New Results on the Hardness of Diffie-Hellman Bits
نویسندگان
چکیده
We generalize and extend results obtained by Boneh and Venkatesan in 1996 and by González Vasco and Shparlinski in 2000 on the hardness of computing bits of the Diffie-Hellman key, given the public values. Specifically, while these results could only exclude (essentially) error-free predictions, we here exclude any non-negligible advantage, though for larger fractions of the bits. We can also demonstrate a trade-off between the tolerated error rate and the number of unpredictable bits. Moreover, by changing computational model, we show that even a very small proportion of the most significant bits of the Diffie–Hellman secret key cannot be retrieved from the public information by means of a Las Vegas type algorithm, unless the corresponding scheme is weak itself.
منابع مشابه
A NEW PROTOCOL MODEL FOR VERIFICATION OF PAYMENT ORDER INFORMATION INTEGRITY IN ONLINE E-PAYMENT SYSTEM USING ELLIPTIC CURVE DIFFIE-HELLMAN KEY AGREEMENT PROTOCOL
Two parties that conduct a business transaction through the internet do not see each other personally nor do they exchange any document neither any money hand-to-hand currency. Electronic payment is a way by which the two parties transfer the money through the internet. Therefore integrity of payment and order information of online purchase is an important concern. With online purchase the cust...
متن کاملDiffie-Hellman type key exchange protocols based on isogenies
In this paper, we propose some Diffie-Hellman type key exchange protocols using isogenies of elliptic curves. The first method which uses the endomorphism ring of an ordinary elliptic curve $ E $, is a straightforward generalization of elliptic curve Diffie-Hellman key exchange. The method uses commutativity of the endomorphism ring $ End(E) $. Then using dual isogenies, we propose...
متن کاملHardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes
Abstract. In this paper we introduce very simple deterministic randomness extractors for Diffie-Hellman distributions. More specifically we show that the k most significant bits or the k least significant bits of a random element in a subgroup of Zp are indistinguishable from a random bit-string of the same length. This allows us to show that under the Decisional Diffie-Hellman assumption we ca...
متن کاملHardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes
We show that computing the most signi cant bits of the secret key in a Di e-Hellman keyexchange protocol from the public keys of the participants is as hard as computing the secret key itself. This is done by studying the following hidden number problem: Given an oracle O ; (x) that on input x computes the k most signi cant bits of g + mod p, nd ; mod p. We present many other applications of th...
متن کاملImproved Signcryption from q-Diffie-Hellman Problems
This paper proposes a new public key authenticated encryption (signcryption) scheme based on the hardness of q-Diffie-Hellman problems in Gap Diffie-Hellman groups. This new scheme is quite efficient: the signcryption operation has almost the same cost as an El Gamal encryption while the reverse operation only requires one pairing evaluation and three exponentiations. The scheme’s chosen-cipher...
متن کامل