman, Working draft, July 1998Google Scholar
  4. 4.
    ANSI X9.63, Elliptic Curve Key Agreement and Key Transport Protocols, Working draft, July 1998Google Scholar
  5. 5.
    Barker, E.B., Chen, L., Roginsky, A., Smid, M.E.: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, NIST Special Publication 800–56A Revision 2, May 2013Google Scholar
  6. 6.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998). doi: 10.1007/BFb0054851 CrossRefGoogle Scholar
  7. 7.
    Chevalier, C., Fouque, P.-A., Pointcheval, D., Zimmer, S.: Optimal randomness extraction from a Diffie-Hellman element. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 572–589. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Ciss, A.A.: Arithmétique et Extracteurs déterministes sur les courbes elliptiques. Thèse de doctorat unique (2012)Google Scholar
  9. 9.
    Ciss, A.A., Sow, D.: Randomness extraction in elliptic curves and secret key derivation at the end of Diffie-Hellman protocol. Int. J. Appl. Cryptol. 2(4), 360–365 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Ciss, A.A., Sow, D.: On randomness extraction in elliptic curves. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 290–297. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Farashahi, R.R., Pellikaan, R.: The quadratic extension extractor for (hyper)elliptic curves in odd characteristic. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 219–236. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Farashahi, R.R., Sidorenko, A., Pellikaan, R.: Extractors for binary elliptic curves. Des. Codes Crypt. 94, 171–186 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Gürel, N.: Extracting bits from coordinates of a point of an elliptic curve, Cryptology ePrint Archive, Report 2005/324 (2005).
  16. 16.
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    IEEE P1363, Standard specification for public key cryptography, Working draft, July 1998Google Scholar
  18. 18.
    Koblitz, N.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Kohel, D.R., Shparlinski, I.E.: On exponential sums and group generators for elliptic curves over finite fields. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 395–404. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Shaltiel, R.: An introduction to randomness extractors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6756, pp. 21–41. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Trevisan, L.: Extractors and pseudorandom generators. J. ACM 48(4), 860–879 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Winterhof, A.: Incomplete additive character sums and applications. In: Jungnickel, D., Niederreiter, H. (eds.) Finite Fields and Applications, pp. 462–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Laboratoire de Traitement de l’Information et Systèmes IntelligentsÉcole Polytechnique de ThièsThièsSenegal
  2. 2.Département de Mathématiques et InformatiqueUniversité Cheikh Anta Diop de DakarDakarSenegal

Personalised recommendations