We establish new results about the frequency of small gaps between the elements of multiplicative subgroups of finite fields. As an application, we give some rigorous support to uniqueness assumptions of Boneh et al. (Why textbook ElGamal and RSA encryption are insecure, 2000) for solutions to additive and multiplicative subgroup rounding problems. These problems arise during attacks on some careless use of the ElGamal encryption.
- Additive subgroup rounding problem
- Finite fields
- Multiplicative subgroup rounding problem
- Multiplicative subgroups