A Nonuniform Algorithm for the Hidden Number Problem in Subgroups

  • Igor E. Shparlinski
  • Arne Winterhof
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2947)


Boneh and Venkatesan have proposed a polynomial time algorithm in a non-uniform model for recovering a ”hidden” element α ∈ IFp, where p is prime, from very short strings of the most significant bits of the residue of αt modulo p for several randomly chosen t ∈ IFp. Here we modify the scheme and amplify the uniformity of distribution of the ‘multipliers’ t and thus extend this result to subgroups of \({\mathrm {I\!F}}_p^*\), which are more relevant to practical usage. As in the work of Boneh and Venkatesan, our result can be applied to the bit security of Diffie–Hellman related encryption schemes starting with subgroups of very small size, including all cryptographically interesting subgroups.


Hidden number problem Diffie-Hellman key exchange Lattice reduction Exponential sums Waring problem in finite fields Nonuniform algorithm 


  1. 1.
    Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest vector problem. In: Proc. 33rd ACM Symp. on Theory of Comput., Crete, Greece, pp. 601–610 (2001)Google Scholar
  2. 2.
    Babai, L.: ’On Lovasz’ lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie–Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Boneh, D., Venkatesan, R.: Rounding in lattices and its cryptographic applications. In: Proc. 8th Annual ACM-SIAM Symp. on Discr. Algorithms, pp. 675–681. SIAM, Philadelphia (1997)Google Scholar
  5. 5.
    Bourgain, J., Konyagin, S.V.: ‘Estimates for the number of sums and products and for exponential sums over subgroups in fields of prime order’. Comptes Rendus Mathematique 337, 75–80 (2003)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Cochrane, T., Pinner, C., Rosenhouse, J.: Bounds on exponential sums and the polynomial Waring’s problem mod p. In: Proc. Lond. Math. Soc., vol. 67, pp. 319–336 (2003)Google Scholar
  7. 7.
    Crandall, R., Pomerance, C.: Prime numbers: A Computational perspective. Springer, Berlin (2001)Google Scholar
  8. 8.
    González Vasco, M.I., Shparlinski, I.E.: On the security of Diffie–Hellman bits. In: Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, pp. 257–268. Birkhäuser, Basel (2001)Google Scholar
  9. 9.
    Heath-Brown, D.R., Konyagin, S.V.: New bounds for Gauss sums derived from kth powers, and for Heilbronn’s exponential sum. Quart. J. Math. 51, 221–235 (2000)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Konyagin, S.V.: On estimates of Gaussian sums and the Waring problem modulo a prime. In: Trudy Matem. Inst. Acad. Nauk USSR, Moscow, vol. 198, pp. 111–124 (1992) (in Russian); translation in Proc. Steklov Inst. Math., 1, 105–117 (1994)Google Scholar
  11. 11.
    Konyagin, S.V., Shparlinski, I.: Character sums with exponential functions and their applications. Cambridge Univ. Press, Cambridge (1999)MATHCrossRefGoogle Scholar
  12. 12.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 515–534 (1982)MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Li, W.-C.W., Näslund, M., Shparlinski, I.E.: The hidden number problem with the trace and bit security of XTR and LUC. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 433–448. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Lidl, R., Niederreiter, H.: Finite fields. Cambridge University Press, Cambridge (1997)Google Scholar
  15. 15.
    Menezes, J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  16. 16.
    Nguyen, P.Q., Stern, J.: Lattice reduction in cryptology: An update. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 85–112. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Nguyen, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Schirokauer, O.: Discrete logarithms and local units. Philos. Trans. Roy. Soc. London, Ser. A 345, 409–423 (1993)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Schirokauer, O., Weber, D., Denny, T.: Discrete logarithms: The effectiveness of the index calculus method. In: Cohen, H. (ed.) ANTS 1996. LNCS, vol. 1122, pp. 337–362. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Shparlinski, E.: Playing “Hide-and-Seek” in finite fields: Hidden number problem and its applications. In: Proc. 7th Spanish Meeting on Cryptology and Information Security, vol. 1, pp. 49–72. Univ. of Oviedo (2002)Google Scholar
  21. 21.
    Shparlinski, I.E.: Exponential sums and lattice reduction: Applications to cryptography. In: Finite Fields with Applications to Coding Theory, Cryptography and Related Areas, pp. 286–298. Springer, Heidelberg (2002)Google Scholar
  22. 22.
    Shparlinski, I.E.: Cryptographic applications of analytic number theory. Birkhäuser, Basel (2003)MATHGoogle Scholar
  23. 23.
    Shparlinski, I.E., Winterhof, A.: Hidden number problem in small subgroups (Preprint) (2003)Google Scholar
  24. 24.
    Stinson, D.R.: Cryptography: Theory and practice. CRC Press, Boca Raton (2002)Google Scholar
  25. 25.
    Winterhof: On Waring’s problem in finite fields. Acta Arith. 87, 171–177 (1998)MATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Igor E. Shparlinski
    • 1
  • Arne Winterhof
    • 2
  1. 1.Department of ComputingMacquarie UniversitySydneyAustralia
  2. 2.Johann Radon Institute for Computational and Applied Mathematics Austrian Academy of SciencesLinzAustria

Personalised recommendations