On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme
نویسندگان
چکیده
Let E/Fp be an elliptic curve, and G ∈ E/Fp. Define the Diffie–Hellman function as DHE,G(aG, bG) = abG. We show that if there is an efficient algorithm for predicting the LSB of the x or y coordinate of abG given 〈E, G, aG, bG〉 for a certain family of elliptic curves, then there is an algorithm for computing the Diffie–Hellman function on all curves in this family. This seems stronger than the best analogous results for the Diffie–Hellman function in Fp. Boneh and Venkatesan showed that in Fp computing approximately (log p) of the bits of the Diffie–Hellman secret is as hard as computing the entire secret. Our results show that just predicting one bit of the Elliptic Curve Diffie–Hellman secret in a family of curves is as hard as computing the entire secret.
منابع مشابه
Diffie-Hellman type key exchange protocols based on isogenies
In this paper, we propose some Diffie-Hellman type key exchange protocols using isogenies of elliptic curves. The first method which uses the endomorphism ring of an ordinary elliptic curve $ E $, is a straightforward generalization of elliptic curve Diffie-Hellman key exchange. The method uses commutativity of the endomorphism ring $ End(E) $. Then using dual isogenies, we propose...
متن کاملA NEW PROTOCOL MODEL FOR VERIFICATION OF PAYMENT ORDER INFORMATION INTEGRITY IN ONLINE E-PAYMENT SYSTEM USING ELLIPTIC CURVE DIFFIE-HELLMAN KEY AGREEMENT PROTOCOL
Two parties that conduct a business transaction through the internet do not see each other personally nor do they exchange any document neither any money hand-to-hand currency. Electronic payment is a way by which the two parties transfer the money through the internet. Therefore integrity of payment and order information of online purchase is an important concern. With online purchase the cust...
متن کاملOn the Bit Security of Elliptic Curve Diffie-Hellman
This paper gives the first bit security result for the elliptic curve Diffie–Hellman key exchange protocol for elliptic curves defined over prime fields. About 5/6 of the most significant bits of the x-coordinate of the Diffie–Hellman key are as hard to compute as the entire key. A similar result can be derived for the 5/6 lower bits. The paper also generalizes and improves the result for ellip...
متن کاملBit Security of the Hyperelliptic Curves Diffie-Hellman Problem
The Diffie-Hellman problem as a cryptographic primitive plays an important role in modern cryptology. The Bit Security or Hard-Core Bits of Diffie-Hellman problem in arbitrary finite cyclic group is a long-standing open problem in cryptography. Until now, only few groups have been studied. Hyperelliptic curve cryptography is an alternative to elliptic curve cryptography. Due to the recent crypt...
متن کاملExtracting bits from coordinates of a point of an elliptic curve
In the classic Diffie-Hellman protocol based on a generic group G, Alice and Bob agree on a common secret KAB (master secret) which is indistinguishable from another element of G but not from a random bits-string of the same length. In this paper, we present a new deterministic method to extract bits from KAB when G is an elliptic curve defined over a quadratic extension of a finite field. In t...
متن کامل