Bits Security of the Elliptic Curve Diffie---Hellman Secret Keys

Authors:
Dimitar Jetchev;Ramarathnam Venkatesan
Affiliations:
Dept. of Mathematics, University of California at Berkeley, Berkeley, CA 94720;Microsoft Research, One Microsoft Way, Redmond, WA 98052 and Microsoft Research India Private Limited, "Scientia", Bangalore, India 560080
Venue:
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Year:
2008

Citing 10
Cited 1

Handbook of Applied Cryptography

Handbook of Applied Cryptography
On the Generalised Hidden Number Problem and Bit Security of XTR

AAECC-14 Proceedings of the 14th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Extending the GHS Weil Descent Attack

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Isogeny Volcanoes and the SEA Algorithm

ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
Security of the most significant bits of the Shamir message passing scheme

Mathematics of Computation
Hidden number problem with hidden multipliers, timed-release crypto, and noisy exponentiation

Mathematics of Computation
The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces

Designs, Codes and Cryptography
Do all elliptic curves of the same order have the same difficulty of discrete log?

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security

Optimal Randomness Extraction from a Diffie-Hellman Element

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

We show that the least significant bits (LSB) of the elliptic curve Diffie---Hellman secret keys are hardcore. More precisely, we prove that if one can efficiently predict the LSB with non-negligible advantage on a polynomial fraction of all the curves defined over a given finite field $\mathbb{F}_p$, then with polynomial factor overhead, one can compute the entire Diffie---Hellman secret on a polynomial fraction of all the curves over the same finite field. Our approach is based on random self-reducibility (assuming GRH) of the Diffie---Hellman problem among elliptic curves of the same order. As a part of the argument, we prove a refinement of H. W. Lenstra's lower bounds on the sizes of the isogeny classes of elliptic curves, which may be of independent interest.