On using RSA with low exponent in a public key network
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Computation of discrete logarithms in prime fields
Designs, Codes and Cryptography
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Comparison of three modular reduction functions
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Parallel collision search with application to hash functions and discrete logarithms
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Discrete-Log With Compressible Exponents
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Algorithms
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A note on discrete logarithms with special structure
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Strong password-only authenticated key exchange
ACM SIGCOMM Computer Communication Review
Proceedings of the 4th ACM conference on Computer and communications security
Designs, Codes and Cryptography - Special issue on towards a quarter-century of public key cryptography
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
A Signature Scheme Based on the Intractability of Computing Roots
Designs, Codes and Cryptography
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A Study on the Proposed Korean Digital Signature Algorithm
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Cryptoanalysis in Prime Order Subgroups of Z*n
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Why Textbook ElGamal and RSA Encryption Are Insecure
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Fast Irreducibility and Subgroup Membership Testing in XTR
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Pseudo-random Number Generation on the IBM 4758 Secure Crypto Coprocessor
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Extended Password Key Exchange Protocols Immune to Dictionary Attacks
WET-ICE '97 Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Security analysis of a password-based authentication protocol proposed to IEEE 1363
Theoretical Computer Science
Efficient and secure self-escrowed public-key infrastructures
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
An Efficient On-Line/Off-Line Signature Scheme without Random Oracles
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Efficient zero-knowledge identification schemes which respect privacy
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Improved Generic Algorithms for 3-Collisions
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
An improvement of VeriSign's key roaming service protocol
ICWE'03 Proceedings of the 2003 international conference on Web engineering
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
DNCOCO'06 Proceedings of the 5th WSEAS international conference on Data networks, communications and computers
J-PAKE: authenticated key exchange without PKI
Transactions on computational science XI
Password authenticated key exchange by juggling
Security'08 Proceedings of the 16th International conference on Security protocols
Authenticated key agreement without subgroup element verification
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and its Applications - Volume Part I
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
An improved fingerprint-based remote user authentication scheme using smart cards
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
Hard bits of the discrete log with applications to password authentication
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Password-Based user authentication protocol for mobile environment
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Using equivalence classes to accelerate solving the discrete logarithm problem in a short interval
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Cryptanalysis of an efficient proof of knowledge of discrete logarithm
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Concrete chosen-ciphertext secure encryption from subgroup membership problems
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Tightly-Secure signatures from lossy identification schemes
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Toward real-life implementation of signature schemes from the strong RSA assumption
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
| Hi-index | 0.01 |
The difficulty of computing discrete logarithms known to be "short" is examined, motivated by recent practical interest in using Diffie-Hellman key agreement with short exponents (e.g. over Zp, with 160-bit exponents and 1024-bit primes p). A new divide-and-conquer algorithm for discrete logarithms is presented, combining Pollard's lambda method with a partial Pohlig-Hellman decomposition. For random Diffie-Hellman primes p, examination reveals this partial decomposition itself allows recovery of short exponents in many cases, while the new technique dramatically extends the range. Use of subgroups of large prime order precludes the attack at essentially no cost, and is the recommended solution. Using safe primes also precludes this particular attack and allows improved exponentiation performance, although parameter generation costs are dramatically higher.