Results 1 -
3 of
3
Efficient pseudorandom generators based on the ddh assumption
- IN PKC 2007, VOLUME ???? OF LNCS
, 2007
"... A family of pseudorandom generators based on the decisional Diffie-Hellman assumption is proposed. The new construction is a modified and generalized version of the Dual Elliptic Curve generator proposed by Barker and Kelsey. Although the original Dual Elliptic Curve generator is shown to be insec ..."
Abstract
-
Cited by 9 (0 self)
- Add to MetaCart
(Show Context)
A family of pseudorandom generators based on the decisional Diffie-Hellman assumption is proposed. The new construction is a modified and generalized version of the Dual Elliptic Curve generator proposed by Barker and Kelsey. Although the original Dual Elliptic Curve generator is shown to be insecure, the modified version is provably secure and very efficient in comparison with the other pseudorandom generators based on discrete log assumptions. Our generator can be based on any group of prime order provided that an additional requirement is met (i.e., there exists an efficiently computable function that in some sense enumerates the elements of the group). Two specific instances are presented. The techniques used to design the instances, for example, the new probabilistic randomness extractor are of independent interest for other applications.
Cryptanalysis of the Dual Elliptic Curve pseudorandom generator, Cryptology ePrint Archive, Report 2006/190
, 2006
"... ..."
(Show Context)
Extractors for Binary Elliptic Curves
, 2006
"... We propose two simple and efficient deterministic extractors for an ordinary elliptic curve E, defined over F 2 N, where N = 2ℓ and ℓ is a positive integer. Our extractors, for a given point P on E, output respectively the first or the second F 2 ℓ-coefficient of the abscissa of the point P. We also ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
We propose two simple and efficient deterministic extractors for an ordinary elliptic curve E, defined over F 2 N, where N = 2ℓ and ℓ is a positive integer. Our extractors, for a given point P on E, output respectively the first or the second F 2 ℓ-coefficient of the abscissa of the point P. We also propose two deterministic extractors for the main subgroup G of E, where E has minimal 2-torsion. We show that if a point P is chosen uniformly at random in G, the bits extracted from the point P are indistinguishable from a uniformly random bit-string of length ℓ. 1
