The Security of All Bits Using List Decoding

  • Paz Morillo
  • Carla Ràfols
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5443)


The relation between list decoding and hard-core predicates has provided a clean and easy methodology to prove the hardness of certain predicates. So far this methodology has only been used to prove that the O(loglogN) least and most significant bits of any function with multiplicative access —which include the most common number theoretic trapdoor permutations— are secure. In this paper we show that the method applies to all bits of any function defined on a cyclic group of order N with multiplicative access for cryptographically interesting N. As a result, in this paper we reprove the security of all bits of RSA, the discrete logarithm in a group of prime order or the Paillier encryption scheme.


bit security list decoding one-way function 


  1. 1.
    Akavia, A., Goldwasser, S., Safra, S.: Proving Hard-Core Predicates Using List Decoding. In: Proc. of the 44th Symposium on Foundations of Computer Science (2003)Google Scholar
  2. 2.
    Alexi, W., Chor, B., Goldreich, O., Schnorr, C.P.: RSA and Rabin functions: certain parts are as hard as the whole. SIAM J.Comp. 17(2) (1988)Google Scholar
  3. 3.
    Catalano, D., Gennaro, R., Howgrave-Graham, N.: Paillier’s Trapdoor Function Hides up to O(n) Bits. J.Cryptology 15(4) (2002)Google Scholar
  4. 4.
    Kushilevitz, E., Mansour, Y.: Learning Decision Trees Using the Fourier Spectrum. In: Proc. of the 23rd Annual ACM Symposium on Theory of Computing (1991)Google Scholar
  5. 5.
    Gilbert, A.C., Muthukrishnan, S., Strauss, M.: Improved time bounds for near-optimal sparse Fourier representation via sampling. In: Proc. of SPIE Wavelets XI (2005)Google Scholar
  6. 6.
    Goldreich, O., Levin, L.: A hard-core predicate for all one-way functions. In: Proc. of the 21st Annual ACM Symposium on Theory of Computing (1989)Google Scholar
  7. 7.
    Goldreich, O., Rubinfeld, R., Sudan, M.: Learning Polynomials with Queries: The Highly Noisy Case. SIAM J. Discrete Math. 13(4) (2000)Google Scholar
  8. 8.
    Håstad, J., Näslund, M.: The security of all RSA and discrete log bits. J. ACM 51(2) (2004)Google Scholar
  9. 9.
    Näslund, M.: All Bits ax+b mod p are Hard. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 114–128. Springer, Heidelberg (1996)Google Scholar
  10. 10.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Paz Morillo
    • 1
  • Carla Ràfols
    • 1
  1. 1.Dept. Matemàtica Aplicada IVUniversitat Politècnica de CatalunyaBarcelonaSpain

Personalised recommendations