A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
On computing logarithms over finite fields
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
The Decision Diffie-Hellman Problem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
On Exponential Sums and Group Generators for Elliptic Curves over Finite Fields
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
Number-theoretic constructions of efficient pseudo-random functions
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Elliptic Curves: Number Theory and Cryptography
Elliptic Curves: Number Theory and Cryptography
A computational introduction to number theory and algebra
A computational introduction to number theory and algebra
HMAC is a randomness extractor and applications to TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Bits Security of the Elliptic Curve Diffie---Hellman Secret Keys
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
A security analysis of the NIST SP 800-90 elliptic curve random number generator
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Pseudorandom functions and permutations provably secure against related-key attacks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
On randomness extraction in elliptic curves
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Leftover Hash Lemma, revisited
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
International Journal of Applied Cryptography
Efficient, secure, private distance bounding without key updates
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Hi-index | 0.00 |
In this paper, we study a quite simple deterministic randomness extractor from random Diffie-Hellman elements defined over a prime order multiplicative subgroup G of a finite field ${\mathbb Z}_p$ (the truncation), and over a group of points of an elliptic curve (the truncation of the abscissa). Informally speaking, we show that the least significant bits of a random element in $G\subset {\mathbb Z}_p^*$ or of the abscissa of a random point in $\mathcal{E}({\mathbb F}_p)$ are indistinguishable from a uniform bit-string. Such an operation is quite efficient, and is a good randomness extractor, since we show that it can extract nearly the same number of bits as the Leftover Hash Lemma can do for most Elliptic Curve parameters and for large subgroups of finite fields. To this aim, we develop a new technique to bound exponential sums that allows us to double the number of extracted bits compared with previous known results proposed at ICALP'06 by Fouque et al . It can also be used to improve previous bounds proposed by Canetti et al . One of the main application of this extractor is to mathematically prove an assumption proposed at Crypto '07 and used in the security proof of the Elliptic Curve Pseudo Random Generator proposed by the NIST. The second most obvious application is to perform efficient key derivation given Diffie-Hellman elements.