Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes

Authors:
Dan Boneh;Ramarathnam Venkatesan
Affiliations:
-;-
Venue:
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Year:
1996

Citing 9
Cited 35

On Lova´sz' lattice reduction and the nearest lattice point problem

Combinatorica
A course in number theory and cryptography

A course in number theory and cryptography
A hierarchy of polynomial time lattice basis reduction algorithms

Theoretical Computer Science
RSA and Rabin functions: certain parts are as hard as the whole

SIAM Journal on Computing - Special issue on cryptography
Reconstructing truncated integer variables satisfying linear congruences

SIAM Journal on Computing - Special issue on cryptography
A hard-core predicate for all one-way functions

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Non-Interactive Oblivious Transfer and Spplications

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Generating EIGamal signatures without knowing the secret key

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Relationships among the computational powers of breaking discrete log cryptosystems

EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques

On the Generalised Hidden Number Problem and Bit Security of XTR

AAECC-14 Proceedings of the 14th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
The Hidden Number Problem in Extension Fields and Its Applications

LATIN '02 Proceedings of the 5th Latin American Symposium on Theoretical Informatics
On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Universal Padding Schemes for RSA

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Hidden Number Problem with the Trace and Bit Security of XTR and LUC

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Round-Efficient Conference Key Agreement Protocols with Provable Security

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The Modular Inversion Hidden Number Problem

ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptography 2000±10

Informatics - 10 Years Back. 10 Years Ahead.
A Primitive for Proving the Security of Every Bit and About Universal Hash Functions & Hard Core Bits

FCT '01 Proceedings of the 13th International Symposium on Fundamentals of Computation Theory
On the Bit Security of NTRUEncrypt

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Smooth Orders and Cryptographic Applications

ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
The Two Faces of Lattices in Cryptology

CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Insecurity of Nyberg-Rueppel and Other DSA-Like Signature Schemes with Partially Known Nonces

CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Simplified OAEP for the RSA and Rabin Functions

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Bits Security of the Elliptic Curve Diffie---Hellman Secret Keys

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
The Hidden Root Problem

Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Optimal Randomness Extraction from a Diffie-Hellman Element

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Known---Plaintext---Only Attack on RSA---CRT with Montgomery Multiplication

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
On the bit security of the weak Diffie-Hellman problem

Information Processing Letters
Toward an easy-to-understand structure for achieving chosen ciphertext security from the decisional Diffie-Hellman assumption

ProvSec'10 Proceedings of the 4th international conference on Provable security
Toward compact public key encryption based on CDH assumption via extended twin DH assumption

ProvSec'11 Proceedings of the 5th international conference on Provable security
Spectral norm in learning theory: some selected topics

ALT'06 Proceedings of the 17th international conference on Algorithmic Learning Theory
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Experimenting with faults, lattices and the DSA

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Relationships between diffie-hellman and “index oracles”

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
On the modular inversion hidden number problem

Journal of Symbolic Computation
Secret key leakage from public key perturbation of DLP-Based cryptosystems

Cryptography and Security
Koblitz curve cryptosystems

Finite Fields and Their Applications
Security of polynomial transformations of the Diffie-Hellman key

Finite Fields and Their Applications
Randomness extraction in elliptic curves and secret key derivation at the end of Diffie-Hellman protocol

International Journal of Applied Cryptography
Classical hardness of learning with errors

Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Using bleichenbacher's solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA

CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Limits of a conjecture on a leakage-resilient cryptosystem

Information Processing Letters

Quantified Score

Hi-index	0.00

Visualization

Abstract

We show that computing the most significant bits of the secret key in a Diffie-Hellman key-exchange protocol from the public keys of the participants is as hard as computing the secret key itself. This is done by studying the following hidden number problem: Given an oracle Oα(x) that on input x computes the k most significant bits of α ċ gx mod p, find α modulo p. Our solution can be used to show the hardness of MSB'S in other schemes such s ElGamal's public key system, Shamir's message passing scheme and Okamoto's conference key sharing scheme. Our results lead us to suggest a new variant of Diffie-Hellman key exchange (and other systems), for which we prove the most significant bit is hard to compute.