RSA and Rabin functions: certain parts are as hard as the whole
SIAM Journal on Computing - Special issue on cryptography
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Random number generation and quasi-Monte Carlo methods
Random number generation and quasi-Monte Carlo methods
Elliptic curves in cryptography
Elliptic curves in cryptography
Sparse polynomial approximation in finite fields
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Cryptography: Theory and Practice
Cryptography: Theory and Practice
Handbook of Applied Cryptography
Handbook of Applied Cryptography
On the Generalised Hidden Number Problem and Bit Security of XTR
AAECC-14 Proceedings of the 14th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
All Bits ax+b mod p are Hard (Extended Abstract)
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
The Decision Diffie-Hellman Problem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
Security of the most significant bits of the Shamir message passing scheme
Mathematics of Computation
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
The Modular Inversion Hidden Number Problem
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the Bit Security of NTRUEncrypt
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Bits Security of the Elliptic Curve Diffie---Hellman Secret Keys
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Optimal Randomness Extraction from a Diffie-Hellman Element
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
ProvSec'10 Proceedings of the 4th international conference on Provable security
Toward compact public key encryption based on CDH assumption via extended twin DH assumption
ProvSec'11 Proceedings of the 5th international conference on Provable security
| Hi-index | 0.00 |
Let E/Fp be an elliptic curve, and G ∈ E/Fp. Define the Diffie-Hellman function as DHE,G(aG, bG) = abG. We show that if there is an efficient algorithm for predicting the LSB of the x or y coordinate of abG given 〈E, G, aG, bG〉 for a certain family of elliptic curves, then there is an algorithm for computing the Diffie-Hellman function on all curves in this family. This seems stronger than the best analogous results for the Diffie-Hellman function in F*p. Boneh and Venkatesan showed that in F*p computing approximately (log p)1/2 of the bits of the Diffie-Hellman secret is as hard as computing the entire secret. Our results show that just predicting one bit of the Elliptic Curve Diffie-Hellman secret in a family of curves is as hard as computing the entire secret.