Security of the most significant bits of the Shamir message passing scheme

González Vasco, Maria; Shparlinski, Igor

doi:10.1090/S0025-5718-01-01358-8

Security of the most significant bits of the Shamir message passing scheme
HTML articles powered by AMS MathViewer

by Maria Isabel González Vasco and Igor E. Shparlinski PDF

Math. Comp. 71 (2002), 333-342 Request permission

Abstract:

Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a “hidden” element $\alpha$ of a finite field $\mathbb {F}_p$ of $p$ elements from rather short strings of the most significant bits of the remainder modulo $p$ of $\alpha t$ for several values of $t$ selected uniformly at random from $\mathbb {F}_p^*$. Unfortunately the applications to the computational security of most significant bits of private keys of some finite field exponentiation based cryptosystems given by Boneh and Venkatesan are not quite correct. For the Diffie-Hellman cryptosystem the result of Boneh and Venkatesan has been corrected and generalized in our recent paper. Here a similar analysis is given for the Shamir message passing scheme. The results depend on some bounds of exponential sums.

References

D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie–Hellman and related schemes, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 1109 (1996), 129–142.
M. I. González Vasco and M. Näslund, A survey of hard core functions, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, Birkhäuser, 2001, 227–256.
M. I. González Vasco and I. E. Shparlinski, On the security of Diffie-Hellman bits, Proc. Workshop on Cryptography and Computational Number Theory, Singapore 1999, Birkhäuser, 2001, 257–268.
Sergei V. Konyagin and Igor E. Shparlinski, Character sums with exponential functions and their applications, Cambridge Tracts in Mathematics, vol. 136, Cambridge University Press, Cambridge, 1999. MR 1725241, DOI 10.1017/CBO9780511542930
A. K. Lenstra, H. W. Lenstra Jr., and L. Lovász, Factoring polynomials with rational coefficients, Math. Ann. 261 (1982), no. 4, 515–534. MR 682664, DOI 10.1007/BF01457454
Ravi Kannan, Algorithmic geometry of numbers, Annual review of computer science, Vol. 2, Annual Reviews, Palo Alto, CA, 1987, pp. 231–267. MR 921497
Hukam Chand, On some generalizations of Cauchy’s condensation and integral tests, Amer. Math. Monthly 46 (1939), 338–341. MR 59, DOI 10.2307/2302888
D. Micciancio, On the hardness of the shortest vector problem, PhD Thesis, MIT, 1998.
Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone, Handbook of applied cryptography, CRC Press Series on Discrete Mathematics and its Applications, CRC Press, Boca Raton, FL, 1997. With a foreword by Ronald L. Rivest. MR 1412797
P. Nguyen and J. Stern, Lattice reduction in cryptology: An update, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 1838 (2000), 85–112.
Harald Niederreiter, Quasi-Monte Carlo methods and pseudo-random numbers, Bull. Amer. Math. Soc. 84 (1978), no. 6, 957–1041. MR 508447, DOI 10.1090/S0002-9904-1978-14532-7
Saunders MacLane and O. F. G. Schilling, Infinite number fields with Noether ideal theories, Amer. J. Math. 61 (1939), 771–782. MR 19, DOI 10.2307/2371335
C.-P. Schnorr, A hierarchy of polynomial time lattice basis reduction algorithms, Theoret. Comput. Sci. 53 (1987), no. 2-3, 201–224. MR 918090, DOI 10.1016/0304-3975(87)90064-8
Saunders MacLane and O. F. G. Schilling, Infinite number fields with Noether ideal theories, Amer. J. Math. 61 (1939), 771–782. MR 19, DOI 10.2307/2371335