Chapter

Public Key Cryptography – PKC 2004

Volume 2947 of the series Lecture Notes in Computer Science pp 416-424

A Nonuniform Algorithm for the Hidden Number Problem in Subgroups

  • Igor E. ShparlinskiAffiliated withDepartment of Computing, Macquarie University
  • , Arne WinterhofAffiliated withJohann Radon Institute for Computational and Applied Mathematics Austrian Academy of Sciences

Abstract

Boneh and Venkatesan have proposed a polynomial time algorithm in a non-uniform model for recovering a ”hidden” element α ∈ IF p , where p is prime, from very short strings of the most significant bits of the residue of αt modulo p for several randomly chosen t ∈ IF p . Here we modify the scheme and amplify the uniformity of distribution of the ‘multipliers’ t and thus extend this result to subgroups of \({\mathrm {I\!F}}_p^*\), which are more relevant to practical usage. As in the work of Boneh and Venkatesan, our result can be applied to the bit security of Diffie–Hellman related encryption schemes starting with subgroups of very small size, including all cryptographically interesting subgroups.

Keywords

Hidden number problem Diffie-Hellman key exchange Lattice reduction Exponential sums Waring problem in finite fields Nonuniform algorithm