Hidden number problem with hidden multipliers, timed-release crypto, and noisy exponentiation

We consider a generalisation of the hidden number problem recently introduced by Boneh and Venkatesan. The initial problem can be stated as follows: recover a number a ∈ Fp such that for many known random t ∈ Fp approximations to the values of batcp are known. Here we study a version of the problem where the “multipliers” t are not known but rather certain approximations to them are given. We present a probabilistic polynomial time solution when the error is small enough, and we show that the problem cannot be solved if the error is sufficiently large. We apply the result to the bit security of “timed-release crypto” introduced by Rivest, Shamir and Wagner, to noisy exponentiation black-boxes and to the bit security of the “inverse” exponentiation. We also show that it implies a certain bit security result for Weil pairing on elliptic curves.