Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes [chapter]

Dan Boneh, Ramarathnam Venkatesan
1996 Lecture Notes in Computer Science  
We show that computing the most signicant bits of the secret key in a Die-Hellman keyexchange protocol from the public keys of the participants is as hard as computing the secret key itself. This is done by studying the following hidden number problem: Given an oracle O ; (x) that on input x computes the k most signicant bits of g x + mod p, nd ; mod p. We present many other applications of this problem including: (1) MSB's in El-Gamal encryptions, Shamir Message passing scheme etc. are hard to
more » ... compute. (2) Factoring with hints. Our results lead us to suggest a new variant of Die-Hellman key exchange, for which we prove the most signicant bit is hard to compute.
doi:10.1007/3-540-68697-5_11 fatcat:s32fy6mjx5donfnt5sdkpwcayq