Short Exponent Diffie-Hellman Problems

  • Takeshi Koshiba
  • Kaoru Kurosawa
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2947)


In this paper, we study short exponent Diffie-Hellman problems, where significantly many lower bits are zeros in the exponent. We first prove that the decisional version of this problem is as hard as two well known hard problems, the standard decisional Diffie-Hellman problem (DDH) and the short exponent discrete logarithm problem. It implies that we can improve the efficiency of ElGamal scheme and Cramer-Shoup scheme under the two widely accepted assumptions. We next derive a similar result for the computational version of this problem.


Discrete Logarithm Modular Exponentiation Probabilistic Polynomial Time Choose Ciphertext Attack Choose Plaintext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Computing 13(4), 850–864 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Information Theory IT 31(4), 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Gennaro, R.: An improved pseudo-random generator based on discrete log. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 469–481. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Kurosawa, K., Duong, Q.V.: How to design efficient multiple-use 1-out-n oblivious transfer. IEICE Trans. Fundamentals E87A(1) (2004)Google Scholar
  6. 6.
    Long, D.L., Wigderson, A.: The discrete logarithm hides O(log n) bits. SIAM J. Computing 17(2), 363–372 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proc. the 12th ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 448–457 (2001)Google Scholar
  8. 8.
    Patel, S., Sundaram, G.S.: An efficient discrete log pseudo random generator. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 304–317. Springer, Heidelberg (1998)Google Scholar
  9. 9.
    Peralta, R.: Simultaneous security of bits in the discrete log. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 62–72. Springer, Heidelberg (1986)CrossRefGoogle Scholar
  10. 10.
    Pollard, J.M.: Kangaroos, monopoly and discrete logarithms. J. Cryptology 13(4), 437–447 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Schnorr, C.: Security of almost all discrete log bits. Electronic Colloquium on Computational Complexity. TR-98-033,
  12. 12.
    van Oorschot, P.C., Wiener, M.J.: On Diffie-Hellman key agreement with short exponents. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 332–343. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    van Oorschot, P.C., Wiener, M.J.: Parallel Collision Search with Cryptographic Applications. J. Cryptology 12(1), 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Takeshi Koshiba
    • 1
    • 2
  • Kaoru Kurosawa
    • 3
  1. 1.Secure Computing Lab.Fujitsu Laboratories Ltd. 
  2. 2.ERATO Quantum Computation and Information ProjectJapan Science and Technology AgencyKyotoJapan
  3. 3.Department of Computer and Information SciencesIbaraki UniversityHitachi, IbarakiJapan

Personalised recommendations