On the bit security of the Diffie-Hellman key

Authors:
Ian F. Blake;Theo Garefalakis;Igor E. Shparlinski
Affiliations:
Department of Electrical and Computer Engineering, University of Toronto, M5S 3G4, Toronto, ON, Canada;Department of Mathematics, University of Crete, Heraklion, 71409, Crete, ON, Greece;Department of Computing, Macquarie University, Heraklion, 2109, Sydney, NSW, Australia
Venue:
Applicable Algebra in Engineering, Communication and Computing
Year:
2006

Citing 0
Cited 1

Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II

Quantified Score

Hi-index	0.01

Visualization

Abstract

Let ** p be a finite field of p elements, where p is prime. The bit security of the Diffie-Hellman function over subgroups of ** *p and of an elliptic curve over ** p, is considered. It is shown that if the Decision Diffie-Hellman problem is hard in these groups, then the two most significant bits of the Diffie-Hellman function are secure. Under the weaker assumption of the computational (rather than decisional) hardness of the Diffie-Hellman problems, only about (log p)1/2 bits are known to be secure.