TY - JOUR

T1 - A hidden number problem in small subgroups

AU - Shparlinski, Igor

AU - Winterhof, Arne

N1 - Copyright [2005] American Mathematical Society. First published in Mathematics of Computation, 74:252, published by the American Mathematical Society. The original article can be found at http://dx.doi.org/10.1090/S0025-5718-05-01797-7.

PY - 2005/10

Y1 - 2005/10

N2 - Boneh and Venkatesan have proposed a polynomial time algorithm for recovering a hidden element α ∈ double-struck F signp, where p is prime, from rather short strings of the most significant bits of the residue of at modulo p for several randomly chosen t ∈ double-struck F signp. González Vasco and the first author have recently extended this result to subgroups of double-struck F sign*p of order at least p1/3+ε for all p and to subgroups of order at least pε for almost all p. Here we introduce a new modification in the scheme which amplifies the uniformity of distribution of the multipliers t and thus extend this result to subgroups of order at least (log p)/(log log p)1-ε for all primes p. As in the above works, we give applications of our result to the bit security of the Diffie-Hellman secret key starting with subgroups of very small size, thus including all cryptographically interesting subgroups.

AB - Boneh and Venkatesan have proposed a polynomial time algorithm for recovering a hidden element α ∈ double-struck F signp, where p is prime, from rather short strings of the most significant bits of the residue of at modulo p for several randomly chosen t ∈ double-struck F signp. González Vasco and the first author have recently extended this result to subgroups of double-struck F sign*p of order at least p1/3+ε for all p and to subgroups of order at least pε for almost all p. Here we introduce a new modification in the scheme which amplifies the uniformity of distribution of the multipliers t and thus extend this result to subgroups of order at least (log p)/(log log p)1-ε for all primes p. As in the above works, we give applications of our result to the bit security of the Diffie-Hellman secret key starting with subgroups of very small size, thus including all cryptographically interesting subgroups.

UR - http://www.scopus.com/inward/record.url?scp=27144457646&partnerID=8YFLogxK

U2 - 10.1090/S0025-5718-05-01797-7

DO - 10.1090/S0025-5718-05-01797-7

M3 - Article

AN - SCOPUS:27144457646

VL - 74

SP - 2073

EP - 2080

JO - Mathematics of Computation

JF - Mathematics of Computation

SN - 0025-5718

IS - 252

ER -