Abstract
We consider a certain generalization of the hidden number problem introduced by Boneh and Venkatesan in 1996. Considering the XTR variation of Diffie-Hellman, we apply our results to show security of the log1/2 p most significant bits of the secret, in analogy to the results known for the classical Diffie-Hellman scheme. Our method is based on bounds of exponential sums which were introduced by Deligne in 1977. We proceed to show that the results are also applicable to the LUC scheme. Here, assuming the LUC function is one-way, we can in addition show that each single bit of the argument is a hard-core bit.
Supported in part by NSF grant DMS 997-0651.
Part of work done while visiting Macquarie University.
Supported in part by ARC grant A69700294.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Ajtai, R. Kumar and D. Sivakumar, A sieve algorithm for the shortest lattice vector problem, Proc. 33rd ACM Symp. on Theory of Comput., Crete, Greece, July 6–8, 2001, 601–610.
D. Bleichenbacher, W. Bosma and A. K. Lenstra, Some remarks on Lucas-based Cryptograph, Lect. Notes in Comp. Sci., Springer-Verlag, 963 (1995), 386–396.
M. Blum and S. Micali, How to Generate Cryptographically Strong Sequences of Pseudo-random Bits, SIAM J. on Computing, 13(4), 850–864, 1984.
D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes, Lect. Notes in Comp. Sci., Springer-Verlag, 1109 (1996), 129–142.
D. Boneh and R. Venkatesan, Rounding in lattices and its cryptographic applications, Proc. 8th Annual ACM-SIAM Symp. on Discr. Algorithms, ACM, NY, 1997, 675–681.
A. E. Brouwer, R. Pellikaan and E. R. Verheul, Doing more with fewer bits, Lect. Notes in Comp. Sci., Springer-Verlag, 1716 (1999), 321–332.
R. Canetti, J. B. Friedlander, S. Konyagin, M. Larsen, D. Lieman and I. E. Shparlinski, On the statistical properties of Diffie-Hellman distributions, Israel J. Math., 120 (2000), 23–46.
P. Deligne, Cohomologie 'etale (SGA 41/2 ), Lect. Notes in Math., Springer-Verlag, 569 (1977).
E. El Mahassni, P. Q. Nguyen and I. E. Shparlinski, The insecurity of Nyberg-Rueppel and other DSA-like signature schemes with partially known nonces, Lect. Notes in Comp. Sci., Springer-Verlag, 2146 (2001), 97–109.
J. B. Friedlander, M. Larsen, D. Lieman and I. E. Shparlinski, On correlation of binary M-sequences, Designs, Codes and Cryptography, 16 (1999), 249–256.
M. I. González Vasco and I. E. Shparlinski, On the security of Diffie-Hellman bits, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, Birkhäuser, 2001, 257–268.
M. I. González Vasco and I. E. Shparlinski, Security of the most significant bits of the Shamir message passing scheme, Math. Comp., 71 (2002), 333–342.
J. Høastad and M. Näslund, The Security of all RSA and discrete log bits, Electronic Colloquium on Computational Complexity, Report TR99-037, 1999. (To appear in Jorunal of the ACM)
N. A. Howgrave-Graham and N. P. Smart, Lattice attacks on digital signature schemes, Designs, Codes and Cryptography, 23 (2001), 283–290.
R. Kannan, Algorithmic geometry of numbers, Annual Review of Comp. Sci., 2 (1987), 231–267.
R. Kannan, Minkowski’s convex body theorem and integer programming, Math. of Oper. Research, 12 (1987), 231–267.
N. M. Katz, Gauss sums, Kloosterman sums, and monodromy groups, Ann. of Math. Studies, 116, Princeton Univ. Press, 1988.
N. Koblitz, Elliptic curve cryptosystems, Math. Comp., 48, 203–209, 1987.
S. V. Konyagin and I. E. Shparlinski, Character sums with exponential functions and their applications, Cambridge Univ. Press, Cambridge, 1999.
A. K. Lenstra Unbelievable security. Matching AES security using public key systems, Lect. Notes in Comp. Sci., Springer-Verlag, 2248 (2001), 67–86.
A. K. Lenstra, H. W. Lenstra and L. Lovász, Factoring polynomials with rational coefficients, Mathematische Annalen, 261 (1982), 515–534.
A. K. Lenstra and M. Stam, Speeding up XTR, Lect. Notes in Comp. Sci., Springer-Verlag, 2248 (2001), pp. 125–143.
A. K. Lenstra and E. R. Verheul, The XTR public key system, Lect. Notes in Comp. Sci., Springer-Verlag, 1880 (2000), 1–19.
A. K. Lenstra and E. R. Verheul, Key improvements to XTR, Lect. Notes in Comp. Sci., Springer-Verlag, 1976 (2000), 220–233.
A. K. Lenstra and E. R. Verheul, An overview of the XTR public key system, Proc. the Conf. on Public Key Cryptography and Computational Number Theory, Warsaw 2000, Walter de Gruyter, 2001, 151–180.
W.-C. W. Li, Character sums and abelian Ramanujan graphs, J. Number Theory, 41 (1992), 199–217.
W.-C. W. Li, Number theory with applications, World Scientific, Singapore, 1996.
R. Lidl and H. Niederreiter, Finite fields, Cambridge University Press, Cambridge, 1997.
D. L. Long and A. Wigderson, The discrete log hides O(log n) bits, SIAM J. on Computing, 17(2):413–420, 1988.
D. Micciancio, On the hardness of the shortest vector problem, PhD Thesis, MIT, 1998.
V. Miller, Uses of elliptic curves in cryptography, Lect. Notes in Comp. Sci., Springer-Verlag, 218 (1986), 417–426.
P. Q. Nguyen, The dark side of the Hidden Number Problem: Lattice attacks on DSA, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, Birkhäuser, 2001, 321–330.
P. Q. Nguyen and I. E. Shparlinski, The insecurity of the Digital Signature Algorithm with partially known nonces, J. Cryptology, (to appear).
P. Q. Nguyen and I. E. Shparlinski, The insecurity of the elliptic curve Digital Signature Algorithm with partially known nonces, Designs, Codes and Cryptography, (to appear).
P. Q. Nguyen and J. Stern, Lattice reduction in cryptology: An update, Lect. Notes in Comp. Sci., Springer-Verlag, 1838 (2000), 85–112.
P. Q. Nguyen and J. Stern, The two faces of lattices in cryptology, Springer-Verlag, 2146 (2001), 146–180.
H. Niederreiter, Random number generation and Quasi-Monte Carlo methods, SIAM Press, 1992.
R. Peralta, Simultaneous security of bits in the discrete log, Lect. Notes in Comp. Sci., Springer-Verlag, 219 (1986), 62–72.
S. C. Pohlig and M. Hellman, An improved algorithm for computing logarithms over GF(p), IEEE Transactions on Information Theory, IT-24 (1):106–110, 1978.
K. Prachar, Primzahlverteilung, Springer-Verlag, 1957.
C. P. Schnorr, A hierarchy of polynomial time basis reduction algorithms, Theor. Comp. Sci., 53 (1987), 201–224.
C. P. Schnorr, Security of almost all discrete log bits, Electronic Colloquium on Computational Complexity, Report TR98-033, 1998.
I. E. Shparlinski, Security of polynomial transformations of the Diffie-Hellman key, Preprint, 2000, 1–8.
I. E. Shparlinski, Sparse polynomial approximation in finite fields, Proc. 33rd ACM Symp. on Theory of Comput., Crete, Greece, July 6–8, 2001, 209–215.
I. E. Shparlinski, On the generalised hidden number problem and bit security of XTR, Lect. Notes in Comp. Sci., Springer-Verlag, 2227 (2001), 268–277.
A. W. Schrift and A. Shamir, On the universality of the next bit test, Lect. Notes in Comp. Sci., Springer-Verlag, 537 (1990), 394–408.
P. J. Smith and C. T. Skinner, A public-key cryptosystem and a digital signature system based on the Lucas function analogue to discrete logarithms, Lect. Notes in Comp. Sci., Springer-Verlag, 917 (1995), 357–364.
E. R. Verheul, Certificates of recoverability with scalable recovery agent security, Lect. Notes in Comp. Sci., Springer-Verlag, 1751 (2000), 258–275.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, WC.W., Näslund, M., Shparlinski, I.E. (2002). Hidden Number Problem with the Trace and Bit Security of XTR and LUC. In: Yung, M. (eds) Advances in Cryptology — CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science, vol 2442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45708-9_28
Download citation
DOI: https://doi.org/10.1007/3-540-45708-9_28
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44050-5
Online ISBN: 978-3-540-45708-4
eBook Packages: Springer Book Archive