How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
Simultaneous security of bits in the discrete log
Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85
The discrete logarithm hides O(log n) bits
SIAM Journal on Computing - Special issue on cryptography
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Reducing risks from poorly chosen keys
SOSP '89 Proceedings of the twelfth ACM symposium on Operating systems principles
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Computerized patient information system in a psychiatric unit: five-year experience
Journal of Medical Systems
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
An Improved Pseudo-random Generator Based on Discrete Log
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Session-Key Generation Using Human Passwords Only
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
All Bits ax+b mod p are Hard (Extended Abstract)
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
An Efficient Discrete Log Pseudo Random Generator
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Password-Authenticated Key Exchange Based on RSA
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The Security of Individual RSA Bits
FOCS '98 Proceedings of the 39th Annual Symposium on Foundations of Computer Science
The Security of Individual RSA Bits
FOCS '98 Proceedings of the 39th Annual Symposium on Foundations of Computer Science
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
On diffie-hellman key agreement with short exponents
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Universal hash functions & hard core bits
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
How to turn loaded dice into fair coins
IEEE Transactions on Information Theory
Another look at “provable security”. II
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Fair exchange of short signatures without trusted third party
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
| Hi-index | 0.00 |
Assuming the intractability of solving the discrete logarithm with short exponent problem, it was recently shown that the trailing n–ω(log n) bits of the discrete logarithm modulo an n-bit safe prime p are simultaneously hard. However, the question of hardness of the leading bits was left open. In this paper we show that the leading n–ω(log n) bits are also simultaneously hard, or equivalently that the distribution of $g^s \bmod p$, where g is a generator of $\mathbb{Z}^*_{p}$ and s is a uniformly chosen short exponent of ω(log n) bits, is indistinguishable from the uniform distribution on $\mathbb{Z}^*_{p}$. We further show that this result implies the security of a short exponent version of PAK, a password-authenticated key exchange protocol that protects against offline dictionary attacks.