Abstract
We show that the least significant bits (LSB) of the elliptic curve Diffie–Hellman secret keys are hardcore. More precisely, we prove that if one can efficiently predict the LSB with non-negligible advantage on a polynomial fraction of all the curves defined over a given finite field \(\mathbb{F}_p\), then with polynomial factor overhead, one can compute the entire Diffie–Hellman secret on a polynomial fraction of all the curves over the same finite field. Our approach is based on random self-reducibility (assuming GRH) of the Diffie–Hellman problem among elliptic curves of the same order. As a part of the argument, we prove a refinement of H. W. Lenstra’s lower bounds on the sizes of the isogeny classes of elliptic curves, which may be of independent interest.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Boneh, D., Shparlinski, I.: On the unpredictability of bits of elliptic curve Diffie-Hellman scheme. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 201–212. Springer, Heidelberg (2001)
Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)
Cohen, H., Frey, G. (eds.): Handbook of elliptic and hyperelliptic curve cryptography, Theory and Practice (2005)
Deuring, M.: Die Typen der Multiplikatorenringe elliptischer Funktionenkörpen, vol. 14, pp. 197–272. Abh. Math. Sem. Hansischen Univ (1941)
Fouquet, M., Morain, F.: Isogeny volcanoes and the SEA algorithm. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 276–291. Springer, Heidelberg (2002)
Galbraith, S.D.: Constructing isogenies between elliptic curves over finite fields. LMS J. Comput. Math. 2, 118–138 (1999) (electronic)
Galbraith, S.D., Hess, F., Smart, N.P.: Extending the GHS Weil descent attack. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 29–44. Springer, Heidelberg (2002)
Gonzalez Vasco, M.I., Shparlinski, I.: Security of the most significant bits of the Shamir message passing scheme. Math. Comput. 71(237), 333–342 (2002)
Gross, B.H.: Heights and the special values of L-series, Number theory (Montreal, Que., 1985). In: CMS Conf. Proc., vol. 7, pp. 115–187. Amer. Math. Soc., Providence (1987)
Howgrave-Graham, N., Nguyen, P.Q., Shparlinski, I.: Hidden number problem with hidden multipliers, timed-release crypto, and noisy exponentiation. Math. Comput. 72(243), 1473–1485 (2003)
Ihara, Y.: Discrete subgroups of \({\rm PL}(2,\,k\sb{\wp })\), Algebraic Groups and Discontinuous Subgroups. In: Proc. Sympos. Pure Math., Boulder, Colo., 1965, vol. IX, pp. 272–278. Amer. Math. Soc., Providence (1966)
Jao, D., Jetchev, D., Venkatesan, R.: On the security of certain partial Diffie–Hellman secrets. In: Srinathan, K., Pandu Rangan, C., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859. Springer, Heidelberg (2007)
Jao, D., Miller, S.D., Venkatesan, R.: Do all elliptic curves of the same order have the same difficulty of discrete log? In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 21–40. Springer, Heidelberg (2005)
Kohel, D.: Endomorphism rings of elliptic curves over finite fields. University of California, Berkeley, Ph.D. thesis (1996)
Lenstra, H.W.: Factoring integers with elliptic curves. Ann. of Math 126(2), 649–673 (1987)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Inc., Boca Raton (1996)
Mestre, J.-F.: La méthode des graphes. Exemples et applications. In: Proceedings of the international conference on class numbers and fundamental units of algebraic number fields (Katata), pp. 217–242 (1986)
Nguyen, P.Q.: The dark side of the hidden number problem: Lattice attacks on DSA. In: Proc. Workshop on Cryptography and Computational Number Theory, pp. 321–330 (2001)
Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptology 15(3), 151–176 (2002)
Nguyen, P.Q., Shparlinski, I.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptography 30(2), 201–217 (2003)
Pizer, A.K.: Ramanujan graphs and Hecke operators. Bull. Amer. Math. Soc (N.S.) 23(1), 127–137 (1990)
Pizer, A.K.: Ramanujan graphs, Computational perspectives on number theory (Chicago, IL, 1995). In: AMS/IP Stud. Adv. Math., vol. 7, pp. 159–178. Amer. Math. Soc., Providence (1998)
Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)
Shparlinski, I.: On the generalized hidden number problem and bit security of XTR. In: Bozta, S., Sphparlinski, I. (eds.) AAECC 2001. LNCS, vol. 2227, pp. 268–277. Springer, Heidelberg (2001)
Shparlinski, I.: Cryptographic applications of analytic number theory: Complexity lower bounds and pseudorandomness. PCS, vol. 22. Birkhäuser, Basel (2003)
Shparlinski, I., Winterhof, A.: A hidden number problem in small subgroups. Math. Comp. 74, 2073–2080 (2005)
Silverman, J.H.: The arithmetic of elliptic curves. Springer, New York (1992)
Tate, J.: Endomorphisms of abelian varieties over finite fields. Invent. Math. 2, 134–144 (1966)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jetchev, D., Venkatesan, R. (2008). Bits Security of the Elliptic Curve Diffie–Hellman Secret Keys. In: Wagner, D. (eds) Advances in Cryptology – CRYPTO 2008. CRYPTO 2008. Lecture Notes in Computer Science, vol 5157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85174-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-85174-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85173-8
Online ISBN: 978-3-540-85174-5
eBook Packages: Computer ScienceComputer Science (R0)