I. E. Shparlinski. On the generalized hidden number problem and bit security of XTR. In Proc. of 14th Symp. on Appl. Algebra, Algebraic Algorithms, and Error-Correcting Codes, LNCS. Springer-Verlag, 2001.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... property can be made with the classical notion of discrepancy (see [111] for more details) To apply the solution to this generalized hidden number problem, it suffices to show that the distribution of the t i s is sufficiently uniform, which is usually obtained by exponential sum techniques (see [63, 111, 112, 48, 130, 129] for some examples) One may also extend the solution to the hidden number problem to the case when an oracle for CVP (in the Euclidean norm or the infinity norm) is available, which significantly decreases the number of necessary bits (see [110, 111] This is useful to estimate what can be ....

....m, to the original HNP with =m 1 Gamma log m most significant bits. Thus, the HNP with arbitrary bits seems to be harder, especially when there are many blocks of consecutive unknown bits. Finally, variants of the hidden number problem in settings other than prime fields have been studied in [130, 129, 23]. 4.4 Lattice attacks on DSA Interestingly, the previous solution of the hidden number problem also has a dark side: it leads to a simple attack against the Digital Signature Algorithm [106, 95] DSA) in special settings (see [73, 110] Recall that the DSA uses a public element g 2 Z p of order ....

I. E. Shparlinski. On the generalized hidden number problem and bit security of XTR. In Proc. of 14th Symp. on Appl. Algebra, Algebraic Algorithms, and Error-Correcting Codes, LNCS. Springer-Verlag, 2001.

....trace of K with respect to F p m=F p to obtain an element of F p . We represent elements of F p as integers in [0; p 1] and obtain corresponding bitstrings in the usual way. We show that the trace is a secure key derivation function. The results follow from several recently established results [19, 26] on the hidden number problem with trace in extension elds. Detailed surveys of bit security results and discussions of their meaning and importance are given in [11, 12] several more recent results can be found in [5 7, 13 16, 19, 25, 26] We obtain an almost complete analogue of the results ....

....function. The results follow from several recently established results [19, 26] on the hidden number problem with trace in extension elds. Detailed surveys of bit security results and discussions of their meaning and importance are given in [11, 12] several more recent results can be found in [5 7, 13 16, 19, 25, 26]. We obtain an almost complete analogue of the results of [7, 13] for m = 2 (for example, for the elliptic curves used by Joux [17] and Verheul [28] and much weaker, but nontrivial, results for m 3. For example, in the case that m = 2 and p is a 512 bit prime, our results imply that, if the ....

[Article contains additional citation context not shown here]

I. E. Shparlinski, `On the generalized hidden number problem and bit security of XTR', Proc. AAECC-14, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 2227 (2001), 268-277.

....and Shparlinski [10] used exponential sums to extend this result to subgroups G of F # p . It has turned out that the lattice reduction technique used in [5] coupled with the exponential sum technique lead to a series of new results about the bits security of some cryptographic constructions [11, 14, 22, 23] as well as to attacks on some of them [6, 13, 17, 18] However the case where G is the point group of an elliptic curve has turned out to be much harder for applications of the lattice reduction based technique of [5] because of the inherited nonlinearity of the problem. Although some results ....

I. E. Shparlinski, `On the generalized hidden number problem and bit security of XTR', In Proc. the 14th Symp. on Appl. Algebra, Algebraic Algorithms, and Error-Correcting Codes, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin (to appear).

....and Shparlinski [10] used exponential sums to extend this result to subgroups G of F p . It has turned out that the lattice reduction technique used in [5] coupled with the exponential sum technique lead to a series of new results about the bits security of some cryptographic constructions [11, 14, 22, 23] as well as to attacks on some of them [6, 13, 17, 18] However the case where G is the point group of an elliptic curve has turned out to be much harder for applications of the lattice reduction based technique of [5] because of the inherited nonlinearity of the problem. Although some results ....

I. E. Shparlinski, `On the generalized hidden number problem and bit security of XTR', In Proc. the 14th Symp. on Appl. Algebra, Algebraic Algorithms, and Error-Correcting Codes, Lect. Notes in Comp. Sci., Springer-Verlag, Berlin (to appear).

....hand, in the case of dense polynomials , that is, when e j = j, j = 1, m, the Weil bound is not necessary. Similar results can be obtained from the trivial estimate N F (r, h) # h deg F . The bound of Lemma 3 on the number of zeros of sparse polynomials from [4, 7] has been used in [30] to derive some results about analogues of the hidden number problem for the trace of elements of multiplicative subgroups in finite extensions of IF p . These results have also been applied in [30] to studying the bit security of the recently proposed by Lenstra and Verheul [17, 18] XTR ....

....F . The bound of Lemma 3 on the number of zeros of sparse polynomials from [4, 7] has been used in [30] to derive some results about analogues of the hidden number problem for the trace of elements of multiplicative subgroups in finite extensions of IF p . These results have also been applied in [30] to studying the bit security of the recently proposed by Lenstra and Verheul [17, 18] XTR cryptosystem. Another application of Lemma 3 to XTR can be found in [29] Finally, it is also easy to see that the same method applies to the case where some of the exponents e 1 , e m are negative ....

I. E. Shparlinski, On the generalized hidden number problem and bit security of XTR, Preprint, 2000, 1--14.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC