Skip to main content
Springer Nature Link
Log in

Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes

  • Conference paper
Automata, Languages and Programming (ICALP 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4052))

Included in the following conference series:

  • 6331 Accesses

Abstract

In this paper we introduce very simple deterministic randomness extractors for Diffie-Hellman distributions. More specifically we show that the k most significant bits or the k least significant bits of a random element in a subgroup of \(\mathbb Z^\star_p\) are indistinguishable from a random bit-string of the same length. This allows us to show that under the Decisional Diffie-Hellman assumption we can deterministically derive a uniformly random bit-string from a Diffie-Hellman exchange in the standard model. Then, we show that it can be used in key exchange or encryption scheme to avoid the leftover hash lemma and universal hash functions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bellare, M., Rogaway, P., Abdalla, M.: The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, Springer, Heidelberg (2001)

    Google Scholar 

  2. Bellare, M., Rogaway, P.: Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols. In: Proc. of the 1st CCS, pp. 62–73. ACM Press, New York (1993)

    Google Scholar 

  3. Blake, I.F., Garefalakis, T., Shparlinski, I.E.: On the bit security of the Diffie-Hellman key. Appl. Algebra in Engin., Commun. and Computing 16, 397–404 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  4. Boneh, D.: The Decision Diffie-Hellman Problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  5. Boneh, D., Venkatesan, R.: Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)

    Google Scholar 

  6. Boneh, D., Venkatesan, R.: Rounding in Lattices and its Cryptographic applications. In: Proc. of ACM-SIAM SODA’97, pp. 675–681 (1997)

    Google Scholar 

  7. Bourgain, J., Konyagin, S.V.: Estimates for the Number of Sums and Products and for Exponential Sums Over Subgroups in Fields of Prime Order. Comptes Rendus Mathematiques 337, 75–80 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  8. Canetti, R., Friedlander, J., Konyagin, S., Larsen, M., Lieman, D., Shparlinski, I.: On the Statistical Properties of Diffie-Hellman Distributions. Israel Journal of Mathematics 120, 23–46 (2000)

    MATH  MathSciNet  Google Scholar 

  9. Canetti, R., Friedlander, J., Shparlinski, I.: On Certain Exponential Sums and the Distribution of Diffie-Hellman Triples. Journal of the London Mathematical Society 59(2), 799–812 (1999)

    Article  MathSciNet  Google Scholar 

  10. Carter, L., Wegman, M.: Universal Hash Functions. Journal of Computer and System Sciences 18, 143–154 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  11. Chevassut, O., Fouque, P.A., Gaudry, P., Pointcheval, D.: Key derivation and randomness extraction. In: Cryptology ePrint Archive, Report 2005/061 (2005), http://eprint.iacr.org/

  12. Pointcheval, D., Gaudry, P., Fouque, P.-A., Chevassut, O.: The Twist-AUgmented Technique for Key Exchange. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 410–426. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgard Revisited : How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)

    Google Scholar 

  14. Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer-Verlag, Heidelberg (1998)

    Google Scholar 

  15. Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  16. Håstad, J., Krawczyk, H., Gennaro, R., Rabin, T., Dodis, Y.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)

    Google Scholar 

  17. El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 469–472,, 469–472 (1985)

    Article  MathSciNet  Google Scholar 

  18. Gennaro, R., Krawczyk, H., Rabin, T.: Secure Hashed Diffie-Hellman over Non-DDH Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 361–381. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Goldreich, O., Levin, L.A.: A Hard-Core Predicate for all One-Way Functions. In: Proc. of the 21st STOC, pp. 25–32. ACM Press, New York (1989)

    Google Scholar 

  20. Näslund, M., Shparlinski, I.E., González Vasco, M.I.: New Results on the Hardness of Diffie-Hellman Bits. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 159–172. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  21. Gonzalez Vasco, M.I., Shparlinski, I.E.: On the security of Diffie-Hellman bits. In: Proc. Workshop on Cryptography and Computational Number Theory, Singapore, 1999, pp. 331–342. Birkhäuser, Basel (2001)

    Google Scholar 

  22. Gürel, N.: Extracting bits from coordinates of a point of an elliptic curve. In: Cryptology ePrint Archive, Report 2005/324 (2005), http://eprint.iacr.org/

  23. Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A Pseudorandom Generator from any One-Way Function. SIAM Journal of Computing 28(4), 1364–1396 (1999)

    Article  MATH  Google Scholar 

  24. Heath-Brown, D.R., Konyagin, S.: New bounds for Gauss sums derived from k th powers, and for Heilbronn’s exponential sum. Q. J. Math. 51(2), 221–235 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  25. Impagliazzo, R., Zuckerman, D.: How to recycle random bits. In: Proc. of the 30th FOCS, pp. 248–253. IEEE, New York (1989)

    Google Scholar 

  26. Konyagin, S.V., Shparlinski, I.: Character Sums With Exponential Functions and Their Applications. Cambridge University Press, Cambridge (1999)

    Book  MATH  Google Scholar 

  27. Trevisan, L., Vadhan, S.: Extracting Randomness from Samplable Distributions. In: Proc. of the 41st FOCS, New York, pp. 32–42. IEEE, Los Alamitos (2000)

    Google Scholar 

  28. Korobov, N.M.: The distribution of digits in periodic fractions. Mat. Sb (N.S.) 89(131), 654–670 (1972)

    MathSciNet  Google Scholar 

  29. Patel, S., Sundaram, G.: An Efficient Discrete Log Pseudo Random Generator. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)

    Google Scholar 

  30. Shoup, V.: Lower Bounds for Discrete Logarithms and Related Problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  31. Shoup, V.: Using Hash Functions as a Hedge against Chosen Ciphertext Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  32. Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2005)

    MATH  Google Scholar 

  33. Shoup, V., Schweinberger, T.: ACE: The Advanced Cryptographic Engine. In: Manuscript (March 2000)(Revised August 14, 2000)

    Google Scholar 

  34. van Oorschot, P.C., Wiener, M.J.: On Diffie-Hellman Key Agreement with Short Exponents. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 332–343. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CNRS-École normale supérieure, Paris, France

    Pierre-Alain Fouque, David Pointcheval, Jacques Stern & Sébastien Zimmer

Authors
  1. Pierre-Alain Fouque
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Pointcheval
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jacques Stern
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sébastien Zimmer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università Ca’ Foscari, Venice,  

    Michele Bugliesi

  2. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

  3. ECS, University of Southampton, UK

    Vladimiro Sassone

  4. FB Informatik, LS2, Univ. Dortmund, 44221, Dortmund, Germany

    Ingo Wegener

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fouque, PA., Pointcheval, D., Stern, J., Zimmer, S. (2006). Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_21

Download citation

  • DOI: https://doi.org/10.1007/11787006_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35907-4

  • Online ISBN: 978-3-540-35908-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics