Advertisement

Exponential Sums and Lattice Reduction: Applications to Cryptography

  • Igor E. Shparlinski

Abstract

We describe a rather surprising, yet powerful, combination of two famous number theoretic techniques: bounds of exponential sums and lattice reduction algorithms. This combination has led to a number of cryptographic applications, helping to make rigorous several heuristic approaches and provides a two edge sword to defend and attack. It can be used prove important security results and also to create powerful attacks. The examples of the first group include results about the bit security of the Diffie-Hellman key exchange system, of the Shamir message passing scheme and of the XTR and LUC cryptosystems. The examples of the second group include attacks on the Digital Signature Scheme and its modifications which are provably insecure under certain conditions.

Keywords

Hash Function Elliptic Curve Signature Scheme Polynomial Time Algorithm Primitive Root 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Ajtai, R. Kumar and D. Sivakumar, `A sieve algorithm for the shortest lattice vector problem’, Proc. 33rd ACM Symp. on Theory of Comput., Crete, Greece, July 6–8, 2001, 601–610.MathSciNetGoogle Scholar
  2. 2.
    L. Babai, `On Lovâsz’ lattice reduction and the nearest lattice point problem’, Combinatorica, 6 (1986), 1–13.MathSciNetzbMATHCrossRefGoogle Scholar
  3. 3.
    D. Bleichenbacher, W. Bosnia and A. K. Lenstra, `Some remarks on Lucas-based Cryptograph’, Lect. Notes in Comp. Sei., Springer-Verlag, Berlin, 963 (1995), 386–396.Google Scholar
  4. 4.
    D. Boneh and I. E. Shparlinski, `On the unpredictability of bits of the elliptic curve Diffie—Hellman scheme’, Lect. Notes in Comp. Sei., Springer-Verlag, Berlin, 2139 (2001), 201–212.MathSciNetGoogle Scholar
  5. 5.
    D. Boneh and R. Venkatesan, `Hardness of computing the most significant bits of secret keys in Diffie—Hellman and related schemes’, Lect. Notes in Comp. Sei., Springer-Verlag, Berlin, 1109 (1996), 129–142.Google Scholar
  6. 6.
    D. Boneh and R. Venkatesan, `Rounding in lattices and its cryptographic applications’, Proc. 8th Annual ACM-SIAM Symp. on Discr. Algorithms, ACM, NY, 1997, 675–681.Google Scholar
  7. 7.
    D. R. L. Brown and A. J. Menezes, ‘A small subgroup attack on a key agreement protocol of Arazi’, Research Report CORR 2001–50, Faculty of Math., Univ. Waterloo, Waterloo, 2001, 1–5.Google Scholar
  8. 8.
    R. Canetti, J. B. Friedlander, S. Konyagin, M. Larsen, D. Lieman and I. E. Shparlinski, ‘On the statistical properties of Diffie-Hellman distributions’, Israel J. Math., 120 (2000), 23–46.MathSciNetzbMATHGoogle Scholar
  9. 9.
    P. Deligne, Cohomologie ‘etale (SGA 4D,), Lect. Notes in Math., Springer-Verlag, Berlin, 569 (1977).Google Scholar
  10. 10.
    E. El Mahassni, P. Q. Nguyen and I. E. Shparlinski, ‘The insecurity of NybergRueppel and other DSA-like signature schemes with partially known nonces’, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 2146 (2001), 97–109.Google Scholar
  11. 11.
    M. I. Gonzalez Vasco, M. Näslund and I. E. Shparlinski, `The hidden number problem in extension fields and its applications’, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 2286 (2002), 105–117.Google Scholar
  12. 12.
    M. I. Gonzalez Vasco and I. E. Shparlinski, ‘On the security of Dice-Hellman bits’, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, lirkhäuser, 2001, 257–268.Google Scholar
  13. 13.
    M. I. Gonzalez Vasco and I. E. Shparlinski, ‘Security of the most significant bits of the Shamir message passing scheme’, Math. Comp., 71 (2002), 333–342.MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    N. A. Howgrave-Graham, P. Q. Nguyen and I. E. Shparlinski, ‘Hidden number problem with hidden multipliers, timed-release crypto and noisy exponentiation’, Math. Comp.. (to appear).Google Scholar
  15. 15.
    N. A. Howgrave-Graham and N. P. Smart, ‘Lattice attacks on digital signature schemes’, Designs, Codes and Cryptography, 23 (2001), 283–290.MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    R. Karman, ‘Algorithmic geometry of numbers’, Annual Review of Comp. Sri., 2 (1987), 231–267.CrossRefGoogle Scholar
  17. 17.
    R. Karman, `Minkowski’s convex body theorem and integer programming’, Math. of Oper. Research, 12 (1987), 231–267.Google Scholar
  18. 18.
    N. M. Katz, Gauss sums, Kloosterma,a sums, and monodromy groups, Ann. of Math. Studies, 116, Princeton Univ. Press, 1988.Google Scholar
  19. 19.
    E. Kiltz, ‘A primitive for proving the security of every bit and about universal hash functions & hard core bits’, Preprint, 2001, 1 –19.Google Scholar
  20. 20.
    D. R. Kobel and I. E. Shparlinski. ‘Exponential sums and group generators for elliptic curves over finite fields’.. Led. Notes in Comp. Sri., Springer-Verlag, Berlin, 1838 (2000), 395–404.Google Scholar
  21. 21.
    S. V. Konyagin and I. Shparlinski, Character sums with exponential functions and their applications.. Cambridge Univ. Press, Cambridge, 1999.Google Scholar
  22. 22.
    A. K. Lenstra, H. W. Lenstra and L. Lovasz, ‘Factoring polynomials with rational coefficients’, Mathematische Annalen, 261 (1982), 515–534.MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    A. K. Lenstra and E. R. Verheul, ‘The XTR public key system’, Lect. Notes in Comp. Sri., Springer-Verlag, Berlin, 1880 (2000), 1–19.MathSciNetGoogle Scholar
  24. 24.
    A. K. Lenstra and E. R. Verheul. ‘Key improvements to XTR’. Lect. Notes in Comp. Sri., Springer-Verlag, Berlin, 1976 (2000), 220–233.MathSciNetGoogle Scholar
  25. 25.
    W.-C. W. Li,`Character sums and abelian Ramanujan graphs’, J. Number Theory,41 (1992).. 199–217.Google Scholar
  26. 26.
    W.-C. W. Li, Number theory with applications, World Scientific, Singapore, 1996.Google Scholar
  27. 27.
    W.-C. W. Li, M. Näslund and I. E. Shparlinski, `The hidden number problem with the trace and bit security of XTR and LUC’, Proc. Crypto’02, Santa Barbara, 2002, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, (to appear).Google Scholar
  28. 28.
    R. Lidl and H. Niederreiter, Finite fields, Cambridge University Press, Cambridge, 1997.Google Scholar
  29. 29.
    D. Micciancio, On the hardness of the shortest vector problem’, PhD Thesis, MIT, 1998.Google Scholar
  30. 30.
    A. J. Menezes, P. C. van Oorschot and S. A. Vanstone. Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, 1996.CrossRefGoogle Scholar
  31. 31.
    P. Q. Nguyen, `The dark side of the hidden number problem: Lattice attacks on DSA’, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, Birkhäuser, 2001, 321–330.Google Scholar
  32. 32.
    P. Q. Nguyen and I. E. Shparlinski, `The insecurity of the Digital Signature Algorithm with partially known nonces’, J. Cryptology (to appear).Google Scholar
  33. 33.
    P. Q. Nguyen and I. E. Shparlinski, The insecurity of the elliptic curve Digital Signature Algorithm with partially known nonces’, Designs, Codes and Cryptography,(to appear).Google Scholar
  34. 34.
    P. Q. Nguyen and J. Stern, `Lattice reduction in cryptology: An update’, Lect. Notes in Comp. Sei., Springer-Verlag, Berlin, 1838 (2000), 85 112.MathSciNetGoogle Scholar
  35. 35.
    P. Q. Nguyen and J. Stern, `The two faces of lattices in cryptology’, Lect. Notes in Comp. Sei., Springer-Verlag, Berlin, 2146 (2001), 146–180.MathSciNetGoogle Scholar
  36. 36.
    H. Niederreiter, Random number generation and quasi Monte Carlo methods, SIAM, Philadelphia, 1992.zbMATHGoogle Scholar
  37. 37.
    R. L. Rivest, A. Shamir and D. A. Wagner, `Time-lock puzzles and timed-release crypto’, Preprint, 1996, 1–9.Google Scholar
  38. 38.
    C. P. Schnorr, `A hierarchy of polynomial time basis reduction algorithms’, Theor. Comp. Sci., 53 (1987), 201–224.MathSciNetzbMATHCrossRefGoogle Scholar
  39. 39.
    I. E. Shparlinski, ‘Security of polynomial transformations of the Diffie—Hellman key’, Cryptology ePrint Archive, Report 2000/023, 2000, 1–9.Google Scholar
  40. 40.
    I. E. Shparlinski, `Sparse polynomial approximation in finite fields’, Proc. 33rd ACM Symp. on Theory of Comput., Crete, Greece, July 6–8, 2001, 209–215.Google Scholar
  41. 41.
    I. E. Shparlinski, On the generalised hidden number problem and bit security of XTR’, Lect. Notes in Comp. Sei.,Springer-Verlag, Berlin, 2227 (2001), 268–277.Google Scholar
  42. 42.
    I. E. Shparlinski, `Security of most significant bits of g’ 2 , Inform. Proc. Letters, 83 (2002), 109–113.CrossRefGoogle Scholar
  43. 43.
    P. J. Smith and C. T. Skinner, `A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms’, Lect. Notes in Comp. Sei., Springer-Verlag, Berlin, 917 (1995), 357–364.Google Scholar
  44. 44.
    E. R. Verheul, `Certificates of recoverability with scalable recovery agent security’, Lect. Notes in Comp. Sei., Springer-Verlag, Berlin, 1751 (2000), 258–275.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Igor E. Shparlinski
    • 1
  1. 1.Department of ComputingMacquarie UniversitySydneyAustralia

Personalised recommendations