Efficient Pseudorandom Generators Based on the DDH Assumption

  • Reza Rezaeian Farashahi
  • Berry Schoenmakers
  • Andrey Sidorenko
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4450)


A family of pseudorandom generators based on the decisional Diffie-Hellman assumption is proposed. The new construction is a modified and generalized version of the Dual Elliptic Curve generator proposed by Barker and Kelsey. Although the original Dual Elliptic Curve generator is shown to be insecure, the modified version is provably secure and very efficient in comparison with the other pseudorandom generators based on discrete log assumptions.

Our generator can be based on any group of prime order provided that an additional requirement is met (i.e., there exists an efficiently computable function that in some sense enumerates the elements of the group). Two specific instances are presented. The techniques used to design the instances, for example, the new probabilistic randomness extractor are of independent interest for other applications.


Elliptic Curve Discrete Logarithm Seed Length Discrete Logarithm Problem Quadratic Residue 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barker, E., Kelsey, J.: Recommendation for random number generation using deterministic random bit generators. NIST Special Publication (SP) 800-90 (December 2005)Google Scholar
  2. 2.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM Journal on Computing 13(4), 850–864 (1984)CrossRefMathSciNetzbMATHGoogle Scholar
  3. 3.
    Brown, D.: Conjectured security of the ANSI-NIST Elliptic Curve RNG. Cryptology ePrint Archive, Report 2006 /117 (2006),
  4. 4.
    Chevassut, O., Fouque, P., Gaudry, P., Pointcheval, D.: The Twist-AUgmented Technique for Key Exchange. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 410–426. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing, 167–226 (2003)Google Scholar
  6. 6.
    Fischlin, R., Schnorr, C.P.: Stronger security proofs for RSA and Rabin bits. Journal of Cryptology 13(2), 221–244 (2000)CrossRefMathSciNetzbMATHGoogle Scholar
  7. 7.
    Fouque, P., Pointcheval, D., Stern, J., Zimmer, S.: Hardness of distinguishing the MSB or LSB of secret keys in Diffie-Hellman schemes. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 240–251. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Gennaro, R.: An improved pseudo-random generator based on the discrete logarithm problem. Journal of Cryptology 18(2), 91–110 (2005)CrossRefMathSciNetzbMATHGoogle Scholar
  9. 9.
    Gennaro, R., Krawczyk, H., Rabin, T.: Secure hashed Diffie-Hellman over non-DDH groups, Cryptology ePrint Archive, Report 2004/099 (2004),
  10. 10.
    Gjøsteen, K.: Comments on Dual-EC-DRBG/NIST SP 800-90, Draft, December 2005 (March 2006),
  11. 11.
    Goldreich, O.: Foundations of cryptography. Cambridge University Press, Cambridge (2001)zbMATHGoogle Scholar
  12. 12.
    Haitner, I., Harnik, D., Reingold, O.: On the power of the randomized iterate. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 22–40. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: Construction of a pseudo-random generator from any one-way function. SIAM Journal on Computing 28, 1364–1396 (1999)CrossRefMathSciNetzbMATHGoogle Scholar
  14. 14.
    Jiang, S.: Efficient primitives from exponentiation in ℤp. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 259–270. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Juels, A., Jakobsson, M., Shriver, E., Hillyer, B.K.: How to turn loaded dice into fair coins. IEEE Transactions on Information Theory 46(3), 911–921 (2000)CrossRefMathSciNetzbMATHGoogle Scholar
  16. 16.
    Kaliski, B.S.: Elliptic curves and cryptography: A pseudorandom bit generator and other tools, Ph.D. thesis, MIT, Cambridge, MA, USA (1988)Google Scholar
  17. 17.
    Knuth, D.E.: Seminumerical algorithms, vol. 3, 3rd edn. Addison-Wesley, Reading (1997)Google Scholar
  18. 18.
    Lenstra, A.K., Verheul, E.R.: The XTR public key system. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 1–19. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. Journal of Cryptology 14(4), 255–293 (2001)MathSciNetzbMATHGoogle Scholar
  20. 20.
    Luby, M.: Pseudorandomness and cryptographic applications. Princeton University Press, Princeton (1994)Google Scholar
  21. 21.
    Maurer, U.M.: Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete algorithms. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 271–281. Springer, Heidelberg (1994)Google Scholar
  22. 22.
    Maurer, U.M., Wolf, S.: Diffie-Hellman. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 268–282. Springer, Heidelberg (1996)Google Scholar
  23. 23.
    Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)CrossRefMathSciNetzbMATHGoogle Scholar
  24. 24.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. Journal of the ACM 51(2), 231–262 (2004)CrossRefMathSciNetGoogle Scholar
  25. 25.
    Patel, S., Sundaram, G.S.: An efficient discrete log pseudo random generator. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 304–317. Springer, Heidelberg (1998)Google Scholar
  26. 26.
    Pollard, J.M.: Kangaroos, monopoly and discrete logarithms. Journal of Cryptology 13(4), 437–447 (2000)CrossRefMathSciNetzbMATHGoogle Scholar
  27. 27.
    Schoenmakers, B., Sidorenko, A.: Cryptanalysis of the Dual Elliptic Curve pseudorandom generator, Cryptology ePrint Archive, Report 2006 /190 (2006),
  28. 28.
    Shaltiel, R.: Recent developments in explicit constructions of extractors. Bulletin of the EATCS 77, 67–95 (2002)MathSciNetzbMATHGoogle Scholar
  29. 29.
    Steinfeld, R., Pieprzyk, J., Wang, H.: On the provable security of an efficient RSA-based pseudorandom generator, Cryptology ePrint Archive, Report 2006 /206 (2006),
  30. 30.
    Wolf, S.: Information-theoretically and computationally secure key agreement in cryptography, Ph.D. thesis, ETH Zurich (1999)Google Scholar
  31. 31.
    Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Reza Rezaeian Farashahi
    • 1
    • 2
  • Berry Schoenmakers
    • 1
  • Andrey Sidorenko
    • 1
  1. 1.Dept. of Mathematics and Computer Science, TU Eindhoven, P.O. Box 513, 5600 MB EindhovenThe Netherlands
  2. 2.Dept. of Mathematical Sciences, Isfahan University of Technology, P.O. Box 85145 IsfahanIran

Personalised recommendations