Extended Hidden Number Problem and Its Cryptanalytic Applications

  • Martin Hlaváč
  • Tomáš Rosa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)


Since its formulation in 1996, the Hidden Number Problem (HNP) plays an important role in both cryptography and cryptanalysis. It has a strong connection with proving security of Diffie-Hellman and related schemes as well as breaking certain implementations of DSA-like signature schemes. We formulate an extended version of HNP (EHNP) and present a polynomial time algorithm for solving its instances. Our extension improves usability of HNP for solving real cryptanalytic problems significantly. The techniques elaborated here can be used for cryptographic strength proving, as well. We then present a practically feasible side channel attack on certain implementations of DSA (e.g. OpenSSL), which emphasizes the security risk caused by a side channel hidden in the design of Pentium 4 HTT processor for applications like SSH. During experimental simulations, having observed as few as 6 authentications to the server, an attacker was able to disclose the server’s private key.


side channel analysis cache analysis DSA implementation hyper-threading sliding window lattice 


  1. 1.
    Digital signature standard. National Institute of Standards and Technology, Washington (Note: Federal Information Processing Standard 186-2) (2000), URL:
  2. 2.
    Secure hash standard. National Institute of Standards and Technology, Washington (Note: Federal Information Processing Standard 180-2) (2002), URL:
  3. 3.
    Babai, L.: On Lovász’ lattice reduction and the nearest lattice point problem. In: Mehlhorn, K. (ed.) STACS 1985. LNCS, vol. 182, pp. 13–20. Springer, Heidelberg (1984)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Goldwasser, S., Micciancio, D.: ”Pseudo-Random” number generation within cryptographic algorithms: The DDS case. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 277–291. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Reading (2003)Google Scholar
  6. 6.
    Boneh, D., Halevi, S., Howgrave-Graham, N.: The modular inversion hidden number problem. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 36–51. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)Google Scholar
  8. 8.
    Frieze, A.M., Hastad, J., Kannan, R., Lagarias, J.C., Shamir, A.: Reconstructing truncated integer variables satisfying linear congruences. SIAM Journal of Computing 17(2), 262–280 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Groetschel, M., Lovász, L., Schrijver, A.: Geometric Algorithms and Combinatorial Optimization, 2nd edn. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  10. 10.
    Howgrave-Graham, N.-A., Smart, N.P.: Lattice attacks on digital signature schemes. Design, Codes and Cryptography 23, 283–290 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Intel Corporation. Intel(R) Pentium(R) 4 Processor supporting Hyper-Threading Technology. URL:
  12. 12.
    Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Ann. 261, 513–534 (1982)Google Scholar
  13. 13.
    Nguyen, P.Q.: The dark side of the hidden number problem: Lattice attacks on DSA. In: CCNT 1999. Proc. of the Workshop on Cryptography and Computational Number Theory, Basel, CH, pp. 321–330. Birkhäuser (2001)Google Scholar
  14. 14.
    Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptology 15(3), 151–176 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Nguyen, P.Q., Stehlé, D.: Floating-point LLL revisited. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Nguyen, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Percival, C.: Cache missing for fun and profit (2005), URL:
  19. 19.
    OpenBSD project members. OpenSSH Suite. URL:
  20. 20.
    Shoup, V.: NTL: A Library for doing Number Theory. URL:
  21. 21.
    Shparlinski, I., Winterhof, A.: A hidden number problem in small subgroups. Mathematics of Computation 74(252), 2073–2080 (2005)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Martin Hlaváč
    • 1
  • Tomáš Rosa
    • 1
    • 2
  1. 1.Department of Algebra, Charles University in Prague, Sokolovská 83, 186 75 Prague 8Czech Republic
  2. 2.eBanka, a.s., Václavské Náměstí 43, 110 00 Prague 1Czech Republic

Personalised recommendations