Distribution of Modular Sums and the Security of the Server Aided Exponentiation

We obtain some uniformity of distribution results for the values of modular sums of the form n X j=1 ajxj (mod M) (x1; : : : ; xn) 2 B where M 1 is an integer, a1; : : : ; an are elements of the residue ring modulo M , selected unformly at random, and B is an arbitrary set of n-dimensional integer vectors. In some partial cases, for very special sets B, some results of this kind have been known, however our estimates are more precise and more general. Our technique is based on fairly simple properties of exponential sums. We also give cryptographic applications of some of these results. In particular, we consider an extension of a pseudo-random number generator due to V. Boyko, M. Peinado and R. Venkatesan, and establish the security of some discrete logarithm based signature schemes making use of this generator (in both its original and extended forms). One of these schemes, which uses precomputation is well known. The other scheme which uses server aided computation, seems to be new. We show that for a certain choice of parameters one can guarantee an essential speed-up of both of these schemes without compromising the security (compared to the traditional discrete logarithm based signature scheme).