Bits Security of the Elliptic Curve Diffie-Hellman Secret Keys

@inproceedings{Jetchev2008BitsSO,
  title={Bits Security of the Elliptic Curve Diffie-Hellman Secret Keys},
  author={Dimitar Jetchev and Ramarathnam Venkatesan},
  booktitle={CRYPTO},
  year={2008}
}
We show that the least significant bits (LSB) of the elliptic curve Diffie---Hellman secret keys are hardcore. More precisely, we prove that if one can efficiently predict the LSB with non-negligible advantage on a polynomial fraction of all the curves defined over a given finite field $\mathbb{F}_p$, then with polynomial factor overhead, one can compute the entire Diffie---Hellman secret on a polynomial fraction of all the curves over the same finite field. Our approach is based on random self… 

Hardness of Computing Individual Bits for One-Way Functions on Elliptic Curves

TLDR
It is proved that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then one can invert the function and thus, solve the Fixed Argument Pairing Inversion problem FAPI-1/FAPI-2.

Optimal Randomness Extraction from a Diffie-Hellman Element

TLDR
A new technique to bound exponential sums is developed that allows us to double the number of extracted bits compared with previous known results proposed at ICALP'06 and can be used to improve previous bounds proposed by Canetti et al.

On the Bit Security of Elliptic Curve Diffie-Hellman

  • Barak Shani
  • Computer Science, Mathematics
    Public Key Cryptography
  • 2017
TLDR
The paper improves the result for elliptic curves over extension fields, that shows that computing one component (in the ground field) of the Diffie–Hellman key is as hard to compute as the entire key.

Isogenies of Elliptic Curves: A Computational Approach

  • D. Shumow
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2009
TLDR
Algorithms for computing isogenies are collected and presented with proofs of correctness and complexity analyses that provide alternate explanations that some with a more concrete or computational bias may find more clear.

RSA and Elliptic Curve Least Significant Bit Security

TLDR
This work implements two algorithms to invert the Elliptic Curve Diffie-Hellman protocol, identifies critical parameters, and modify the sampling to achieve a significant improvement in running times.

Rounding Technique's Application in Schnorr Signature Algorithm: Known Partially Most Significant Bits of Nonce

TLDR
It is proved that if there is an oracle which inputs the random nonce and outputs the most significant bits of nonce, the signature private key will be obtained by choosing \(2 \lceil \log q\rceil\) signature pairs randomly.

Elliptic Curve Cryptography in Practice

TLDR
It is found that despite the high stakes of money, access and resources protected by ECC, implementations suffer from vulnerabilities similar to those that plague previous cryptographic systems.

Hidden Number Problems

TLDR
The study presented here provides new results on the hardness of extracting partial information about Diffie–Hellman key exchange by designing algorithms that use the partial information to extract the keys.

Progress in Cryptology - LATINCRYPT 2014

TLDR
Basic genomic algorithms which are commonly used in genetic association studies are taken and shown how they can be made to work on encrypted genotype and phenotype data and provided performance numbers for running these algorithms on encrypted data.

PRESAGE: PRivacy-preserving gEnetic testing via SoftwAre Guard Extension

TLDR
The proposed PRESAGE framework provides an alternative solution for secure and efficient genomic data outsourcing in an untrusted cloud by using a hybrid framework that combines secure hardware and multiple crypto protocols.

References

SHOWING 1-10 OF 36 REFERENCES

On the Bits of Elliptic Curve Diffie-Hellman Keys

TLDR
A small multiplier version of the hidden number problem is introduced, and its properties are used to analyze the security of certain Diffie-Hellman bits and suggest new character sum conjectures that guarantee the uniqueness of solutions to thehidden number problem.

On the Unpredictability of Bits of the Elliptic Curve Diffie--Hellman Scheme

TLDR
If there is an efficient algorithm for predicting the LSB of the x or y coordinate of abG given 〈E, G, aG, bG〉 for a certain family of elliptic curves, then there is a algorithm for computing the Diffie-Hellman function on all curves in this family.

Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes

We show that computing the most significant bits of the secret key in a Diffie-Hellman key-exchange protocol from the public keys of the participants is as hard as computing the secret key itself.

Security of the most significant bits of the Shamir message passing scheme

TLDR
For the Diffie-Hellman cryptosystem the result of Boneh and Venkatesan has been corrected and generalized and a similar analysis is given for the Shamir message passing scheme, where the results depend on some bounds of exponential sums.

The Dark Side of the Hidden Number Problem: Lattice Attacks on DSA

TLDR
The hidden number problem is an idealized version of the problem which HowgraveGraham and Smart recently tried to solve heuristically in their (lattice-based) attacks on DSA and related signature schemes: given a few bits of the random nonces k used in sufficiently many DSA signatures, recover the secret key.

A hidden number problem in small subgroups

TLDR
A new modification in the scheme which amplifies the uniformity of distribution of the multipliers t is introduced and this result is extended to subgroups of order at least (log p)/(log log p) 1-e for all primes p, giving applications to the bit security of the Diffie-Hellman secret key.

The Insecurity of the Digital Signature Algorithm with Partially Known Nonces

TLDR
A polynomial-time algorithm that provably recovers the signer's secret DSA key when a few consecutive bits of the random nonces k are known for a number of DSA signatures at most linear in log q, under a reasonable assumption on the hash function used in DSA.

Applied Algebra, Algebraic Algorithms and Error-Correcting Codes

TLDR
This work discusses the construction of Authentication/Secrecy Codes, performance analysis of M-PSK Signal Constellations in Riemannian Varieties, and fast Decomposition of Polynomials with Known Galois Group.

Do All Elliptic Curves of the Same Order Have the Same Difficulty of Discrete Log?

TLDR
It is proved that the common cryptographic practice of selecting elliptic curves using their order as the primary criterion is essentially true, by showing polynomial time random reducibility of dlog among such curves, assuming the Generalized Riemann Hypothesis (GRH).

Hidden number problem with hidden multipliers, timed-release crypto, and noisy exponentiation

TLDR
A probabilistic polynomial time solution for the hidden number problem recently introduced by Boneh and Venkatesan is presented, and it is shown that the problem cannot be solved if the error is sufficiently large.