Designs, Codes and Cryptography

, Volume 87, Issue 1, pp 1–13 | Cite as

Secure simultaneous bit extraction from Koblitz curves

  • Xinxin Fan
  • Guang Gong
  • Berry Schoenmakers
  • Francesco Sica
  • Andrey Sidorenko


Secure pseudo-random number generators (PRNGs) have a lot of important applications in cryptography. In this paper, we analyze a new PRNG related to the elliptic curve power generator. The new PRNG has many desirable randomness properties such as long period, uniform distribution, etc. In particular, the proposed PRNG is provably secure under the l-strong Diffie–Hellman assumptions. An important feature of our PRNG is that many bits can be simultaneously output without significantly affecting its security. For instance, at 150-bit security, more than 100 bits can be output at each iteration, with a statistical distance from a uniform sequence less than \(1/2^{150}\). Our experimental results show that the new PRNG provides a secure and flexible solution for high security applications. Hence, our work is another step towards the construction of provably secure PRNGs in practice.


Cryptography Elliptic curves Pseudo-random Number generator 

Mathematics Subject Classification

11T23 11K45 94A60 



We thank the referees, whose constructive comments greatly improved the presentation of our work.


  1. 1.
    Alex W., Chor B., Goldreich O., Shub M.: RSA and Rabin functions: certain parts are as hard as the whole. SIAM J. Comput. 17, 194–209 (1988).MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Avanzi R., Dimitrov V.S., Doche C., Sica F.: Extending scalar multiplication using double bases. In: Lai Xuejia, Chen Kefei (eds.) Proceedings of Asiacrypt 2006, vol. 4284, pp. 130–144. Lecture Notes in Computer ScienceSpringer, Berlin (2006).CrossRefGoogle Scholar
  3. 3.
    Blum L., Blum M., Shub M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15, 364–383 (1986).MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Boneh D., Boyen X.: Short signatures without random oracles. In: Advances in Cryptology—EUROCRYPT 2004. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2–6 May 2004, Proceedings, pp. 56–73 (2004).Google Scholar
  5. 5.
    Boneh D., Franklin M.: Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003). Extended abstract in Proceedings of Crypto ’2001. Lecture Notes in Computer Science, vol. 2139. Springer, Berlin, pp. 213–229 (2001).Google Scholar
  6. 6.
    Boneh D., Shacham H., Lynn B.: Short signatures from the Weil pairing. In: Boyd C. (ed.) Advances in Cryptology—ASIACRYPT 2001, vol. 2248, pp. 514–532. Lecture Notes in Computer ScienceSpringer, Berlin (2001).CrossRefGoogle Scholar
  7. 7.
    Boneh D., Boyen X., Hovav S.: Short group signatures. In: Advances in Cryptology—CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 2004, Proceedings, pp. 41–55 (2004).Google Scholar
  8. 8.
    Checkoway S., Fredrikson M., Niederhagen R., Everspaugh A., Green M., Lange T., Ristenpart T., Bernstein D.J., Maskiewicz J., Shacham H.: On the practical exploitability of dual EC in TLS implementations. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC’14, pp. 319–335. USENIX Association, Berkeley, CA, USA (2014).Google Scholar
  9. 9.
    Checkoway S., Maskiewicz J., Garman C., Fried J., Cohney S., Green M., Heninger N., Weinmann R.-P., Rescorla E., Shacham H.: A systematic analysis of the juniper dual EC incident. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pp. 468–479. ACM, New York, NY, USA (2016).Google Scholar
  10. 10.
    Cheon J.H.: Security analysis of the strong Diffie–Hellman problem. In: Proceedings of EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004, pp. 1–11. Springer, Heidelberg (2006).Google Scholar
  11. 11.
    Ciss A.A., Sow D.: On randomness extraction in elliptic curves. In: Proceedings of AFRICACRYPT 2011. Lecture Notes in Computer Science, vol. 6737, pp. 290–297. Springer, Heidelberg (2011).Google Scholar
  12. 12.
    Dimitrov V., Howe E.: Lower bounds on the lengths of double-base representations. Proc. Am. Math. Soc. 139(10), 3423–3430 (2011).MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Dimitrov V., Imbert L., Mishra P.K.: The double-base number system and its application to elliptic curve cryptography. Math. Comput. 110(22), 1003–1006 (2010).zbMATHGoogle Scholar
  14. 14.
    Doche C., Kohel D.R., Sica F.: Double-base number system for multi-scalar Multiplications. In: Joux A. (ed.) Proceedings of EUROCRYPT. Lecture Notes in Computer Science, vol. 5479, pp. 502–517. Springer, Heidelberg (2009).Google Scholar
  15. 15.
    Farashahi R.R., Schoenmakers B., Sidorenko A.: Efficient pseudorandom generators based on the DDH assumption. In: Proceedings of PKC 2007. Lecture Notes in Computer Science, vol. 4450, pp. 426–441. Springer, Heidelberg (2007).Google Scholar
  16. 16.
    Farashahi R.R., Pellikaan R., Sidorenko A.: Extractors for binary elliptic curves. Des. Codes Cryptogr. 49(1–3), 171–186 (2008).MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Golomb S.W., Gong G.: Signal design for good correlation: for wireless communication, cryptography, and radar applications. Cambridge University Press, Cambridge (2005).CrossRefzbMATHGoogle Scholar
  18. 18.
    Gong G., Berson T.A., Stinson D.R.: Elliptic curve pseudorandom sequence generators. In: Selected Areas in Cryptography, 6th Annual International Workshop, SAC’99, Kingston, ON, Canada, 9–10 August 1999, Proceedings, pp. 34–48 (1999).Google Scholar
  19. 19.
    Hankerson D., Menezes A., Vanstone S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, New York (2004).Google Scholar
  20. 20.
    Joux A.: A one round protocol for tripartite Diffie–Hellman. In: Bosma W. (ed.) Algorithmic Number Theory, 4th International Symposium, ANTS-IV. Lecture Notes in Computer Science, vol. 1838, pp. 385–394. Springer, Berlin (2000).Google Scholar
  21. 21.
    Koblitz N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987).MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Lidl R., Niederreiter H.: Finite fields. With a foreword. In: Cohn P.M. (ed.) Encyclopedia of Mathematics and Its Applications, vol. 20. Cambridge University Press, Cambridge (1997).Google Scholar
  23. 23.
    Liu H.: A family of elliptic curve pseudorandom binary sequences. Des. Codes Cryptogr. 73(1), 251–265 (2014).MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Liu H., Zhan T., Wang X.: Large families of elliptic curve pseudorandom binary sequences. Acta Arith. 140, 135–144 (2009). Instytut Matematyczny PAN.MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Mérai L.: Remarks on pseudorandom binary sequences over elliptic curves. Fundam. Inf. 114(3–4), 301–308 (2012).MathSciNetzbMATHGoogle Scholar
  26. 26.
    Mérai L.: On the elliptic curve power generator. Unif. Distrib. Theory 9(2), 59–65 (2014).MathSciNetzbMATHGoogle Scholar
  27. 27.
    Mérai L.: On pseudorandom properties of certain sequences of points on elliptic curve. In: Arithmetic of Finite Fields—6th International Workshop, WAIFI 2016, Ghent, Belgium, 13–15 July 2016, Revised Selected Papers, pp. 54–63 (2016).Google Scholar
  28. 28.
    Mérai L.: On the elliptic curve endomorphism generator. Des. Codes Cryptogr. Bd. 85, S. 121–128 (2017).Google Scholar
  29. 29.
    Mérai L., Winterhof A.: On the linear complexity profile of some sequences derived from elliptic curves. Des. Codes Cryptogr. 81(2), 259–267 (2016).MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Miller V.S.: Use of elliptic curves in cryptography. In: Williams H.C. (ed.) Advances in Cryptology—Proceedings of CRYPTO 1985, vol. 218, pp. 417–426. Lecture Notes in Computer ScienceSpringer, New York (1986).Google Scholar
  31. 31.
    Schoenmakers B., Sidorenko A.: Cryptanalysis of the dual elliptic curve pseudorandom generator. IACR Cryptology. ePrint Archive 2006, p. 190 (2006).Google Scholar
  32. 32.
    Shparlinski I.E.: Pseudorandom number generators from elliptic curves. Contemp. Math. 9, 121–141 (2009).MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Sidorenko A., Schoenmakers B.: Concrete security of the Blum–Blum–Shub pseudorandom generator. In: Cryptography and Coding, 10th IMA International Conference, Cirencester, UK, 19–21 December 2005, Proceedings. Lecture Notes in Computer Science, vol. 3796, pp. 355–375. Springer, Berlin (2005).Google Scholar
  34. 34.
    Vazirani U.V., Vazirani V.V.: Efficient and secure pseudo-random number generation (extended abstract). In: 25th Annual Symposium on Foundations of Computer Science (FOCS), West Palm Beach, Florida, USA, 24–26 October 1984, pp. 458–463. IEEE Computer Society, Philadelphia (1984).Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.IoTeXMenlo ParkUSA
  2. 2.Department of Electrical and Computer EngineeringUniversity of WaterlooWaterlooCanada
  3. 3.Department of Mathematics and Computer ScienceTechnical University EindhovenEindhovenThe Netherlands
  4. 4.School of Science and TechnologyNazarbayev UniversityAstanaKazakhstan
  5. 5.BrightsightDelftThe Netherlands

Personalised recommendations