Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes
نویسندگان
چکیده
Abstract. In this paper we introduce very simple deterministic randomness extractors for Diffie-Hellman distributions. More specifically we show that the k most significant bits or the k least significant bits of a random element in a subgroup of Zp are indistinguishable from a random bit-string of the same length. This allows us to show that under the Decisional Diffie-Hellman assumption we can deterministically derive a uniformly random bit-string from a Diffie-Hellman exchange in the standard model. Then, we show that it can be used in key exchange or encryption scheme to avoid the leftover hash lemma and universal hash functions.
منابع مشابه
Bits Security of the Elliptic Curve Diffie-Hellman Secret Keys
We show that the least significant bits (LSB) of the elliptic curve Diffie–Hellman secret keys are hardcore. More precisely, we prove that if one can efficiently predict the LSB with non-negligible advantage on a polynomial fraction of all the curves defined over a given finite field Fp, then with polynomial factor overhead, one can compute the entire Diffie–Hellman secret on a polynomial fract...
متن کاملHardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes
We show that computing the most signi cant bits of the secret key in a Di e-Hellman keyexchange protocol from the public keys of the participants is as hard as computing the secret key itself. This is done by studying the following hidden number problem: Given an oracle O ; (x) that on input x computes the k most signi cant bits of g + mod p, nd ; mod p. We present many other applications of th...
متن کاملEstablishment of conference keys in heterogeneous networks
In order to secure communication amongst members of a conference, a secret shared by all group members must be established. The Diffie-Hellman problem is often the basis for generating keys in two-party communication, and can also be used to establish conference keys. In heterogeneous networks, many conferences have participants of varying computational power and resources. Most conference keyi...
متن کاملOn the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme
Let E/Fp be an elliptic curve, and G ∈ E/Fp. Define the Diffie–Hellman function as DHE,G(aG, bG) = abG. We show that if there is an efficient algorithm for predicting the LSB of the x or y coordinate of abG given 〈E, G, aG, bG〉 for a certain family of elliptic curves, then there is an algorithm for computing the Diffie–Hellman function on all curves in this family. This seems stronger than the ...
متن کاملCircular-Secure Encryption Beyond Affine Functions
We show that for any constant d ∈ N, there exists a public-key encryption scheme that can securely encrypt any function f of its own secret-key, assuming f can be expressed as a polynomial of total degree-d. Such a scheme is said to be key-dependent message (KDM) secure w.r.t. degree-d polynomials. We also show that there exists a public-key encryption scheme that is KDM secure w.r.t. all Turin...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006