Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes
نویسندگان
چکیده
We show that computing the most signi cant bits of the secret key in a Di e-Hellman keyexchange protocol from the public keys of the participants is as hard as computing the secret key itself. This is done by studying the following hidden number problem: Given an oracle O ; (x) that on input x computes the k most signi cant bits of g + mod p, nd ; mod p. We present many other applications of this problem including: (1) MSB's in El-Gamal encryptions, Shamir Message passing scheme etc. are hard to compute. (2) Factoring with hints. Our results lead us to suggest a new variant of Di e-Hellman key exchange, for which we prove the most signi cant bit is hard to compute.
منابع مشابه
Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes
Abstract. In this paper we introduce very simple deterministic randomness extractors for Diffie-Hellman distributions. More specifically we show that the k most significant bits or the k least significant bits of a random element in a subgroup of Zp are indistinguishable from a random bit-string of the same length. This allows us to show that under the Decisional Diffie-Hellman assumption we ca...
متن کاملNew Results on the Hardness of Diffie-Hellman Bits
We generalize and extend results obtained by Boneh and Venkatesan in 1996 and by González Vasco and Shparlinski in 2000 on the hardness of computing bits of the Diffie-Hellman key, given the public values. Specifically, while these results could only exclude (essentially) error-free predictions, we here exclude any non-negligible advantage, though for larger fractions of the bits. We can also d...
متن کاملBits Security of the Elliptic Curve Diffie-Hellman Secret Keys
We show that the least significant bits (LSB) of the elliptic curve Diffie–Hellman secret keys are hardcore. More precisely, we prove that if one can efficiently predict the LSB with non-negligible advantage on a polynomial fraction of all the curves defined over a given finite field Fp, then with polynomial factor overhead, one can compute the entire Diffie–Hellman secret on a polynomial fract...
متن کاملThreshold Password-based Authenticated Key Exchange using Matrix
Authentication protocols rely on the possession of keys by the parties to be authenticated. For security, keys must be chosen randomly and have to have a long length from 100 bits to thousands of bits. But such keys are difficult to memorize for humans. Password-based authenticated key exchange protocols offer an efficient method to achieve an authentication and a secure communication between t...
متن کاملOn the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme
Let E/Fp be an elliptic curve, and G ∈ E/Fp. Define the Diffie–Hellman function as DHE,G(aG, bG) = abG. We show that if there is an efficient algorithm for predicting the LSB of the x or y coordinate of abG given 〈E, G, aG, bG〉 for a certain family of elliptic curves, then there is an algorithm for computing the Diffie–Hellman function on all curves in this family. This seems stronger than the ...
متن کامل