# Bits Security of the Elliptic Curve Diffie-Hellman Secret Keys

@inproceedings{Jetchev2008BitsSO, title={Bits Security of the Elliptic Curve Diffie-Hellman Secret Keys}, author={Dimitar Jetchev and Ramarathnam Venkatesan}, booktitle={CRYPTO}, year={2008} }

We show that the least significant bits (LSB) of the elliptic curve Diffie---Hellman secret keys are hardcore. More precisely, we prove that if one can efficiently predict the LSB with non-negligible advantage on a polynomial fraction of all the curves defined over a given finite field $\mathbb{F}_p$, then with polynomial factor overhead, one can compute the entire Diffie---Hellman secret on a polynomial fraction of all the curves over the same finite field. Our approach is based on random self…

## 15 Citations

### Hardness of Computing Individual Bits for One-Way Functions on Elliptic Curves

- Computer Science, MathematicsCRYPTO
- 2012

It is proved that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then one can invert the function and thus, solve the Fixed Argument Pairing Inversion problem FAPI-1/FAPI-2.

### Optimal Randomness Extraction from a Diffie-Hellman Element

- Mathematics, Computer ScienceEUROCRYPT
- 2009

A new technique to bound exponential sums is developed that allows us to double the number of extracted bits compared with previous known results proposed at ICALP'06 and can be used to improve previous bounds proposed by Canetti et al.

### On the Bit Security of Elliptic Curve Diffie-Hellman

- Computer Science, MathematicsPublic Key Cryptography
- 2017

The paper improves the result for elliptic curves over extension fields, that shows that computing one component (in the ground field) of the Diffie–Hellman key is as hard to compute as the entire key.

### Isogenies of Elliptic Curves: A Computational Approach

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2009

Algorithms for computing isogenies are collected and presented with proofs of correctness and complexity analyses that provide alternate explanations that some with a more concrete or computational bias may find more clear.

### RSA and Elliptic Curve Least Significant Bit Security

- Computer Science, MathematicsLATINCRYPT
- 2014

This work implements two algorithms to invert the Elliptic Curve Diffie-Hellman protocol, identifies critical parameters, and modify the sampling to achieve a significant improvement in running times.

### Rounding Technique's Application in Schnorr Signature Algorithm: Known Partially Most Significant Bits of Nonce

- Computer Science, MathematicsATIS
- 2017

It is proved that if there is an oracle which inputs the random nonce and outputs the most significant bits of nonce, the signature private key will be obtained by choosing \(2 \lceil \log q\rceil\) signature pairs randomly.

### Elliptic Curve Cryptography in Practice

- Computer Science, MathematicsFinancial Cryptography
- 2014

It is found that despite the high stakes of money, access and resources protected by ECC, implementations suffer from vulnerabilities similar to those that plague previous cryptographic systems.

### Hidden Number Problems

- Computer Science, Mathematics
- 2017

The study presented here provides new results on the hardness of extracting partial information about Diffie–Hellman key exchange by designing algorithms that use the partial information to extract the keys.

### Progress in Cryptology - LATINCRYPT 2014

- Computer ScienceLecture Notes in Computer Science
- 2014

Basic genomic algorithms which are commonly used in genetic association studies are taken and shown how they can be made to work on encrypted genotype and phenotype data and provided performance numbers for running these algorithms on encrypted data.

### PRESAGE: PRivacy-preserving gEnetic testing via SoftwAre Guard Extension

- Computer ScienceBMC Medical Genomics
- 2017

The proposed PRESAGE framework provides an alternative solution for secure and efficient genomic data outsourcing in an untrusted cloud by using a hybrid framework that combines secure hardware and multiple crypto protocols.

## References

SHOWING 1-10 OF 36 REFERENCES

### On the Bits of Elliptic Curve Diffie-Hellman Keys

- Mathematics, Computer ScienceINDOCRYPT
- 2007

A small multiplier version of the hidden number problem is introduced, and its properties are used to analyze the security of certain Diffie-Hellman bits and suggest new character sum conjectures that guarantee the uniqueness of solutions to thehidden number problem.

### On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme

- Computer Science, MathematicsCRYPTO
- 2001

If there is an efficient algorithm for predicting the LSB of the x or y coordinate of abG given 〈E, G, aG, bG〉 for a certain family of elliptic curves, then there is a algorithm for computing the Diffie-Hellman function on all curves in this family.

### Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes

- Computer Science, MathematicsCRYPTO
- 1996

We show that computing the most significant bits of the secret key in a Diffie-Hellman key-exchange protocol from the public keys of the participants is as hard as computing the secret key itself.…

### Security of the most significant bits of the Shamir message passing scheme

- Computer Science, MathematicsMath. Comput.
- 2000

For the Diffie-Hellman cryptosystem the result of Boneh and Venkatesan has been corrected and generalized and a similar analysis is given for the Shamir message passing scheme, where the results depend on some bounds of exponential sums.

### The Dark Side of the Hidden Number Problem: Lattice Attacks on DSA

- Computer Science, Mathematics
- 2001

The hidden number problem is an idealized version of the problem which HowgraveGraham and Smart recently tried to solve heuristically in their (lattice-based) attacks on DSA and related signature schemes: given a few bits of the random nonces k used in sufficiently many DSA signatures, recover the secret key.

### A hidden number problem in small subgroups

- Mathematics, Computer ScienceMath. Comput.
- 2003

A new modification in the scheme which amplifies the uniformity of distribution of the multipliers t is introduced and this result is extended to subgroups of order at least (log p)/(log log p) 1-e for all primes p, giving applications to the bit security of the Diffie-Hellman secret key.

### The Insecurity of the Digital Signature Algorithm with Partially Known Nonces

- Computer Science, MathematicsJournal of Cryptology
- 2002

A polynomial-time algorithm that provably recovers the signer's secret DSA key when a few consecutive bits of the random nonces k are known for a number of DSA signatures at most linear in log q, under a reasonable assumption on the hash function used in DSA.

### Applied Algebra, Algebraic Algorithms and Error-Correcting Codes

- Computer Science, MathematicsLecture Notes in Computer Science
- 2009

This work discusses the construction of Authentication/Secrecy Codes, performance analysis of M-PSK Signal Constellations in Riemannian Varieties, and fast Decomposition of Polynomials with Known Galois Group.

### Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log?

- Mathematics, Computer ScienceASIACRYPT
- 2005

It is proved that the common cryptographic practice of selecting elliptic curves using their order as the primary criterion is essentially true, by showing polynomial time random reducibility of dlog among such curves, assuming the Generalized Riemann Hypothesis (GRH).

### Hidden number problem with hidden multipliers, timed-release crypto, and noisy exponentiation

- Mathematics, Computer ScienceMath. Comput.
- 2003

A probabilistic polynomial time solution for the hidden number problem recently introduced by Boneh and Venkatesan is presented, and it is shown that the problem cannot be solved if the error is sufficiently large.