Advances in Cryptology – CRYPTO 2012 pp 832-849

Hardness of Computing Individual Bits for One-Way Functions on Elliptic Curves

  • Alexandre Duc
  • Dimitar Jetchev
Conference paper

DOI: 10.1007/978-3-642-32009-5_48

Volume 7417 of the book series Lecture Notes in Computer Science (LNCS)


We prove that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then we can invert the function. In particular, our result implies that if one can predict any of the bits of the input to a classical pairing-based one-way function with non-negligible advantage over a random guess then one can efficiently invert this function and thus, solve the Fixed Argument Pairing Inversion problem (FAPI-1/FAPI-2). The latter has implications on the security of various pairing-based schemes such as the identity-based encryption scheme of Boneh–Franklin, Hess’ identity-based signature scheme, as well as Joux’s three-party one-round key agreement protocol. Moreover, if one can solve FAPI-1 and FAPI-2 in polynomial time then one can solve the Computational Diffie–Hellman problem (CDH) in polynomial time.

Our result implies that all the bits of the functions defined above are hard-to-compute assuming these functions are one-way. The argument is based on a list-decoding technique via discrete Fourier transforms due to Akavia–Goldwasser–Safra as well as an idea due to Boneh–Shparlinski.


One-way functionhard-to-compute bitsbilinear pairingselliptic curvesfixed argument pairing inversion problemFourier transformlist decoding
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  • Alexandre Duc
    • 1
  • Dimitar Jetchev
    • 2
  1. 1.LASECEPFLLausanneSwitzerland
  2. 2.LACALEPFLLausanneSwitzerland