Abstract
The exponentiation function in a finite field of order p (a prime number) is believed to be a one-way function. It is well known that O(log log p) bits are simultaneously hard for this function. We consider a special case of this problem, the discrete logarithm with short exponents, which is also believed to be hard to compute. Under this intractibility assumption we show that discrete exponentiation modulo a prime p can hide n − Ω(log n) bits (n = [log p] and p=2q+1, where q is also a prime). We prove simultaneous security by showing that any information about the n − Ω(log n) bits can be used to discover the discrete log of g s mod p where s has Ω(log n) bits. For all practical purposes, the size of s can be a constant c bits. This leads to a very efficient pseudo-random number generator which produces n − c bits per iteration. For example, when n = 1024 bits and c = 128 bits our pseudo-random number generator produces a little less than 900 bits per exponentiation.
Chapter PDF
Similar content being viewed by others
References
W. Alexi, B. Chor, O. Goldreich and C. P. Schnorr, RSA/Rabin bits are 1/2+1/poly(log N) secure, Proceedings of 25th FOCS, 449–457, 1984.
M. Ben-Or, B. Chor, A. Shamir, On the cryptographic security of single RSA bits, Proceedings of 15th STOC, 421–430, 1983.
L. Blum, M. Blum, and M. Shub, A simple secure pseudo-random number generator, SIAM J. Computing, 15 No. 2:364–383, 1986.
M. Blum, and S. Micali, How to generate cryptographically strong sequences of pseudo random bits, SIAM J. Computing, 13 No. 4:850–864, 1984.
R. B. Boppana, and R. Hirschfeld, Pseudorrandom generators and complexity classes, Advances in Computing Research, 5 (S. Micali, Ed.), JAI Press, CT.
U. S. Department of Commerce/ N. I. S. T, Digital Signature Standard, FIPS 186, May 1994.
O. Goldreich, and L. A. Levin, A hard-core predicate for all one way functions, Proceedings of 21st STOC, 25–32, 1989.
S. Goldwasser, and A. Micali, Probabilistic encryption, Journal of Computer and Systems Science, 28: 270–299, 1984.
J. Hastad, R. Impagliazzo, L. A. Levin, and M. Luby, Construction of pseudo-random generator from any one-way function, SIAM J. Computing, to appear.
J. Hastad, A. W. Schrift, and A. Shamir, The discrete logarithm modulo a composite modulus hides O(n) bits, Journal of Computer and System Sciences, 47: 376–404, 1993.
R. Impagliazzo, L. A. Levin, and M. Luby, Pseudo-random generation from one-way functions, Proceddings of 20th STOC, 12–24, 1988.
B. S. Kaliski, A pseudo-random bit generator based on elliptic logarithms, Advances in Cryptology — CRYPTO '86 (LNCS 263), 84–103, 1987.
J. Kilian, S. Micali, and R. Ostrovsky, Minimum resource zero-knowledge proofs, Procedings of 30th FOCS, 474–489, 1989.
D. E. Knuth, The Art of Computer Programming (vol S): Sorting and Searching, Addison Wesley, 1973.
N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 48:203–209, 1987.
D. L. Long, and A. Wigderson, The discrete log hides O(log n) bits, SIAM J. Computing, 17:363–372, 1988.
V. Miller, Elliptic curves and cryptography, Advances in Cryptology — CRYPTO '85 (LNCS 218), 417–426, 1986.
M. Naor, Bit commitment using pseudo-randomness, Advances in Cryptology — CRYPTO '89 (LNCS 435), 128–136, 1989.
P. van Oorschot, M. Wiener, On Diffie-Hellman key agreement with short exponents, Advances in Cryptology — EUROCRYPT '96 (LNCS 1070), 332–343, 1996.
R. Peralta, Simultaneous security of bits in the discrete log, Advances in Cryptology — EUROCRYPT '85 (LNCS 219), 62–72, 1986.
S. C. Pohlig, and M. E. Hellman, An improved algorithm for computing over GF(p) and its cryptographic significance, IEEE Trans. IT, 24: 106–110, 1978.
J. M. Pollard, Monte Carlo methods for index compution (mod p), Mathematics of Computation, 32, No. 143:918–924, 1978.
U. V. Vazirani, and V. V. Vazirani, Efficient and secure pseudo-random number generators, Proceedings of 25th FOCS, 458–463, 1984.
A. C. Yao, Theory and applications of trapdoor functions, Proceedings of 23rd FOCS, 80–91, 1982.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Patel, S., Sundaram, G.S. (1998). An efficient discrete log pseudo random generator. In: Krawczyk, H. (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture Notes in Computer Science, vol 1462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055737
Download citation
DOI: https://doi.org/10.1007/BFb0055737
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64892-5
Online ISBN: 978-3-540-68462-6
eBook Packages: Springer Book Archive