Efficient Primitives from Exponentiation in ℤp

  • Shaoquan Jiang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4058)


Since Diffie-Hellman [12], many secure systems, based on discrete logarithm or Diffie-Hellman assumption in ℤ p , were introduced in the literature. In this work, we investigate the possibility to construct efficient primitives from exponentiation techniques over ℤ p . Consequently, we propose a new pseudorandom generator, where its security is proven under the decisional Diffie-Hellman assumption. Our generator is the most efficient among all generators from ℤ p * that are provably secure under standard assumptions. If an appropriate precomputation is allowed, our generator can produce O(loglogp) bits per modular multiplication. This is the best possible result in the literature (even improved by such a precomputation as well). Interestingly, our generator is the first provably secure under a decisional assumption and might be instructive for discovering potentially more efficient generators in the future. Our second result is a new family of universally collision resistant hash family (CRHF). Our CRHF is provably secure under the discrete log assumption and is more efficient than all previous CRHFs that are provably secure under standard assumptions (especially without a random oracle). This result is important, especially when the unproven hash functions (e.g., MD4, MD5, SHA-1) were broken by Wang et al. [37, 38, 39].


Hash Function Signature Scheme Standard Assumption Random Oracle Modular Multiplication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adleman, L.M.: A Subexponential Algorithm for the Discrete Logarithm Problem with Applications to Cryptography (Abstract). In: FOCS 1979, pp. 55–60 (1979)Google Scholar
  2. 2.
    Alexi, W., Chor, B., Goldreich, O., Schnorr, C.: RSA/Rabin Bits are 1/2 + 1/poly(log N) Secure. In: FOCS 1984, pp. 449–457 (1984)Google Scholar
  3. 3.
    Bellare, M., Goldwasser, S.: Verifiable Partial Key Escrow. In: ACM CCS 1997, pp. 78–91 (1997)Google Scholar
  4. 4.
    Bellare, M., Micciancio, D.: A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Blum, L., Blum, M., Shub, M.: A Simple Unpredictable Pseudo-Random Number Generator. SIAM J. Comput. 15(2), 364–383 (1986)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Blum, M., Micali, S.: How to Generate Cryptographically Strong Sequences of Pseudo Random Bits. In: FOCS 1982, pp. 112–117 (1982)Google Scholar
  7. 7.
    Coppersmith, D., Odlyzko, A.M., Schroeppel, R.: Discrete Logarithms in GF(p). Algorithmica 1(1), 1–15 (1986)MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001); In: Knudsen, L.R. (ed.) EUROCRYPT 2001. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002); signature-based key-exchange protocol. In: Yung, M. (ed.) EUROCRYPT 2001. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Contini, S., Lenstra, A.K., Steinfeld, R.: VSH: an Efficient and Provable Collision Resistant Hash Function. In: NIST Cryptographic Hash Workshop 2005, Maryland, USA (2005)Google Scholar
  10. 10.
    Cramer, R., Shoup, V.: A practical public- key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  11. 11.
    Damgård, I.B.: Collision Free Hash Functions and Public Key Signature Schemes. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)Google Scholar
  12. 12.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Dedić, N., Reyzin, L., Vadhan, S.P.: An Improved Pseudorandom Generator Based on Hardness of Factoring. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 88–101. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    El Gamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)MATHCrossRefGoogle Scholar
  15. 15.
    Gennaro, R.: An Improved Pseudo-random Generator Based on Discrete Log. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 91–110. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. 16.
    Goldwasser, S., Micali, S., Tong, P.: Why and how to establish a private code on a public network. In: FOCS 1982, pp. 134–144 (1982)Google Scholar
  17. 17.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)MATHCrossRefGoogle Scholar
  19. 19.
    Goldreich, O., Goldwasse amd, S., Micali, S.: How to Construct Random Functions. Journal of the ACM 33(4), 792–807 (1986)CrossRefGoogle Scholar
  20. 20.
    Goldreich, O., Rosen, V.: On the Security of Modular Exponentiation with Application to the Construction of Pseudorandom Generators. J. Cryptology 16(2), 71–93 (2003)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A Pseudorandom Generator from any One-way Function. SIAM J. Comput. 28(4), 1364–1396 (1999) (Early version is in STOC 1989) MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Hastad, J., Schrift, A., Shamir, A.: The Discrete Logarithm Modulo a Composite Hides O(n) Bits. JCSS 47, 376–404 (1993)MATHMathSciNetGoogle Scholar
  23. 23.
    Hua, L.: Introduction to Number Theory. Springer, Berlin (1982)MATHGoogle Scholar
  24. 24.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Lenstra, A.K., Lenstra Jr., H.W. (eds.): The Developement of the Number Field Sieve. LNM, vol. 1554. Springer, Heidelberg (1993)Google Scholar
  26. 26.
    Lim, C., Lee, P.: More Flexible Exponentiation with Precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)Google Scholar
  27. 27.
    Long, D.L., Wigderson, A.: How Discreet is the Discrete Log. In: STOC 1983, pp. 413–420 (1983)Google Scholar
  28. 28.
    Odlyzko, A.M.: Discrete Logarithms: The Past and the Future. Des. Codes Cryptography 19(2/3), 129–145 (2000)MATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    Patel, S., Sundaram, G.S.: An Efficient Discrete Log Pseudo Random Generator. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 304–317. Springer, Heidelberg (1998)Google Scholar
  30. 30.
    Peikert, C., Rosen, A.: Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Pointcheval, D.: The Composite Discrete Logarithm and Secure Authentication. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 113–128. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  32. 32.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of ACM 2, 120–126 (1978)CrossRefMathSciNetGoogle Scholar
  33. 33.
    Shamir, A., Tauman, Y.: Improved Online/Offline Signature Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  34. 34.
    Schirokauer, O.: Discrete Logarithm and Local Units. Philosophical Transactions: Physical Science and Engineering 345(1676), 409–423 (1993)MATHCrossRefMathSciNetGoogle Scholar
  35. 35.
    Shoup, V.: Lower Bounds for Discrete Logarithms and Related Problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  36. 36.
    Vazirani, U., Vazirani, V.: Efficient and Secure Pseudo-random number generation. In: FOCS 1984, pp. 458–463 (1984)Google Scholar
  37. 37.
    Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  38. 38.
    Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  39. 39.
    Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)Google Scholar
  40. 40.
    Yao, A.: Theory and Applications of Trapdoor Functions (Extended Abstract). In: FOCS 1982, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Shaoquan Jiang
    • 1
  1. 1.Department of Computer ScienceUniversity of Electronic Science and Technology of ChinaChengDuChina

Personalised recommendations