Security of the most significant bits of the Shamir message passing scheme

Maria Isabel González Vasco*, Igor E. Shparlinski

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

17 Citations (Scopus)


Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a "hidden" element a of a finite field Fp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from Fp*. Unfortunately the applications to the computational security of most significant bits of private keys of some finite field exponentiation based cryptosystems given by Boneh and Venkatesan are not quite correct. For the Diffie-Hellman cryptosystem the result of Boneh and Venkatesan has been corrected and generalized in our recent paper. Here a similar analysis is given for the Shamir message passing scheme. The results depend on some bounds of exponential sums.

Original languageEnglish
Pages (from-to)333-342
Number of pages10
JournalMathematics of Computation
Issue number237
Publication statusPublished - 2002
Externally publishedYes


Dive into the research topics of 'Security of the most significant bits of the Shamir message passing scheme'. Together they form a unique fingerprint.

Cite this