Abstract
We generalize and extend results obtained by Boneh and Venkatesan in 1996 and by González Vasco and Shparlinski in 2000 on the hardness of computing bits of the Diffie-Hellman key, given the public values. Specifically, while these results could only exclude (essentially) error-free predictions, we here exclude any non-negligible advantage, though for larger fractions of the bits. We can also demonstrate a trade-off between the tolerated error rate and the number of unpredictable bits.
Moreover, by changing computational model, we show that even a very small proportion of the most significant bits of the Diffie–Hellman secret key cannot be retrieved from the public information by means of a Las Vegas type algorithm, unless the corresponding scheme is weak itself.
Chapter PDF
Similar content being viewed by others
Keywords
- Lattice Vector
- Random Oracle
- Probabilistic Polynomial Time
- Multiplicative Order
- Elliptic Curve Digital Signature Algorithm
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: Proc. 33rd ACM Symp. on Theory of Comput., pp. 601–610. ACM, New York (2001)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–46. Springer, Heidelberg (1998)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proc. 1st ACM Computer and Communication Security 1993, pp. 62–73. ACM Press, New York (1993)
Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comp. 13, 850–864 (1984)
Boneh, D., Shparlinski, I.E.: On the unpredictability of bits of the elliptic curve Diffie–Hellman scheme. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 201–212. Springer, Heidelberg (2001)
Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie–Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)
Boneh, D., Venkatesan, R.: Rounding in lattices and its cryptographic applications. In: Proc. 8th Annual ACM-SIAM Symp. on Discr. Algorithms, pp. 675–681. ACM, New York (1997)
Bourgain, J., Konyagin, S.V.: Estimates for the number of sums and products and for exponential sums over subgroups in fields of prime order. Comptes Rendus Mathematique 337, 75–80 (2003)
Canetti, R., Goldreich, O., Halevi, S.: The random oracle model, revisited. In: Proc. 30th ACM Symp. on Theory of Comp., pp. 209–218. ACM, New York (1998)
Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)
El Mahassni, E., Nguyen, P.Q., Shparlinski, I.E.: The insecurity of Nyberg– Rueppel and other DSA-like signature schemes with partially known nonces. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 97–109. Springer, Heidelberg (2001)
Fischlin, R., Schnorr, C.P.: Stronger security proofs for RSA and Rabin bits. J. Cryptology 13, 221–244 (2000)
Goldreich, O., Levin, L.A.: A hard core predicate for any one way function. In: Proc. 21st ACM Symp. on Theory of Comput., pp. 25–32. ACM, New York (1989)
González Vasco, M.I., Näslund, M.: A survey of hard core functions. In: Proc. Workshop on Cryptography and Computational Number Theory, Singapore, pp. 227–256. Birkhäuser, Basel (2001)
González Vasco, M.I., Näslund, M., Shparlinski, I.E.: The hidden number problem in extension fields and its applications. In: Rajsbaum, S. (ed.) LATIN 2002. LNCS, vol. 2286, pp. 105–117. Springer, Heidelberg (2002)
González Vasco, M.I., Shparlinski, I.E.: On the security of Diffie–Hellman bits. In: Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, pp. 257–268. Birkhäuser, Basel (2001)
González Vasco, M.I., Shparlinski, I.E.: Security of the most significant bits of the Shamir message passing scheme. Math. Comp. 71, 333–342 (2002)
Grötschel, M., Lovász, L., Schrijver, A.: Geometric algorithms and combinatorial optimization. Springer, Berlin (1993)
Hast, G.: Nearly one-sided tests and the Goldreich-Levin predicate. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 195–210. Springer, Heidelberg (2003)
Håstad, J., Näslund, M.: The security of individual RSA and discrete log bits. J. of the ACM (to appear)
Heath-Brown, D.R., Konyagin, S.V.: New bounds for Gauss sums derived from kth powers, and for Heilbronn’s exponential sum. Ouart. J. Math. 51, 221–235 (2000)
Howgrave-Graham, N.A., Nguyen, P.Q., Shparlinski, I.E.: Hidden number problem with hidden multipliers, timed-release crypto and noisy exponentiation. Math. Comp. 72, 1473–1485 (2003)
Kannan, R.: Algorithmic geometry of numbers. Annual Review of Comp. Sci. 2, 231–267 (1987)
Kearns, M.J., Vazirani, U.V.: An introduction to computational learning theory. MIT Press, Cambridge (1994)
Konyagin, S.V., Shparlinski, I.: Character sums with exponential functions and their applications. Cambridge Univ. Press, Cambridge (1999)
Li, W.-C.W., Näslund, M., Shparlinski, I.E.: The hidden number problem with the trace and bit security of XTR and LUC. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 433–448. Springer, Heidelberg (2002)
Näslund, M., Shparlinski, I.E., Whyte, W.: On the bit security of NTRU. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 62–70. Springer, Heidelberg (2002)
Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptology 15, 151–176 (2002)
Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Designs, Codes and Cryptography 30, 201–217 (2003)
Nguyen, P.Q., Stern, J.: Lattice reduction in cryptology: An update. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 85–112. Springer, Heidelberg (2000)
Nguyen, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001)
Schnorr, C.P.: Security of almost all discrete log bits. Electronic Colloq. on Comp. Compl., Univ. of Trier, TR98-033, 1–13 (1998)
Shoup, V.: Lower bounds for discrete logarithms and related problems (Preprint), available from, http://www.shoup.net
Shparlinski, E.: Security of most significant bits of \(g^{{x^2}}\). Inform. Proc. Letters 83, 109–113 (2002)
Shparlinski, E.: Cryptographic applications of analytic number theory. Birkhauser, Basel (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
González Vasco, M.I., Näslund, M., Shparlinski, I.E. (2004). New Results on the Hardness of Diffie-Hellman Bits. In: Bao, F., Deng, R., Zhou, J. (eds) Public Key Cryptography – PKC 2004. PKC 2004. Lecture Notes in Computer Science, vol 2947. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24632-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-24632-9_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21018-4
Online ISBN: 978-3-540-24632-9
eBook Packages: Springer Book Archive