Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes

@inproceedings{Boneh1996HardnessOC,
  title={Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes},
  author={D. Boneh and R. Venkatesan},
  booktitle={CRYPTO},
  year={1996}
}
We show that computing the most significant bits of the secret key in a Diffie-Hellman key-exchange protocol from the public keys of the participants is as hard as computing the secret key itself. This is done by studying the following hidden number problem: Given an oracle Oα(x) that on input x computes the k most significant bits of α ċ gx mod p, find α modulo p. Our solution can be used to show the hardness of MSB'S in other schemes such s ElGamal's public key system, Shamir's message… Expand
268 Citations
The Security of All Private-key Bits in Isogeny-based Schemes
  • Barak Shani
  • Mathematics, Computer Science
  • IACR Cryptol. ePrint Arch.
  • 2019
  • Highly Influenced
  • PDF
Hardness of Distinguishing the MSB or LSB of Secret Keys in Diffie-Hellman Schemes
  • 18
  • PDF
Bits Security of the Elliptic Curve Diffie-Hellman Secret Keys
  • 14
  • PDF
Security of polynomial transformations of the Diffie-Hellman key
  • I. Shparlinski
  • Mathematics, Computer Science
  • Finite Fields Their Appl.
  • 2004
  • 13
  • Highly Influenced
  • PDF
Polynomial analysis of DH secrete key and bit security
  • 1
On the Bits of Elliptic Curve Diffie-Hellman Keys
  • 13
  • PDF
On the bit security of the Diffie-Hellman key
  • 6
  • Highly Influenced
  • PDF
The Security of Polynomial Information of Diffie-Hellman Key
  • 1
Security of the most significant bits of the Shamir message passing scheme
  • 28
  • Highly Influenced
  • PDF
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 24 REFERENCES
Relationships Among the Computational Powers of Breaking Discrete Log Cryptosystems
  • 29
  • PDF
Finding a Small Root of a Univariate Modular Equation
  • 309
  • PDF
How to generate cryptographically strong sequences of pseudo random bits
  • M. Blum, S. Micali
  • Mathematics, Computer Science
  • 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982)
  • 1982
  • 1,308
  • PDF
A public key cryptosystem and a signature scheme based on discrete logarithms
  • 2,885
  • PDF
How to Generate Cryptographically Strong Sequences of Pseudo Random Bits
  • 129
A hard-core predicate for all one-way functions
  • 1,162
Reconstructing Truncated Integer Variables Satisfying Linear Congruences
  • 107
Generating EIGamal Signatures Without Knowing the Secret Key
  • 65
  • PDF
The Discrete Logarithm Hides O(log n) Bits
  • 56
  • PDF
RSA and Rabin Functions: Certain Parts are as Hard as the Whole
  • 323
...
1
2
3
...